Photo by Danielle Rice on Unsplash
Role Based Access Control (RBAC) - Basic Idea for developers
Standard system to follow in your development
Role Based Access Control (RBAC) is standard practice for any project where we have multiple types of users and their actions differ based on their permissions.
It all depends on the requirements of how you design your RBAC system but from my previous experiences, I have found out that within a few months, all solutions require an overall RBAC which has multiple users with different roles with multiple permissions.
Basic Requirements
There will be a Superuser or Super admin to control all the admins, managers employees or general users
The Roles Hierarchy will be Admin -> Manager -> Employee/General user
Each role will have some permissions on different features. Based on these permissions, roles will define if one request is valid or not for a specific user.
One user can have multiple roles and he needs to send his current role in the request.
Proposed Features
Employee Management (Add employee, View list of employees, edit employee details, delete employee, make a guest an employee)
Manager Management ( Add manager, Make an employee a manager, view list of managers, view details of a manager, delete a manager)
Admin Management (Add admin, view admins, make a manager an admin, delete admin)
To-do list management (Add to do, view to do, edit to do, delete to do)
Roles | Permissions |
Super Admin | Create Admin |
View Admins | |
Delete Admin | |
Admin | Create Employee |
View Employees | |
Make employee a manager | |
Make a Manager an Admin | |
Delete Employee | |
CRUD To-Do List | |
Manager | Create Employee |
View Employees | |
Make employee a manager | |
Delete Employee | |
CRUD To-Do List | |
Employee | CRUD To-Do List |
Guest | View To-Do List |
These are the basic requirement analysis for the RBAC. I have found out that these requirements are the most common in the industry. Even in some projects, if we start with a simple role-access management system, in a couple of months, it becomes like this. We have a lot of ways to implement RBAC. I'll discuss this more in my following blog posts.