The World’s Largest Online Community for Developers

'; What is the difference between Roles and Permissions in ASP.NET Boilerplate Template? - LavOzs.Com

In ASP.NET Boilerplate, why does it has roles and permissions to control authorization? Which is the difference between both?

1. Why does ABP have roles and permissions to control authorization? What is the difference between the two?

Having both roles and permissions allows flexibility and ease for admins to control authorization.

The difference is that authorization only depends on permissions, not roles.


Roles are used to group permissions. When a user has a role, then he/she will have all the permissions of that role. A user can have multiple roles. The permissions of this user will be a merge of all the permissions of all assigned roles.

For example, a site moderator can be allowed to add, edit and delete any posts, including the ones written by others. A site moderator can add, edit and delete comments as well. If there are several site moderators, then a role can be easily assigned instead of individual permissions to each user.

2. Does a permission necessarily belong to a role? And does a role necessarily need permissions?

No, a permission can be assigned directly to a user.

No, a role does not need permissions. A role with no permissions is like a position (e.g. employee).


Role Permissions

If we grant a permission to a role, all the users that have this role are authorized for the permission (unless explicitly prohibited for a specific user).

User Permissions

While the role-based permission management can be enough for most applications, we may need to control the permissions per user. When we define a permission setting for a user, it overrides the permission setting defined for the roles of the user.

In addition, there are also Organization Unit Roles (not documented yet). That is, a role can be assigned to an organization unit and users in that organization unit are considered to have that role.

Role: a group of permissions.

ASP.NET Roles and Permissions
Sitecore active directory problem with permissions and roles-in-roles
ASP.NET MVC Authorization: Permissions in Place of Roles
Designing Permission based role system rather than directory based in
How should exceptions to User Role Permissions be handled?
Why does RBAC have both roles and permissions?
roles and permissions for membership website
Role vs tenant in boilerplate
Configuring ASP.NET Boilerplate Authorization
Dynamic permissions in Boilerplate