how to manage contextual roles
Posted by z Jean-jacques Jouanneaux on 19 November 2012 04:24 PM
I am working on an application now that has a fixed set of permissions. Items like “Add Property”, “Edit Property”, “Add Contact”, etc
The application itself is partitioned by divisions within our company: “USA”, “Managed”, “Panama”, etc
When the user logs in, he selects which division he will working in. Based on the division selected, his roles (permission sets) could be different. E.g. in “USA” he might be “Property Admin” with edit rights to properties, but in “Panama” he has read only access, and in “Managed” he has a denied property access
What is the best way using visual guard to define this common set of permissions and roles then split the user/role relationship by division inside a single application scope. I can easily see how to do in via separate applications, I just want to reuse the role/permissions to minimize the having to manage multiple several applications.
This will be an increasingly common scenario for us in other applications as we continue to grow.
By default, we would suggest the following solution:
1. create a VG Group for each division in your company.
2. Create roles containing your sets of permissions
3. Grant roles to VG Groups
4. place each user in one or several VG Groups
5. Modify your login form, so that users can select one VG Group
6. Load and apply the permissions corresponding to this group
Steps 5 & 6 would imply a few lines of code and making calls to VG APIs to get the list of role and apply the right set of permissions to the current user.