Hey , I have a use case ,lemme know if this is possible using Supertoken's RBAC User A belongs to ROLE 1 with read permission I need a User B to belong to same ROLE but with different permissions . I couldn't find a way to do as users are attached to just role and a role has permissions . So, the only way to do is to create another role

hey @Tushar thats correct. You would need to create another role. One way to get this to work in a nice way is to create role names like (if the role is an admin role for example):

admin -> []
admin-userA -> [p1]
admin-userB -> [p2]

In the above, we have mapped admin to no permissions, but have mapped admin-userA to permission p1, and admin-userB to permission p2 So you could assign roles

admin

and

admin-userA

to

userA

and roles

admin

and

admin-userB

to

userB

. This way, the affective permissions for the users would be different, and yet, you can check that both, userA and userB have the

admin

role or not.

But this architecture would have problem as it would result in a lot of roles and hence when we are protecting the routes at backend we would need to pass all of those in verify session at the userRoleClaiMValidator . Don't you think that would be a poor architecture .

you only need to pass in the admin role to that