RBAC, short for role based access control, is a method where you assign each user a role. You can then determine what they have access to based on their role.
By default, PropelAuth provides you with three roles:
Importantly, these roles apply only within the context of an organization. One of your users can be an Owner of organization A and a Member of organization B. Those roles dictate permissions within the organization - not globally.
These roles are also hierarchical, Admins have all the permissions that Members have, and Owners have all the permissions that Admins have.
PropelAuth enables your end users to manage their own roles via their org management hosted page.
PropelAuth also provides useful guard rails here. A user cannot leave an org without an Owner. Admins cannot promote other users to be Owners.
In addition to allowing your end users to self-serve managing their own roles, our libraries treat these roles as a first-class concept on both the frontend and backend. You can easily do things like "reject this request if the user is not at least an admin in this organization".
This system works well for a lot of companies, however, we are currently beta testing customizable roles. If you are interested, reach out to us at firstname.lastname@example.org.