Q: Is it possible to setup restrictions on the user management dashboard? For example: If I am a role admin from company X, I can only update permissions of users from company X.
A: Our UI does not handle nuanced restrictions of this sort. However, our API is feature complete and it would be very possible to use our API to bring whatever level of user management you need into your own app and you could implement permissions and restrictions any way you wanted.
There are 2 ways most often used to implement this kind of scenario:
a) Separate out each company into a separate Realm. Realms are fully isolated from one another, making it easy to manage permissions in bulk (ie: role admin A is allowed to manage realm X).
b) Keep everyone in a single realm and use Orgs as the grouping mechanism (ie: role admin A in Org X is also allowed to manage Org X).
If total isolation between companies is better, then we recommend Realms. If users need to be associated with multiple companies, then Orgs will be better (since the isolation of realms would be too much).
Note that our permissions system (the Permissions attribute on Memberships) is basically a tag-like structure, and can readily accommodate a variety of permissions structures.
Tagged with: permissions restrictions user management
Questions? Find a Typo? Get in touch.
Related articles:
Connecting Existing User Data
Limits on Simultaneous User Sessions
User Impersonation
Returning a JWT with Updated User and Org Data
Using AuthRocket with a Static Website
Getting Memberships when Authenticating a User
Making User Login Easier and Faster
Super Users and Support Agents
Create a Session without User Intervention
What is Inside a Login Token?
User Management Permissions
Testing API Calls
Retrieving Permissions
Encoding Extended Information into a JWT
Nesting Permissions