Hello chat! I have a general question about SuperTokens and authorization. Does SuperTokens offer a form of permission-based auth which does not rely on UserRoles? I have a use-case where my administrators will be able to create default permissions for roles, and assign them to a user, but then subsequently be able to add or remove permissions on a user-by-user basis. So two users with "supervisor" role may have slightly different permissions given to them by admins. I know this sort of makes roles useless, and permissions would really just be applied to users directly, but I'm still learning about authorization systems and I'm not sure if SuperTokens can support something like this. Any tips or suggestions would be appreciated! Thanks!

Hey.

yeah we were considering something like that; basically a role for every user. i just wanted to do some research first in case there was a cleaner way. I'm sure there must be some standard for achieving that functionality. I can't imagine we're the first to want permissions to be changeable based on user.

Oh yea. Sure. It’s just that our RBAC system is not very full fledged.

@rp_st I feel like a dum dum, but the solution to our issue is simple: just to allow users to have multiple roles, and any permissions that deviate from the base-role can just be applied through addition custom-roles. which of course SuperTokens already supports. lol thanks for your input!