- ABP Framework version: v5.3.3
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): no
- Steps to reproduce the issue:"
- Create a role named as role-supervisor.
- Give below grants (Picture 1) to role-supervisor.
- Assign role-supervisor to a user (supervisor).
-Picture 1-
This user can grant admin role to any user, or revoke admin role from any user as you can see in Picture 2. I want to create a role which can create/edit/lock/unlock user, assign/deassign roles to/from user. But i do not want the owner of this role to assign/deassign admin (or marked as special or private other roles) some other roles from/to users. There may be a solution like a new property for role as private. Define a new permission under Identity Management permission section for grant/revoke private role. Should be a new permission for grant/rekove private roles to any user. And owner of role-supervisor should not act on some private/special users.
-Picture 2-
2 Answer(s)
-
0
If we explain our request with a visual:
For example, if admin is made to a private role, the supervisor will not be able to make changes to the admin role and will not be able to assign the admin role to the users.
-
0
The role has an extra-properties feature. Your "private" state can be saved in the role's extra-properties.
https://docs.abp.io/en/abp/latest/Object-Extensions
With PermissionDefinitionProvider, you can modify the permission management tree as needed.
https://docs.abp.io/en/abp/latest/Authorization#defining-permissions
