Hello ABP Team, we are developing a business application and encounter an authorization problem with roles. Unfortunately we have not found any information on this issue and hope we can get a "hint" from you.
The following scenario is needed: We would like to establish (regardless of the organizational structure) a hierarchical authorization system. That means we have a superadmin with roles and have an administrator with roles and have normal users with roles. Now it should not be possible that an administrator with the permission "delete/change user/..." can change or even delete the superadmin. But the other way around these actions should be possible. The users should be subordinated to the admin, the admin with his users to the superadmin.
Unfortunately we have not found any information to implement such a business logic with the available means. I hope you can help us with this. Thanks a lot in advance.
Stefan W.