With just a few clicks you can define multiple roles and permissions for your SaaS application. The Frontegg mechanism for defining roles and permissions behaves as you would expect from any standard RBAC system, but with a few unique features which we will explain below.
The “Roles” submenu allows you to quickly define any number of roles for your application:
- For each role, you designate a Role Name.
- For each role, you designate a Role Key to serve as an internal identifier. At any later stage, you can change the role name without changing the internal role key. This allows you to change your public role names without influencing internal role functionality.
- You can turn on the Default switch if you want the role to be assigned automatically to each new user in your company.
- Once you define a role, you can assign one or more permissions to the role.
- You can duplicate an existing role and then edit the duplicate.
- You can delete a role at any time.
- For each role, you specify a numeric Role Level (described below).
- By default you have Admin and Read-only roles, already assigned with the relevant Frontegg Permissions. You can utilize these roles or remove them and add your own.
You can use the Role Level mechanism to create organizational role hierarchies. In the example shown below, there are six corporate roles divided among three overall role levels.
- Role Level 0 for Agent, Admin
- Role Level 1 for Operator, Editor
- Role Level 2 for Viewer, Analyst
NOTE: By default, all roles are assigned Role Level 0.
Frontegg provides you with two separate lists of permissions, called Custom Permissions and Frontegg Permissions.
Custom Permissions can be used to create any required permissions for your SaaS application. You can add, edit or delete these permissions as desired.
Frontegg Permissions can be used to configure permissions for built-in Frontegg features. These are fixed lists of permissions which cannot be edited or deleted. All Frontegg Permissions have a Role Key beginning with the “fe” prefix (such as
Permissions are always organized within permission categories, where the categories serve as logical groupings. This is true of both Customer Permissions and Frontegg Permissions.
Categories serve as simple holding folders for a group of related permissions. But keep in mind that each permission must be edited individually.
In this example, the "Documents" category contains the three permissions titled:
- Update Documents
- Upload Files
- View Documents
In this example, the "Security Policies" category contains the following three permissions:
- Delete Security Policies
- Read Security Policies
- Write Security Policies
Disable roles & permissions if your app requires no user hierarchy. Enable this feature if you have multiple role levels within your application, “Admin”, “Editor”, “Viewer” - just to name a few.
In disable roles & permissions mode, every authenticated user will be allowed to send requests to frontegg build in features without Frontegg Permissions enforcement.
Updated 22 days ago