Is there something like role inheritance or role composition?
Hello, I'm a beginner, and I'm very interested in this system. Could you tell me more about it? Is there something like role inheritance or role composition? I don't really want to assign each role to a user, is there a way to combine roles?
5 Replies
hey @JkLSweetMint welcome to the server
Right now ZITADEL does not support built-in role inheritance or composition.
There’s no “parent role” or “role groups”
You cannot create one role that “contains” other roles.
Roles are defined per project Users are granted access to projects with one or more roles
You assign roles to a user via a grant (e.g., User A → Project X → Roles: viewer, editor)
You can read about Projects and Grants here
@Rajat And there is no way to implement something like this now?
@Rajat Why is this approach used here? How do other developers solve these problems?
you can set roles as user matdata and read them during auth via actions https://zitadel.com/docs/apis/actions/code-examples#set-dynamic-claim-from-user-metadata maybe if you can explain your use case a bit more would make sense and also curious to know if you are migrating or just setting up from scratch?
ZITADEL Docs
Actions are a powerful tool to extend ZITADEL and you might wonder what use cases actions can be used for.
@Rajat Starting from scratch, I would like to be able to create roles for more detailed configuration. Minimize access parameters using code. The plan was to divide the API by permissions and then assign them to roles
hey @JkLSweetMint you should try setting up this demo as it suits exactly what are you describing, it also has a step by step guide to help you follow along 🙂 running this will help you undertsand how permission/granst works in zitadel and how can you use it