Users inherit permissions from Multiple Groups

benhaynes asked for this feature 19 days ago — 1 comment

benhaynes commented 19 days ago Admin

From wittwerch:

In Directus a user can be assigned to one group. For simple use cases this fits well, but as soon as you start to build a larger system you have the need to assign multiple roles (aka groups) to a user.


We therefore propose extend Directus to support multiple groups per user.

Multi group select

Introduce a new join table directususersgroups and replace the dropdown with a multi select element in the user profile page.

Table level permissions

If a user in multiple groups with different table level permissions, we can easily merge both permissions to the highest level. It is possible in all cases like Add/Edit/View/Delete/Column Read Blacklist/Column Write Blacklist.

IP Whitelist

If a user persist in multiple groups, we can merge the ip addresses of the whitelist of both groups and then display according to that.

Nav Blacklist

If a user persist in multiple groups, we can merge Nav Blacklist of both groups and then display according to that

Nav Override

The navigation override could be challenging. The question is how do we merge these entries when they conflict. Maybe the order of the groups assigned to a user could define how we merge.

Thank you for drafting this up @wittwerch – everything but the nav override makes sense to me. Is this just a general feature request or is this something that you are interested in submitting a PR for? I see this change as an improvement – but one that would likely take some time and would almost certainly introduce many tangential changes/bugs.

I'll try to start compiling a list of Group related things here:

Send Messages: You can send messages to groups – no problem (conceptually) here though User Directory: Shows your group overlaying the avatar – not a big deal, but this would have to change I'll try to think of others...

Join the discussion!

with GitHub to comment