Admin vs Organizations plugin for company internal tool (Google Workspaces)
I'm building an internal tool and usually our permissions are mapped to our google groups memberships.
I already have something gets google groups of a user and adds them to the sessions table as a comma separated list, but now I need a proper authz setup.
Should i use organizations and map teams to each google group OR should I setup access control using admin and derive a bunch of roles?
With organizations, it feels a bit silly since there is only technically one org.
With admin, i have to setup a bunch of roles to check if a user can actually access a resource. The access control looks like it allows for access to "resource types", but not a specific "resource" instance
2 Replies
Yeah, admin makes most sense for you. But it does seem what you really want is something like ABAC or ReBAC, which Better-Auth currently doesn't offer - in the future we might though
If it's a requirement for more resource instance level access control then I would recommend looking for another library specific to that
Thanks for the info. I think I'll setup admin plugin to enable user management stuff, and look into OPA for the authz layer