- ABP Framework version: v5.1.3
- UI type: MVC
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): Tiered/MVC
I have a use case where a user is assigned to one or more roles. These roles may have an overlap in terms of permissions but from a user permission perspective the list of available permissions will be a union of all the roles' permissions they are assigned to. However, I would like to make an exception at a user level (not a role level) to a particular user that removes one of the permissions that are assigned to them via the roles they are assigned to WITHOUT creating a separate role that has this exception that gets assigned to the user.
Role 1 Permission A Permission B
Role 2 Permission B Permission C
The above role/permission break down results in a user having Permission A, B, and C. However I want to exclude a user from having permission B despite being assigned to one or more roles that give that user permission.
Can this be done with ABP/Identity Server?
1 Answer(s)
-
0
There is no built-in solution to exclude specific permission from the permission list created by the roles union.
If you are using a user-specific permission system, I would recommend re-designing your roles and using user permissions instead of roles.
