- ABP Framework version: v4.2.2
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes
- Exception message and stack trace: NA
- Steps to reproduce the issue:" NA
- create hierarchy of organizatoin unit
- add multiple roles for each organization unit
- add user in organization unit and give a role
- Login as user and
- User get assigned all roles permission available in Organization unit
- Question: is it bug or is it by design. As per me an organization unit can have multiple roles and users so no way user can have all roles permission.
4 Answer(s)
-
0
It is by design, there is no specific "organization role". You can define a role with the permissions you select and assign the role to a user or an organization. Whichever roles your user has (coming from organization unit or not), the permissions of the user are the unique combination of the permissions of the roles.
-
0
Thanks. Just for better clarity if any organization unit have multiple roles and multiple users are also added into organization unit then will user belongs to all the roles or only user role?
-
0
Thanks. Just for better clarity if any organization unit have multiple roles and multiple users are also added into organization unit then will user belongs to all the roles or only user role?
User doesn't belong to any role. User has permissions which are grouped as roles.
Your Organization-A may have RoleA, RoleB, RoleC. Your user may have RoleC. When you assign your user to Organization-A; user will have RoleA and RoleB too with RoleC.
Permission is based for authorization and roles represent group of permissions.
-
0
This question has been automatically marked as stale because it has not had recent activity.