Today we're happy to announce another small but very useful addition to our already powerful roles and permissions system. Role inheritance allows you to create a logical hierarchy of roles, where users with greater rights automatically inherit all the permissions of roles lower in the hierarchy.
Using inherited roles, you can easily create role hierarchies which mirror real-world operational or organizational hierarchies, without having to duplicate permissions assignments for multiple different roles:
For example, you might create a top-level "Manager" role, a second-level (child) "Supervisor" Role, and a third-level (grand-child) "Employee" role. In this example, Supervisors would always have all the rights assigned to Employees plus any additional rights appropriate for Supervisors; and Managers would always have all the rights assigned to both Supervisors and Employees plus any additional rights assigned to Managers.
As your project grows and evolves, the ability to keep track of who can do what is indispensable. Inheritance allows greater modularity, and greater simplicity and clarity in the definition of permissions.
What changed?
From a UI perspective, the change is minimal: a new select input is introduced to specify the inherited roles:
From an API perspective, the Role object of our Content Management API offers a new inherits_permissions_from
relationship that you can use to programmatically setup the hierarchy, and a new final_permissions
meta attribute always presents the resulting permissions associated with the rolem taking into account all its inheritance chain.
Available on every plan!
Starting from today, roles inheritance is available on every plan, without distinction. If you have any comment or question, don't hesitate to open up a topic on our Community forum, we're always here to help you.