SignedUp User not able to assign the permissions for all the actions

[gopskrish]

I want to setup a multi tenant application where the user who signed up or created the account will have the permissions to manage that tenant and also have permissions to do all the operations in that tenant workspace.

Example: Let consider azure portal where the user who created the account can manage the account like adding new user, add new service and can also do all other operations.

Is there a way to give a user who created the account kind of super privilege to all the permissions for that tenant workspace

[JonPSmith]

Have a look at

• Article about logging in to create a tenant which will give you a good overview of this feature works.
• Sign up for a new tenant, with versioning docs
• Example3 includes the "Sign up for a new tenant, with versioning" feature. Example3 in the GitHub is build for anyone to run with demo data. Note that you need to check that the connection strings in the appsetting.json matches your SqlServer server.

[gopskrish]

Thanks Jon got an idea of how it works i still have one more problem let consider below roles and permissions new (AquaRoles.SuperAdmin, "Super admin - only use for setup", "AccessAll"), new (AquaRoles.TenantAdmin, "Tenant Admin - Have access to tenant management functionality", "TenantList, TenantCreate, TenantUpdate, TenantMove, TenantDelete"), new (AquaRoles.TenantManager, "Tenant Manager - Have access to create sub tenant", "TenantList, TenantCreate, TenantUpdate"), new (AquaRoles.AppMaintenance, "App status - app maintenance", "AppStatusList, AppStatusAllDown, AppStatusTenantDown, AppStatusRemove"), new (AquaRoles.UserAdmin, "User Manager", "UserRead, UserSync, UserChange, UserRolesChange, UserChangeTenant, UserRemove"), new (AquaRoles.RolesAdmin, "Role Manager", "RoleRead, RoleChange, PermissionRead, IncludeFilteredPermissions"), new (AquaRoles.RoleReader, "User", "RoleRead"),

I want to create a roles TenantSuperAdmin for whom i want to give all the access that are in otherRoles except superAdmin and the TenantSuperAdmin have all the permission for that Tenant

Example let's consider slack:- The slack admin can do all the management and can also send message and do all the activities of all the other roles.

I want to create a roles similar to that so that in the future if i add a new roles and new permissions that TenantSuperAdmin will be add automatically and without any other intercession. Below i an example of roles how i want the code to be new (AquaRoles.TenantSuperAdmin, "Tenant Super admin - Have access to all the all the tenant functionality ", "TenantAccessAll") TenantAccessAll includes all the permissions of all that are added except for the superAdmin permission AccessAll

[JonPSmith]

Hi @gopskrish

If you want an Role like the "Tenant Super admin" you talked about then you have to create a Role by adding all the Permissions that control the tenant admin code. The SuperAdmin Role / AccessAll Permission are there for you to access your application's first deploy.

One way is to create code that would automatically create a Role that has all of the tenant permissions you need. Here is one way to do this:

1. When creating your permissions add a GroupName something like "TenantAdmin".
2. Then use the IAuthRolesAdminService's GetPermissionDisplay method and filter on the GroupName.
3. Finally you use IAuthRolesAdminService's CreateRoleToPermissionsAsync method to create a Role containing the permissions from step 2. The Role should be a TenantAdminAdd type.

[gopskrish]

Thanks @JonPSmith