Menu
I'm trying to figure out how to create different roles and permissions for a mult-tenant(enterprise app with multiple customers). For example, our app has customerA and customerB, and each customer has their own users (customerAUser1, customerAUser2 etc) and with different roles of their own like "Admins", "Managers", "associates", "contractors" etc. These roles are different for each customer. Their admins decide what roles they want to have.
So an Admin of say customerA registers and says their company name as "customerA".
The Admin then in the UI, creates a "manager" role and allows access "people" section in the setup (assume there are multiple tabs in the setup). And then creates, "contractor" to not have any access to anywhere in the "setup".
Then the admin imports all their users from an excel file.
The excel file will look something like this:
name, email, phone, role
john,[email protected],123456,manager
jane,[email protected],123456,contractor
Similarly, AdminB of customerB registers his company and creates his own set of rules.
Now, everytime, a user logs in, we need to ensure that the data doesn't leak b/w customerA and customerB. So every collection in the DB needs to have "customerId" or something. Further, we need to check if people have access to certain collection based on their "role".
What's the best way to approach this in firestore DB?
491
If there is never a case when Customer A and Customer B have the same users, the best way to tackle this is with subcollections. For instance:
customers/{customer_id}/users/{user_id}
Then, when querying and performing actions, you can always anchor on this:
firebase.firestore()
.collection('customers')
.doc('customerA')
.collection('users')
.where('role','==','admin')
If you do need cross-tenant visibility, then the correct way would be to have a customer_id or tenant_id in the document itself.
167
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
