Roles in Loopback
Loopback allows you to define various User Roles based on the requirements. It enables you to define both static and dynamic roles. Static roles are stored in a data source and are mapped to users. In contrast, dynamic roles aren’t assigned to users and are determined during access.
Multi-Tenant Roles
- An
orgAdminlike role is required for access over REST to allow for administrative actions needed for any particular organization:- API's to manage/invite other users,
- profile and payments configurations, and
- deciding hierarchal powers.
- Hopefully, it makes sense naturally that such actions should only be allowed for an organization's administrators.
- An
orgUserrole is required for accessing other basic APIs which help an organization execute properly.
Built-In Roles
LoopBack enables you to define dynamic roles that are defined at run-time.
LoopBack provides the following built-in dynamic roles:
$owner- Owner of the object$authenticated- authenticated user$unauthenticated- Unauthenticated user$everyone- Everyone
Define a Custom Role
You can create custom roles through boot scripts.
Here's an example of creating a custom role:
var Role = app.models.Role;
var RoleMapping = app.models.RoleMapping;
Promise.resolve()
.then(function () {
return Role.findOrCreate(
{where: {name: 'orgAdmin'}}, // find
{
name: 'orgAdmin',
description: 'admin of the org'
} // or, create
);
})
.then(function () {
log.trace('Role created successfully');
return cb();
})
.catch(function (error) {
log.error('Error in creating roles', error);
return cb(error);
});