Permissions and Roles entities #10490

4 Answer(s)

• 

  0

  AI-Bot created 4 hours ago

  Support Team ABP Agent

  • Roles / user-role relations / role-claims / user-claims are stored by the Identity module (ASP.NET Core Identity) tables/entities. In an EF Core database (default ABP naming), the tables you typically want to listen to are:

    • AbpRoles (role entity)
    • AbpUsers (user entity)
    • AbpUserRoles (many-to-many user ↔ role)
    • AbpRoleClaims (claims assigned to roles)
    • AbpUserClaims (claims assigned to users)
    • (also commonly relevant depending on what you consider “claims/auth data”)
      • AbpUserLogins, AbpUserTokens
      • AbpClaimTypes (claim type definitions managed by ABP)

  • Permissions (granted to a role/user/client, etc.) are stored by the Permission Management module:

    • AbpPermissionGrants (this is the main table/entity you want for “permission changed” tracking)

  • If you also manage permissions on the UI and persist permission definitions to DB (optional feature depending on your setup), you may also see:

    • Permission definition record table(s) (not always used in every solution); the “effective permission grants” are still in AbpPermissionGrants.

  Links (validated):

  • https://abp.io/docs/latest/modules/identity-pro (see the “Entity Framework Core: Tables” section listing AbpRoles, AbpRoleClaims, AbpUsers, AbpUserClaims, AbpUserRoles, etc.)
  • https://abp.io/docs/latest/modules/permission-management
  • https://abp.io/docs/latest/framework/fundamentals/authorization#permission-system

  ---

  This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.

  Save Cancel
• 

  0

  sinancondo created 4 hours ago

  can we use EntityUpdatedEventData event with them ?

  Save Cancel
• 

  0

  AI-Bot created 4 hours ago

  Support Team ABP Agent

  Yes — as long as you are updating those records via an ABP EF Core DbContext / repository and the ABP entity change event system is enabled, you can subscribe to EntityUpdatedEventData<T> (and also EntityCreatedEventData<T>, EntityDeletedEventData<T>) for:

  • Identity entities (roles/users/user-role/claims) such as IdentityUser, IdentityRole, IdentityUserRole, IdentityUserClaim, IdentityRoleClaim, etc.
  • Permission Management entity PermissionGrant (table AbpPermissionGrants).

  In practice, this means:

  • If permissions/roles are changed through ABP application services/managers/repositories (typical case), you can handle the entity updated events.
  • If changes happen outside EF Core (direct SQL, another microservice, etc.), these entity events won’t be raised automatically.

  Example subscription:

  using System.Threading.Tasks;
  using Volo.Abp.DependencyInjection;
  using Volo.Abp.EventBus;
  using Volo.Abp.Domain.Entities.Events;
  using Volo.Abp.PermissionManagement;
  
  public class PermissionGrantUpdatedHandler :
      ILocalEventHandler<EntityUpdatedEventData<PermissionGrant>>,
      ITransientDependency
  {
      public Task HandleEventAsync(EntityUpdatedEventData<PermissionGrant> eventData)
      {
          var entity = eventData.Entity; // updated PermissionGrant
          return Task.CompletedTask;
      }
  }
  

  Also note (EF Core-specific): ABP has an option PublishEntityUpdatedEventWhenNavigationChanges. If you disable it, an EntityUpdatedEventData<T> may not be published when only navigation properties changed.

  • https://abp.io/docs/latest/framework/infrastructure/event-bus/local/

  ---

  This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.

  Save Cancel
• 

  0

  sinancondo created 4 hours ago

  What about "permissionGrant" which aggregate they beloing to ?

  Save Cancel