PlusAuth provides a simple yet strong way to implement role based authentication. You can create Role Groups, Roles and Permissions.

Role Groups and Roles are virtual layers for organizing permissions. Usually in most systems authentication control is implemented over permissions. You can assign permissions to roles and roles to role groups. You are not limited to use roles and role groups. You can also assign permissions or roles directly to user.

Let's move over steps to define your RBAC.

Create API and Permissions

First of all you should create an API to define your permissions. API is a definition in PlusAuth equals to your services which you want to secure. Go to Dashboard > API and click on to + button from bottom right of the screen . You will see an API create dialog. There, you are expected to enter name, audience and if necessary description. Name can be anything. Audience should be your API's unique identifier. It will be included in generated token if audience is passed in authorization request.

After you created API, you can create permissions for it. Go to Dashboard > API and click to Permissions icon on the row at the data table which contains your API. You will see a screen with a datatable and two fields with a plus icon above it to enter name and description for the permission.

Create Role

Go to Dashboard > RBAC > Roles and click on to + button from bottom right of the screen. You will see a Create Role dialog. There you can enter name and description for the role. If you select Assign To New Users, that role will be assigned automatically to your newly created or registered users.

From the Role details you can assign permissions to that role. Go to Dashboard > RBAC > Roles and click to Permissions icon on the row at the data table which contains your role. You will see a screen with a datatable. Above that datatable first select the API contains your permission to be assigned to the role. After you select an API from the combobox next to API dropdown you can select permissions you want to assign to the role. Click to plus icon next to combobox after you selected your permissions.

Create Role Group

Go to Dashboard > RBAC > Role Groups and click on to + button from bottom right of the screen. You will see a Create Role Group dialog. There you can enter name and description for the role group. If you select Assign To New Users, that role group will be assigned automatically to your newly created or registered users.

From the Role Group details you can assign roles to that role group. Go to Dashboard > RBAC > Role Groups and click to Roles icon on the row at the data table which contains your role group. You will see a screen with a datatable. From the combobox above the datatable you can select roles you want to assign to the role group. Click to plus icon next to combobox after you selected your roles.

Apply RBAC to User

Go to Dashboard > Users and click to Permissions icon on the row at the data table which contains your user. You will see a page contains three panes. First pane is the place for Role Groups, second pane is for Roles and the last pane is for Permissions.

In the role groups pane you will see two sections which are Assigned and Unassigned. Role Groups in the assigned section are the assigned ones to user. Unassigned contains unassigned role groups for that user. You can drag a role group from the Unassigned section and drop to Assigned section for assigning it to user.

In the roles pane, Directly Assigned to User section means those roles in the section are assigned directly to the user without a role group relation. If you click on one of the role groups in the page, you will see another section in the Roles pane which displays assigned Roles to the selected Role Group. Note that those roles are assigned to the role group meaning they may not be assigned to the user if the role group is not assigned. You can drag a role from the Unassigned section and drop to Directly Assigned section for assigning it to user or you can assign it to the one of the role groups.

In the permissions pane, Directly Assigned to User section means those permission in the section are assigned directly to the user without a role relation. If you click on one of the role in the page, you will see another section in the Permissions pane which displays assigned Permissions to the selected Role. Note that those permissions are assigned to the role, meaning they may not be assigned to the user if the role is not assigned. After you select an API, you can drag a permission from the Unassigned section and drop to Directly Assigned section for assigning it to directly user or you can assign it to the one of the roles.

Final permissions of the user will be retrieved from Assigned Role Groups, Directly Assigned Roles and Permissions.