Hello all,

I’m working on an organization-based service and want to have resource-specific permissions that are restricted by (from a user perspective) organization-specific roles. Since I’m not familiar with the specific terminology, I’m thinking of something similar to how GitHub manages their permissions:

-          A single user can be a member of multiple organizations

-          A user can have a different roles with different organizations that grant them access to all of an organization's resources

-          A user can have access to a specific resource

-          That organization-specific role determines access to different organization resources

Are there any best practices or patterns for this model?

 

Thanks!

Justin