Details
-
New Feature
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
Take a project management application for example.
User 1 is the Project Manager of Project 1
User 2 is the Project Manager of Project 2
Using the existing instance level permission, we have following for each user:
user1 -> project:edit,delete,addMember:1
user2 -> project:edit,delete,addMember:2
Here the Role "Project Manager" is meaningless, because in this scenario the role is also instance specific. You can not simple assign a Project Manager role to a user.
So if we have instance level role, then we can model our authentication data as:
user1 -> project:manager:1
user2 -> project:manager:2
project:manager -> project:edit
project:delete
project:addMember
......