Role Based Access Control (RBAC) - Basic Idea for developers

Standard system to follow in your development

Role Based Access Control (RBAC) is standard practice for any project where we have multiple types of users and their actions differ based on their permissions.

It all depends on the requirements of how you design your RBAC system but from my previous experiences, I have found out that within a few months, all solutions require an overall RBAC which has multiple users with different roles with multiple permissions.

Basic Requirements

  1. There will be a Superuser or Super admin to control all the admins, managers employees or general users

  2. The Roles Hierarchy will be Admin -> Manager -> Employee/General user

  3. Each role will have some permissions on different features. Based on these permissions, roles will define if one request is valid or not for a specific user.

  4. One user can have multiple roles and he needs to send his current role in the request.

Proposed Features

  1. Employee Management (Add employee, View list of employees, edit employee details, delete employee, make a guest an employee)

  2. Manager Management ( Add manager, Make an employee a manager, view list of managers, view details of a manager, delete a manager)

  3. Admin Management (Add admin, view admins, make a manager an admin, delete admin)

  4. To-do list management (Add to do, view to do, edit to do, delete to do)

RolesPermissions
Super AdminCreate Admin
View Admins
Delete Admin
AdminCreate Employee
View Employees
Make employee a manager
Make a Manager an Admin
Delete Employee
CRUD To-Do List
ManagerCreate Employee
View Employees
Make employee a manager
Delete Employee
CRUD To-Do List
EmployeeCRUD To-Do List
GuestView To-Do List

These are the basic requirement analysis for the RBAC. I have found out that these requirements are the most common in the industry. Even in some projects, if we start with a simple role-access management system, in a couple of months, it becomes like this. We have a lot of ways to implement RBAC. I'll discuss this more in my following blog posts.