Mudmap Org Permissions

Thu, May 5, 2022 2-minute read

Mudmap Org Permissions

Mudmap must be able to provide user accounts under an account root. This account root will be called an organisation. All users will belong to an organisation.

RBAC policies are applied per-user according to their level of access.

As a general guide, a root account is created from which all accounts for that company or group are then underneath. This account is the organisation owner for lack of better wording. It might be prudent to allow multiple root account holders.

This means devices are attached to an account or at least an account user. Users associated to that user can see any device in the hierarchy. At the moment, only a single user account can have and see its own devices. This will need to be radically altered to accommodate these changes.

RBAC Policies

Account Type Payments Privileges Read Write
Root y y y y
Privileged n y y y
Manager n n y y
User n n y n
Custom ? ? ? ?
  • managers cannot elevate privileges (only privileged account or root)


  • How to create this type of account setup with Auth0? Do I need to hack something together
  • How to grant RBAC - JWT or DB look up on each request? JWT best case, DB worse but either way RBAC should be stored in a DB for reference in admin panels
  • How to associate users to the root account programmatically with backward compat


#mudmap #research