Reputation: 5085
Create and Get Custom Roles and assign them to users
I can't understand how to create custom roles in fusionauth. I want to create my own set of roles and put them in respective groups.
Are roles and groups are synonymous in fusionauth ? I see roleIds object inside groups but can't find much detailed documentation on that.
Also jwt token has roles[]. Is it possible to return those custom roles in jwt token?
Any help is appreciated.
Upvotes: 1
Views: 869
Answers (1)
Reputation: 1067
You may use the UI or the API to create roles for an application. When you create an Application in FusionAuth you may create the roles at the same time. The UI link above is a tutorial to create an application in the UI.
The roles for the default application FusionAuth cannot be modified. This application represents the admin user interface. You will create at least one application that represents your application.
Are
rolesandgroupsare synonymous in fusionauth ?
No. Roles belong to an Application. An application in FusionAuth represents and authenticate resource. A Group is a logical grouping of users, and a way to manage roles across multiple applications.
To manage roles for an Application once it has been created navigate to the Application Roles. Settings --> Applications --> Manage Roles The Manage Roles button is the dark blue one in the row action.
The FusionAuth Group can be used to assign roles from multiple applications to a user through Group membership.
For example, assume you have multiple Applications, Support Portal and Workday, and each of these applications contains an admin role.
A FusionAuth Group could be created called Admins and it would be assigned the admin role from Support Portal and Workday.
A User can be assigned the admin role for both of these Applications through Group membership. The user will still require a registration to the application to receive the roles assigned to the Group. This mechanism provides a way to manage role assignment for groupings of users.
The roleIds inside of the Group object is how the API will interact with Application Roles. If you utilize the UI you can just point and click.
Also
jwttoken hasroles[]. Is it possible to return those custom roles in jwt token?
The roles assigned directly through a User Registration or by Group Membership will come back in the JWT in the roles claim when logging into a specific Application.
Upvotes: 2
Related Questions
- Creating Tenant in FusionAuth with java
- How to create one FusionAuth application with many oauth clients with scopes
- Associate Role to a User Microsoft Dynamics CRM (Rest API)
- FusionAuth Authorization
- Multi-tenant authorization wth FusionAuth
- Can a user manager be limited to manage only users of certain groups?
- creating custom roles in Cloud foundry
- Multiple Roles for a User belonging to multiple Organizations
- Roles using JWT
- ServiceStack adding roles and permissions with custom AuthUserSession