The Problem: In our ERP system, we have entities* called Company and Branch that have a one-to-many relationship and a two-level, non-nested structure. The overall structure of these two entities is as follows:
All other entities (such as AccountingDocument, Account, Order, Proforma, Invoice, etc.) are linked to a Branch either through a junction table or a direct field within the entity itself. When a Role is assigned to a User, we need to specify in which Company**/Branch the User has been given this Role to restrict CRUD access accordingly. Similarly, when a Permission is granted directly to a User, the Company/Branch must be specified.
For example, when a request (which also includes the desired Branch’s Id) is sent to AccountingDocument creation API, it must be checked during Authorization whether the User has access to create an AccountingDocument in the requested Branch or not.
The Question: Does the OrganizationUnit built-in feature fulfill this requirement? Or we have to create a new module, or customize the Identity and/or Administration modules (or any other modules)?
These entities are supposed to be created for access control purposes only. If we can use entities like OrganizationUnit instead, there would be no need to create them. ** Granting a Permission at the Company level means access to all Branches within that Company.
1 Answer(s)
-
0
Hi,
I think you can use the
OrganizationUnitwithout a problem.OrganizationUnitis a tree structure.You can use the first-level node as the company and the sub-level nodes as branches.
