Permission management across multiple tenants #4959 | Support Center | ABP Commercial

portx-dev created one year ago

Let's assume that Tenant 1 is treated as a parent tenant, and Tenant 2 and Tenant 3 are child tenants. There is a specification to create roles to be used for Tenant 2 and Tenant 3 on Tenant 1. Is that possible with ABP?

ABP Framework version:　ABP Commercial 7.1e:

2 Answer(s)

0
liangshiwei created one year ago
Support Team Fullstack Developer
Hi,

You can consider creating the same role with permissions for tenants 2 and 3 using domain events or override the application service interface of the module

https://docs.abp.io/en/abp/latest/Local-Event-Bus#pre-built-events

https://docs.abp.io/en/abp/latest/Customizing-Application-Modules-Overriding-Services

Pseudocode:

public class MyIdentityRoleAppService: IdentityRoleAppService { public override async ....CreateAsync() { create role... if(CurrentTenant.Name = "Tenant1") { using(CurrentTenant.Change("Tenant2")) { Create role... } } } }

liangshiwei created one year ago

Support Team Fullstack Developer

Here's another suggestion:

If you can accept data sync delay, you can create a background worker to synchronize tenant and role permissions: https://docs.abp.io/en/abp/latest/Background-Workers#asyncperiodicbackgroundworkerbase

For example:

public class RolePermissionsSynchronizeWorker : AsyncPeriodicBackgroundWorkerBase
{
    public RolePermissionsSynchronizeWorker(
            AbpAsyncTimer timer,
            IServiceScopeFactory serviceScopeFactory
        ) : base(
            timer, 
            serviceScopeFactory)
    {
        Timer.Period = 600000; //10 minutes
    }

    protected async override Task DoWorkAsync(
        PeriodicBackgroundWorkerContext workerContext)
    {
        Logger.LogInformation("Starting: Sync roles...");

        .....
        
        Logger.LogInformation("Completed: Sync roles...");
    }
}

Have an answer to this question? Log in and write your answer.