Open Closed

Restrict current user from upgrading his role or other user's role to a role for which he doesn't have the privilege #5944


User avatar
0
ravick@cloudassert.com created
  • ABP Framework version: v7.3.2
  • UI Type: Angular
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace: -NA-
  • Steps to reproduce the issue: -NA-

As part of role management, consider the following role hierarchy is defined.

  1. Super admin
  2. Manager - should be able to upgrade staff as manager / member as staff. He should have the privilege to upgrade/lower his own role. Even for staff or member, he should not have the privilege to upgrade as Super admin.
  3. Staff
  4. Member

When I log in as a manager and I try to edit my role, it is allowing me to upgrade as super admin as shown below.

How do I prevent the current user from upgrading his role or other user's role to a role for which he doesn't have the privilege?


1 Answer(s)
  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hello ravick@cloudassert.com,

    Please do have look to this similar issue https://support.abp.io/QA/Questions/1036/How-to-limit-roles-in-identity-management

    please do let me know if found helpful for you

    Thank you, Anjali

Made with ❤️ on ABP v9.1.0-preview. Updated on December 10, 2024, 06:38