ScaffoldHub - v2
  • Introduction
  • Modeling
    • Two-way Relationships
  • Setup
    • Backend
    • Frontend
    • File Storage
    • Emails with SendGrid
    • Payments with Stripe
  • Debugging
  • Deployment
    • Database
      • SQL
      • MongoDB
    • Backend
      • Google Cloud - App Engine
      • Google Cloud - Run
      • Under construction...
    • Frontend
      • Firebase Hosting
      • Heroku w/ Subdomains
      • Under construction...
  • Features
    • Projects
    • Preview
    • Tenants
      • Single-Tenant
      • Multi-Tenant
      • Multi-Tenant (w/ subdomains)
    • Payments
    • Security
    • Authentication
      • Sign-in and Sign-up
      • Invitation
      • Password Reset
      • Password Change
      • Email Verification
    • Audit Logs
    • Settings
    • Internationalization (I18n)
    • Entity
      • Form
      • Filter and List
      • Export
      • Import
    • API Documentation
  • Architecture
    • Security
    • File Storage
    • Internationalization (I18n)
    • Payments
    • Typescript Support
    • Rate limiting
    • Technologies Versions
    • Under construction...
  • Recipes
    • Testing the API with Postman
    • Enterprise sign-in with WorkOS
    • Under construction...
  • Support
  • Changelog
    • Documentation
    • Scaffolds
  • Custom Development
  • Legacy Scaffolds
  • Go to ScaffoldHub
Powered by GitBook
On this page

Was this helpful?

  1. Features

Security

PreviousPaymentsNextAuthentication

Last updated 4 years ago

Was this helpful?

This section is a high-level explanation of the ScaffoldHub roles and permissions. For low-level and implementation, refer to the section.

Both frontend and backend validate permissions. On the backend, the validation happens on each endpoint.

To understand ScaffoldHub security, you must understand those concepts:

Permission

Permission is very specific actions users can perform. Examples are customer create, audit log read, or user delete.

Role

A role is a group of permissions. For example, an admin (role) can create users (permission), view audit logs (permission), etc.

Out-of-the-box ScaffoldHub has two roles: Admin and Custom. The idea is that you manually create more roles based on your business context.

Users, Workspaces (Tenants), and Roles

Users can have multiple roles in multiple tenants. For example, a user can be a viewer (role) and an entity editor (role) on Workspace A (workspace), and an admin (role) on Workspace B (workspace).

Demonstration

For this demonstration, we will have the following setup:

admin@scaffoldhub.io with the admin role.

felipe@scaffoldhub.io with the custom role.

The admin role has all the permissions.

The custom role has permission to read customers, create customers, and read products.

Architecture > Security