Inheriting role permissions from other roles?


Just out of curiosity, is there any plans in the future for some ability for a role to inherit permissions from other roles? For example, I currently have two roles where I have to add certain database table permissions to each of them when I create a new table in the database, and often times I’ve created 3+ new tables, which turns into making 6 changes between the two roles.

I know my example is a very small one, but it would be quite useful if I could add those permissions once to a “base” role that those two roles could then “inherit” permissions from. The inheriting roles could even have the ability to override the inherited permissions (for example, if one of the two roles needed POST permissions but the other one didn’t…etc).
I imagine it would work basically like how classes in languages such as Java can be extended from other classes.

Anyway, I was just curious if this sort of feature was in the plans or had even been requested before.

User's with multiple roles or groups

This hasn’t been requested before.

What about using the /system/role API with a PATCH request? For example, you could keep the permissions in a text file which is easy to update, and then make a single PATCH request from cURL or the like (or from the API Docs tab) to update all the affected roles at once. That way you don’t have to use the user interface to make the role updates manually.


Actually, looks like the table-level permissions are not exposed. I’ll see what Lee says. Exposing every role-level setting you can configure in the UI could be useful for bulk role updates from the command line.


Inheriting roles is definitely a feature to look at. We are using DF roles heavily as our app has several module and each module has different set of users. So like HigherManagement --> MiddleManagement --> JuniorEmployee --> NewJoinee --> Clerks etc. Right now, we have to add permissions to each and every role separately. Now we are thinking of managing roles at application level as creating roles in DF is not suiting our purpose. Is this feature in future plan?