P
Prisma2mo ago
Amine,

open discussion: RBAC structure for multi-tenant app

hi, im a junior dev working on a multi tenant app. this isnt a help request, just trying to clear some confusion in my head. i got: - user entity - business entity - store entity each user can have many-to-many with both business and store. each store belongs to one business. now im building RBAC and not sure how to handle it. should each user have many stores and businesses like: 
user {
  roles      UserRole[]
  businesses BusinessUser[]
  stores     StoreUser[]
}
user {
  roles      UserRole[]
  businesses BusinessUser[]
  stores     StoreUser[]
}
or go with one assignment model like: 
model UserAssignment {
  id         String    @id @default(uuid())
  userId     String
  roleId     String
  scopeType  ScopeType // enum: BUSINESS | STORE | APP_USER
  scopeId    String? // nullable for normal app users  

  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
  role Role @relation(fields: [roleId], references: [id], onDelete: Cascade)
}
model UserAssignment {
  id         String    @id @default(uuid())
  userId     String
  roleId     String
  scopeType  ScopeType // enum: BUSINESS | STORE | APP_USER
  scopeId    String? // nullable for normal app users  

  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
  role Role @relation(fields: [roleId], references: [id], onDelete: Cascade)
}
im still learning so maybe im overcomplicating it, but i’d like to know what makes more sense. also in the second approch i keep ending up fetching by ids then fetching the stores or businesses again, feels messy.
3 Replies
Prisma AI Help
Prisma AI Help2mo ago
You're in no rush, so we'll let a dev step in. Enjoy your coffee, or drop into #ask-ai if you get antsy for a second opinion!
Amine,
Amine,OP5w ago
Nurul
Nurul4w ago
Have you considered an approach like this? 
model User {
  id         String           @id @default(uuid())
  businesses BusinessUser[]
  stores     StoreUser[]
}

model Business {
  id         String           @id @default(uuid())
  users      BusinessUser[]
  stores     Store[]
}

model Store {
  id         String           @id @default(uuid())
  businessId String
  business   Business         @relation(fields: [businessId], references: [id])
  users      StoreUser[]
}

model BusinessUser {
  id         String   @id @default(uuid())
  user       User     @relation(fields: [userId], references: [id])
  userId     String
  business   Business @relation(fields: [businessId], references: [id])
  businessId String
  role       String
  // add more fields as needed
}

model StoreUser {
  id       String   @id @default(uuid())
  user     User     @relation(fields: [userId], references: [id])
  userId   String
  store    Store    @relation(fields: [storeId], references: [id])
  storeId  String
  role     String
  // add more fields as needed
}
model User {
  id         String           @id @default(uuid())
  businesses BusinessUser[]
  stores     StoreUser[]
}

model Business {
  id         String           @id @default(uuid())
  users      BusinessUser[]
  stores     Store[]
}

model Store {
  id         String           @id @default(uuid())
  businessId String
  business   Business         @relation(fields: [businessId], references: [id])
  users      StoreUser[]
}

model BusinessUser {
  id         String   @id @default(uuid())
  user       User     @relation(fields: [userId], references: [id])
  userId     String
  business   Business @relation(fields: [businessId], references: [id])
  businessId String
  role       String
  // add more fields as needed
}

model StoreUser {
  id       String   @id @default(uuid())
  user     User     @relation(fields: [userId], references: [id])
  userId   String
  store    Store    @relation(fields: [storeId], references: [id])
  storeId  String
  role     String
  // add more fields as needed
}

Did you find this page helpful?