Role-Based Access Control
This document outlines the role-based access control (RBAC) system within the application, which governs user permissions and access levels within an organization's workspace.
User Roles
The application defines two primary user roles:
- Admin: Administrators have the highest level of access and control within the organization. They can manage users, modify organization settings, manage repos, and perform other administrative tasks.
- User: Users have standard access to the workspace and can perform tasks related to their projects and assignments. Their access is restricted compared to administrators.
Permissions
The following table summarizes the permissions associated with each role:
| Permission | Admin | User |
|---|---|---|
| View Projects | ✅ | ✅ |
| Modify Projects | ✅ | |
| Manage Users | ✅ | |
| View Organization Settings | ✅ | ✅ |
| Modify Organization Settings | ✅ | |
| Remove users from workspace | ✅ |
Managing User Roles
Administrators can manage user roles through the workspace Settings. To manage user roles:
- Navigate to the Settings.
- Select the Workspace tab.
- Locate the user whose role you want to change.
- Use the role dropdown to select the desired role (Admin or User).
Note: You cannot modify user roles in a default organization. An error message will be displayed if you attempt this.
Removing Users
Administrators can also remove users from the workspace. To remove a user:
- Navigate to the Settings.
- Select the workspace tab.
- Locate the user you want to remove.
- Click the Remove button next to the user's name.
- Confirm the removal in the confirmation modal.
Note: You cannot remove users from a default organization. An error message will be displayed if you attempt this.
Confirmation Modal
When removing a user, a confirmation modal will appear, outlining the consequences of the action, including:
- Revoking user access to the workspace.
- Removing the user from all workspace projects.
- Removing the user from all workspace conversations.
- Requiring the user to be re-invited to regain access.
Important Considerations
- Default Organization Restrictions: User roles and memberships within the default organization cannot be modified.
- Admin Privileges: Only users with the Admin role can manage user roles and remove users.
- Impact of Role Changes: Changing a user's role may impact their access to specific features and data within the application.
Example Scenario
Imagine a scenario where a new employee joins the team. An administrator would add the new employee to the organization and assign them the 'User' role. This would grant the new employee access to the necessary projects and features to perform their job. Later, if the employee is promoted to a management position, an administrator would change their role to 'Admin', granting them additional administrative privileges.
