- ABP Framework version: v5.3.3
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): no
- Steps to reproduce the issue:"
- Create a role named as role-supervisor.
- Give below grants (Picture 1) to role-supervisor.
- Assign role-supervisor to a user (supervisor).
This user can grant admin role to any user, or revoke admin role from any user as you can see in Picture 2. I want to create a role which can create/edit/lock/unlock user, assign/deassign roles to/from user. But i do not want the owner of this role to assign/deassign admin (or marked as special or private other roles) some other roles from/to users. There may be a solution like a new property for role as private. Define a new permission under Identity Management permission section for grant/revoke private role. Should be a new permission for grant/rekove private roles to any user. And owner of role-supervisor should not act on some private/special users.
The role has an extra-properties feature. Your "private" state can be saved in the role's extra-properties.
With PermissionDefinitionProvider, you can modify the permission management tree as needed.