In my SaaS ERP, there are takeaways below:
- Both User and Role modules are compliant with the core infrastructure, including editing, listing and viewing.
- A user can have more than one roles. At the same time, a role can be assigned to more than one user.
- The permissions of a user depends on all roles assigned to him. The common permissions of all roles are the actual authentication of the user.
- When determining whether a user has one permission, a simple funtion can be invoked.