Coincidentally, We have designed somewhat similar Entitlement System for our use case. We narrowed down our requirement in one simple sentence - "A group of users can be given permission to do something on group of resources."
We just need 3 entities here:
- UserGroup
- ResourceGroup
- Entitlement (Which is basically a mapping of userGroupId and resourceGroupId along with permissions like Widget.CREATE, Report.DOWNLOAD etc etc)
All the entitlements will be granted at Group level and no nesting of groups.
We just need 3 entities here: - UserGroup - ResourceGroup - Entitlement (Which is basically a mapping of userGroupId and resourceGroupId along with permissions like Widget.CREATE, Report.DOWNLOAD etc etc)
All the entitlements will be granted at Group level and no nesting of groups.