Open Closed

User/Role Management makes all users and roles editable problem #3809


User avatar
0
enes.koroglu created
  • ABP Framework version: v5.3.3
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no
  • Steps to reproduce the issue:"
    • Create a role named as role-supervisor.
    • Give below grants (Picture 1) to role-supervisor.
    • Assign role-supervisor to a user (supervisor).

-Picture 1-

This user can grant admin role to any user, or revoke admin role from any user as you can see in Picture 2. I want to create a role which can create/edit/lock/unlock user, assign/deassign roles to/from user. But i do not want the owner of this role to assign/deassign admin (or marked as special or private other roles) some other roles from/to users. There may be a solution like a new property for role as private. Define a new permission under Identity Management permission section for grant/revoke private role. Should be a new permission for grant/rekove private roles to any user. And owner of role-supervisor should not act on some private/special users.

-Picture 2-


2 Answer(s)
  • User Avatar
    0
    ademaygun created

    If we explain our request with a visual:

    For example, if admin is made to a private role, the supervisor will not be able to make changes to the admin role and will not be able to assign the admin role to the users.

  • User Avatar
    0
    mahmut.gundogdu created

    The role has an extra-properties feature. Your "private" state can be saved in the role's extra-properties.

    https://docs.abp.io/en/abp/latest/Object-Extensions

    With PermissionDefinitionProvider, you can modify the permission management tree as needed.

    https://docs.abp.io/en/abp/latest/Authorization#defining-permissions

Made with ❤️ on ABP v8.2.0-preview Updated on March 25, 2024, 15:11