Organization users & Roles/Permissions
Find all relevant information about Organization users & Roles/Permissions
2 Replies
Hi @NEROX. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
Here’s what the knowledge sources reveal about handling organization users and roles/permissions in Wasp:
Organizations & Groups
- Entity Modeling: To represent organizations or groups, you can introduce an entity such as
UserGroup or Org and establish a many-to-many relationship between User and UserGroup. This allows users to belong to multiple groups or organizations. When performing operations on resources, you can check if a user belongs to the appropriate group before allowing access. This approach is flexible and supports scenarios where users can create groups and invite others, similar to team or organization structures in SaaS apps. This is standard app/database design and not specific to Wasp, but it is compatible with Wasp’s entity system and operations model Teams/Groups - Discord.
- Multi-Tenant SaaS Example: There is a community example (shared as a Prisma schema) that models individual user accounts, organization accounts, users belonging to multiple organizations, teams within organizations, and flexible role-based access control. This schema supports different roles for users in different organizations, which is a common requirement for multi-tenant SaaS applications Prisma schema for a github-like multi-tenant saas - Discord.
Roles & Permissions
- Role Field on User: For simple role-based access control (RBAC), you can add a role field to the User entity. In your queries and actions, check the value of this field to determine if a user is authorized to perform a specific operation. If not, you can throw an error (e.g., HttpError(403)). This is a straightforward way to implement admin or other fixed roles How do you add authorization? - Discord.
- Dynamic Roles: If you need more dynamic or complex roles (e.g., roles managed by admins, or roles that can be assigned per organization), you can create a separate Role entity and assign roles to users, possibly scoped to organizations or groups. This allows for more granular and flexible permission management Teams/Groups - Discord.
- Current State in Wasp: As of now, Wasp does not provide built-in support for advanced roles or permissions (like RBAC or ABAC) out of the box. However, there are plans to add such features in future versions. For now, you need to implement these checks manually in your queries/actions or by extending your data model How do you add authorization? - Discord.
Summary
- Model organizations/groups as entities and relate them to users.
- For roles, start with a role field on User for simple cases, or use a Role entity for more complex scenarios.
- Authorization logic (checking group membership, role, etc.) should be implemented in your queries/actions.
- Wasp plans to add more built-in support for roles and permissions in the future, but for now, it’s up to the developer to implement these patterns.
If you need a concrete schema or code example, refer to the community-shared Prisma schema for a multi-tenant SaaS app, which demonstrates these concepts in practice Prisma schema for a github-like multi-tenant saas - Discord.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @NEROX, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?Thx! I was looking for the Multi-Tenant Prisma example
No way, already integrated it in an existant app, with all its operations and front.
What I could not even imagine a year ago, is achieved in less than 2 hours.