EgeAytin
commented
2 years ago Hey @aditodkar thanks for the informations. We examined the applications you provide, and understand the possible usages of RBAC and ABAC in your case. Current version of Permify is capable of modeling RBAC and ABAC with limitations.
About "ABAC with limitations" phrase, since you want to use ABAC mostly for pricing plans, limiting users accesses to some resources or actions according to their current plan. You can implement attributes by simply creating a relationship like plan:basic#subscribed@user:aditya In this case, you basically pointing that user Aditya subscribed to the basic pricing plan. And beyond that you need a more edge cases to check access and Permify's limited support of ABAC starts here. For example "Basic pricing plan should have 5 team members at max". We do not support count based or time based limitations for now. We're planning to add it, but it's not a minor feature for sure and need more specifications around it to ship useful one.
Considering your need, we can cover RBAC and ABAC needs as much as possible, for edge cases maybe we can conduct a workaround solution until we launch full ABAC support. For this, we can model and design your authorization schema with Permify. And discuss together then implement it together. But before that you need to provide full capabilities and functionalities of authorization that you thinking to add for now.
In overview can you provide us:
1) Whole roles of this application, and their abilities. You mentioned admin abilities above, is there any other roles in this application or is there any other case that you want to check access with roles and permissions ?
2) For pricing plans, I remember the limitations:
- Basic plan should have 5 team members at max
- Standard plan can have 10 team members at max.
- Enterprise plan can have 3 teams each having 10 members max Is it the whole limitation or specification of these pricing plans right now ? Or are there any more we need to know about.
If are there any other functionalities that we missed to mentioned about please add it here.
Abdubek
Is your feature request related to a problem? Please describe. I am developing few SaaS applications but facing challenge to implementing RBAC and ABAC in the application from scratch. Is it possible to provide some API's which can be integrated into any existing SaaS application. This feature is very much required when someone is building SaaS application for agencies or company with multiple teams. When I talked with some of the marketing agencies who are providing services to large B2B companies they wanted SaaS application to have such features in it. And as a indiehacker or team with small size cannot offer such solution unless they start implementing it from scratch. So having some APIs which can provide such functionality would be great. Please check below SaaS applications for reference.
Describe the solution you'd like A clear and concise description of what you want to happen.
Describe alternatives you've considered Did not find anyone offering this solution.
Additional context Examples:
SaaS application in which admin can create workspaces or projects or teams and can manage i.e add/remove participants in it. You see these applications for reference: 1) https://www.oneupapp.io/price --> Pricing includes team and team management for higher plans or enterprise plan 2) https://www.cloudcampaign.com/plans ---> Pricing includes workspace management and unlimited users/teams etc