Delink "Roles" from channel association

[zehawki]

Is your feature request related to a problem? Please describe.

When a Role is defined (eg "Channel Owner"), currently it must be associated with the Channel in that step itself. This makes it cumbersome to manage.

As an example, consider I need 3 new roles per channel and have 100s of channels. Now I need to create 300 Roles! Thats so many needlessly duplicated roles and goes against the DRY principle.

Now further, lets say I want to redefine the permission matrix for a role - now its a major task since all 100 roles have to be individually redone, and that's a seriously LOT of clicks, not to mention extremely prone to human error since the same set of permissions need to be repeated role after role.

The above is from the perspective of using the Admin UI. If its automated, then of course its not a biggie.

Describe the solution you'd like

Nevertheless, I feel that Roles should not be tied to channels. Roles provide a certain number of action permissions irrespective of a channel. Once a role (eg Channel Owner) has been defined with some permissions, its like a template. Now I can assign the role to an admin A for a channel X. The same role can be assigned to admin B for channel Y and so on.

This also means that if the permission for the role changes, it needs be done only at one place, and it will automatically flow to all the admins who have that Role for XYZ channel.

Additional context

1. https://discord.com/channels/1100672177260478564/1135951937796325486/1135951937796325486
2. This is how I do it in my product - There are channels, there are roles, and somewhere else a role is attached to an account for a channel.

[michaelbromley]

Just throwing some thoughts down here:

• This issue is a result of the fact that Administrator and User entities are not channel-aware, that is, they are not associated with a particular Channel.
• It is Role that is channel-aware. So an admin only has permissions on a given channel due to the permissions on that channel afforded by a given Role.

What you are proposing would look something like this:

I agree that in the use-case of many channels with "template-like" roles, this latter arrangement is much more efficient.

One downside though is that you would lose the ability to have an admin with different roles on different channels like this:

Which might be a kinda niche use-case but I'd rather have be able to support it than not.

A agree though that there should be a better way to duplicate roles for new channels at least in the Admin UI. Even with our current data model we can definitely make this easier.

[zehawki]

One downside though is that you would lose the ability to have an admin with different roles on different channels like this:

I'm not able to follow why. Expanding on what I said up in my post "This is how I do it in my product - There are channels, there are roles, and somewhere else a role is attached to an account for a channel."

Going by the roles you defined: Catalog Admin, Order Admin, CRUD on Products - which have some permissions attached.

Now all we need is a table which holds:

Channel | Admin account | Role

Channel A | Account 1 | Catalog Admin

Channel B | Account 2 | Catalog Admin Channel B | Account 1 | Order Admin

Channel C | Account 3 | CRUD on Products Channel C | Account 4 | Order Admin Channel C | Account 1 | CRUD on Products

So this supports all configs.

[mohdbk]

One downside though is that you would lose the ability to have an admin with different roles on different channels like this:

I'm not able to follow why. Expanding on what I said up in my post "This is how I do it in my product - There are channels, there are roles, and somewhere else a role is attached to an account for a channel."

Going by the roles you defined: Catalog Admin, Order Admin, CRUD on Products - which have some permissions attached.

Now all we need is a table which holds:

Channel | Admin account | Role

Channel A | Account 1 | Catalog Admin

Channel B | Account 2 | Catalog Admin Channel B | Account 1 | Order Admin

Channel C | Account 3 | CRUD on Products Channel C | Account 4 | Order Admin Channel C | Account 1 | CRUD on Products

So this supports all configs.

I agree with this. We're nearing the final stages of launching a large-scale multi-vendor marketplace, intending to support over 300 vendors in the initial phase. Currently, the plan involves creating 300 channels for the vendors/sellers and assigning 300 roles for each vendor-admin. However, managing such a vast number of roles can be daunting, especially on a large scale.

It seems there should be a solution to accommodate both scenarios more efficiently. @michaelbromley, it would be great if we could come up with a solution for this, particularly considering the various use cases in multi-vendor marketplaces. Thank you for your valuable contribution to this incredible software.

[michaelbromley]

@mohddotio this is something we intend to revisit for the next major version (v3), but I can't give a time estimate on this.

[snapshotleisure]

Sorry to chime in here, as I am interested in this as well as I am about to embark on using Vendure.

Would the issue with the new proposal of tying everything to a user account, then it involve if a user leaves or new accounts need to be created, they would need to manually be added/removed to 300 channels? if you have 10 users, that would have to done manually 3000 times?

I think the current restriction of roles > channel, is to allow easy management of user, if you have 10 users who should be product manager, you just add them to the product manager role and it automatically accepts all the permissions. If you tie to user account, you would have to manually configure each 10 users.

So the effort would be split between ongoing maintainence (longer to configure each user) vs initial setup time (configuring the roles). However I would consider roles to be a configuration/infrastructure thing, with so many channels/multivendor, it would make sense to use the API available to do this configuration rather than manually doing it?

This is a great piece of software! however I am reviewing to see if it will meet my needs for I want to do, so I'm looking through the issues to see what limitations people are hitting! so I wanted to chime in to understand if this particular issue will be a problem for me

[mschipperheyn]

From our point of view the current approach offers sufficient flexibility. Using an administrator with a cross channel role, would require you to create multiple administrators if you want them to have different roles on each channel. That doesn't make a lot of sense to me.

I feel that this is a bit of a documentation thing as well. It's not always easy to wrap your head around these things, why they are done the way they are and how you should execute on your requirements given the framework that exists.