Type: New Feature
Affects Version/s: None
Fix Version/s: None
Component/s: Authorization (access control)
Take a project management application for example.
User 1 is the Project Manager of Project 1
User 2 is the Project Manager of Project 2
Using the existing instance level permission, we have following for each user:
user1 -> project:edit,delete,addMember:1
user2 -> project:edit,delete,addMember:2
Here the Role "Project Manager" is meaningless, because in this scenario the role is also instance specific. You can not simple assign a Project Manager role to a user.
So if we have instance level role, then we can model our authentication data as:
user1 -> project:manager:1
user2 -> project:manager:2
project:manager -> project:edit