I greatly apologize if this is documented somewhere. I tried to search for answers and either I'm not understanding or I didn't find the answer. When I create a new tenant, this tenant should NOT have the ability to create new tenants or modify permissions of tenants. When a tenant admin is created as the default user I've noticed that they have ALL the permissions that the host does, well except host feature management. I don't known if I'm explaining this correctly or not. Hopefully I am. Also, when do I use the "Default & Public" checkboxes when creating a new role?
If you're creating a bug/problem report, please include followings:
- ABP Framework version: v7.0.0
- UI type: Blazor
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): no
- Exception message and stack trace: N/A
- Steps to reproduce the issue:" N/A
9 Answer(s)
-
1
hi
. When a tenant admin is created as the default user I've noticed that they have ALL the permissions that the host does,
This is the default behavior, but you can change it by removing
PermissionDataSeedContributorfrom the DI.https://github.com/abpframework/abp/blob/dev/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDataSeedContributor.cs#L35
when do I use the "Default & Public" checkboxes when creating a new role?
/// <summary> /// A default role is automatically assigned to a new user /// </summary> public virtual bool IsDefault { get; set; } /// <summary> /// A static role can not be deleted/renamed /// </summary> public virtual bool IsStatic { get; set; } /// <summary> /// A user can see other user's public roles /// </summary> public virtual bool IsPublic { get; set; } -
0
hi
. When a tenant admin is created as the default user I've noticed that they have ALL the permissions that the host does,
This is the default behavior, but you can change it by removing
PermissionDataSeedContributorfrom the DI.https://github.com/abpframework/abp/blob/dev/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDataSeedContributor.cs#L35
when do I use the "Default & Public" checkboxes when creating a new role?
/// <summary> /// A default role is automatically assigned to a new user /// </summary> public virtual bool IsDefault { get; set; } /// <summary> /// A static role can not be deleted/renamed /// </summary> public virtual bool IsStatic { get; set; } /// <summary> /// A user can see other user's public roles /// </summary> public virtual bool IsPublic { get; set; }So am I able to change the default
await PermissionDataSeeder.SeedAsync( RolePermissionValueProvider.ProviderName, "admin", permissionNames, context?.TenantId );to another role that I setup such as orgadmin?
await PermissionDataSeeder.SeedAsync( RolePermissionValueProvider.ProviderName, "orgadmin", permissionNames, context?.TenantId ); -
0
Yes
https://github.com/abpframework/abp/blob/dev/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDataSeeder.cs#L28
-
0
I appreciate the links. What is the best way to implement this in my Blazor Server project so that I may modify as needed?
-
1
hi
Configure<AbpDataSeedOptions>(options => { options.Contributors.RemoveAll(x => x == typeof(PermissionDataSeedContributor)) });``` -
0
So this helps to remove the default behavior of creating a tenant admin with the default permissions?
-
0
Yes, You can give it a try.
-
0
Thank you much. I will try this tomorrow (EST) and possibly close ticket. As always, thanks for your help.
-
0
You're welcome.
