User Management Permissions

Q: Is it possible to setup restrictions on the user management dashboard? For example: If I am a role admin from company X, I can only update permissions of users from company X.


A: Our UI does not handle nuanced restrictions of this sort. However, our API is feature complete and it would be very possible to use our API to bring whatever level of user management you need into your own app and you could implement permissions and restrictions any way you wanted.

There are 2 ways most often used to implement this kind of scenario:

a) Separate out each company into a separate Realm. Realms are fully isolated from one another, making it easy to manage permissions in bulk (ie: role admin A is allowed to manage realm X).

b) Keep everyone in a single realm and use Orgs as the grouping mechanism (ie: role admin A in Org X is also allowed to manage Org X).

If total isolation between companies is better, then we recommend Realms. If users need to be associated with multiple companies, then Orgs will be better (since the isolation of realms would be too much).

Note that our permissions system (the Permissions attribute on Memberships) is basically a tag-like structure, and can readily accommodate a variety of permissions structures.

Tagged with: permissions restrictions user management

Questions? Find a Typo? Get in touch.