Skip to main content

Roles & Permissions

SaaSykit Tenancy comes built-in with a roles & permissions system that allows you to offer your tenants the ability of assigning roles & permissions to their team members, so they can control what each team member can do in the tenant.

SaaSykit's uses Spatie's Laravel Permission package under the hood to manage roles & permissions.

Change team member role

By default, SaaSykit Tenancy comes with the following tenant roles:

  • Admin: The admin has full control over the tenant, they can invite users, assign roles & permissions, remove users, manage subscriptions, billing and more.
  • User: This is a limited role that allows tenant user to pretty much only view the tenant panel. You can extend this role with more permissions that fit your application's needs.

Defining new roles & permissionsโ€‹

To define new roles & permissions for your tenants, you can do that in the RolesAndPermissionsSeeder in database/seeders/RolesAndPermissionsSeeder.php.

Particularly, you can have a look at the called multiTenancyRolesAndPermissions where all the default roles & permissions are defined.

Assigning & checking against roles & permissionsโ€‹

SaaSykit Tenancy allows users to be part of multi tenants. This means that the User and Tenant models have a many-to-many relationship.

This means that permissions & roles are not directly assigned to the User model, but rather to the pivot table role_user which is used to manage the roles & permissions of a user in a tenant.

SaaSykit Tenancy offers a helper class that allows you to check & assign roles & permissions to a user in a tenant, which is the TenantPermissionService class, you can find it in app/Services/TenantPermissionService.php.

Allowing Tenants to Create Tenant-specific Rolesโ€‹

If you'd like to allow your tenants to create their own roles from their dashboard, SaaSykit has you covered.

You can enable that with a switch in the admin panel settings, which is available under the "Settings" >> "Tenancy" section.

Tenancy settings

When this setting is enabled, tenants can create their own roles and assign permissions to them. This allows tenants to have more control over their team members' access and permissions.

Once enabled, tenant users who have the permission to "manage tenant team settings" will be able to see the "Roles" section in their tenant dashboard:

Roles menu

And they will be able to create new roles and assign permissions to them:

Create role

Permission-aware implementation with Filamentโ€‹

If you'd like to add resources to the tenant panel (the dashboard panel) and you want to make sure that only users with certain roles can access these resources, you can do that by using Laravel Policies.

For each new resource you add to the tenant panel, you can create a policy that checks if the user has the required role to access the resource.

You can check the pre-existing policies in app/Policies (like SubscriptionPolicy and OrderPolicy) to see how they are implemented.