Skip to main content

Role & Permission Management

ADMIN Intermediate

Configure roles and permissions in EZ-Console.

Overview

EZ-Console uses Role-Based Access Control (RBAC) for authorization. Roles are collections of permissions that can be assigned to users. This guide covers managing roles and permissions through the admin interface.

Accessing Role Management

Navigate to: Authorization → Roles

Understanding Permissions

Permission Structure

Permissions follow a hierarchical structure:

Module:Resource:Action

Examples:

  • product:view - View products
  • product:create - Create products
  • product:update - Update products
  • product:delete - Delete products
  • user:list - List users
  • user:create - Create users
  • system:settings:view - View system settings
  • system:settings:update - Update system settings

Permission Groups

Permissions are organized into groups:

  • Product Management: Product-related permissions
  • User Management: User-related permissions
  • System Settings: System configuration permissions
  • Authorization: Role and permission management

Role List

Viewing Roles

The role list displays:

  • Role name
  • Description
  • Number of permissions
  • Number of users
  • Created date

Searching Roles

  • Search by role name or description
  • Filter by permission groups

Creating Roles

Create New Role

  1. Click Create Role button
  2. Fill in role information:
    • Name: Role name (required, unique)
    • Description: Role description (optional)
  3. Click Next to assign permissions
  4. Select permissions to assign:
    • Select entire permission groups
    • Or select individual permissions
  5. Click Save

Permission Assignment

When creating or editing a role:

  • Select All: Select all permissions in a group
  • Individual Selection: Select specific permissions
  • Search: Search for specific permissions

Editing Roles

Update Role Information

  1. Click on a role in the list
  2. Click Edit button
  3. Update role name or description
  4. Click Save

Modify Permissions

  1. Open role detail page
  2. Go to Permissions tab
  3. Add or remove permissions
  4. Click Save

Assigning Roles to Users

From Role Page

  1. Open role detail page
  2. Go to Users tab
  3. Click Assign Users
  4. Select users to assign
  5. Click Save

From User Page

  1. Open user detail page
  2. Go to Roles tab
  3. Click Assign Roles
  4. Select roles to assign
  5. Click Save

Role Hierarchy

Built-in Roles

EZ-Console includes built-in roles:

  • Administrator: Full system access
  • User: Basic user permissions

Custom Roles

Create custom roles for specific use cases:

  • Manager: Management-level permissions
  • Editor: Content editing permissions
  • Viewer: Read-only permissions

Permission Inheritance

Role Permissions

Users inherit permissions from all assigned roles. If a user has multiple roles, they have the union of all permissions.

Example:

  • Role A: product:view, product:create
  • Role B: product:update, product:delete
  • User with both roles: All four permissions

Best Practices

1. Principle of Least Privilege

Assign only the minimum permissions needed:

  • ✅ Good: Assign specific permissions
  • ❌ Bad: Assign all permissions "just in case"

2. Use Role Groups

Organize permissions into logical groups:

  • Product Management
  • User Management
  • System Administration

3. Regular Review

Regularly review roles and permissions:

  • Remove unused roles
  • Update permissions as needed
  • Audit user role assignments

4. Document Roles

Document the purpose of each role:

  • What the role is for
  • Who should have it
  • What permissions it includes

Permission Testing

Check User Permissions

  1. Open user detail page
  2. Go to Roles tab
  3. View all assigned roles
  4. See effective permissions

Test Permission

Use the PermissionGuard component in frontend:

import { PermissionGuard } from 'ez-console';

<PermissionGuard permission="product:create">
  <Button>Create Product</Button>
</PermissionGuard>

Need help? Ask in GitHub Discussions.