Identity Roles Expansion (Parent/Group Roles)

Feb 18, 2015 at 3:49 PM
I have developed .NET applications for some time, and was really excited to hear about the One Identity changes. However I was sort of let down when the Roles had minimal changes.

Without going to far in, I have found and heard from other programmers that the Role Memberships are too simple and do not meet real world use cases (Many robust applications use Role Groups or Role Profiles). Best example is if you need to make changes to a 100 users, and modify access, you would modify the Role Group/Profile they belong to and not edit every user changing different roles. That Role Group/Profile has specific roles (child) associated.

I am trying to modify RoleStore and UserRoles to use Role/Parent Groups (As I have done in 2.0 Memberships). In this case you can create roles (child) that are functional roles like create user, edit products, modify records, ect. Then you create a Role Group/Parent that has specific child roles like the create user role. When you assign a user roles, you select the Role Group/Parent role, of which grants access to the child roles.

Example, you place a user in the group role Application Manager (not individual roles), they then can edit products role and modify records (user in role checks what roles belong to group role). Enterprise applications have hundreds of child roles. Later you can then change the group role to include edit users, and users in the group role instantly can edit users.

I hope someone can feel this pain or might recommend a solution. Or best case .Net Identity Roles are extended.