Roles & Permissions
SaaSykit Tenancy comes built-in with a roles & permissions system that allows you to offer your tenants the ability of assigning roles & permissions to their team members, so they can control what each team member can do in the tenant.
SaaSykit's uses Spatie's Laravel Permission package under the hood to manage roles & permissions.

By default, SaaSykit Tenancy comes with the following tenant roles:
- Admin: The admin has full control over the tenant, they can invite users, assign roles & permissions, remove users, manage subscriptions, billing and more.
- User: This is a limited role that allows tenant user to pretty much only view the tenant panel. You can extend this role with more permissions that fit your application's needs.
Defining new roles & permissionsโ
To define new roles & permissions for your tenants, you can do that in the RolesAndPermissionsSeeder
in database/seeders/RolesAndPermissionsSeeder.php
.
Particularly, you can have a look at the called multiTenancyRolesAndPermissions
where all the default roles & permissions are defined.
Assigning & checking against roles & permissionsโ
SaaSykit Tenancy allows users to be part of multi tenants. This means that the User
and Tenant
models have a many-to-many relationship.
This means that permissions & roles are not directly assigned to the User
model, but rather to the pivot table role_user
which is used to manage the roles & permissions of a user in a tenant.
SaaSykit Tenancy offers a helper class that allows you to check & assign roles & permissions to a user in a tenant, which is the TenantPermissionService
class, you can find it in app/Services/TenantPermissionService.php
.
Allowing Tenants to Create Tenant-specific Rolesโ
If you'd like to allow your tenants to create their own roles from their dashboard, SaaSykit has you covered.
You can enable that with a switch in the admin panel settings, which is available under the "Settings" >> "Tenancy" section.

When this setting is enabled, tenants can create their own roles and assign permissions to them. This allows tenants to have more control over their team members' access and permissions.
Once enabled, tenant users who have the permission to "manage tenant team settings" will be able to see the "Roles" section in their tenant dashboard:

And they will be able to create new roles and assign permissions to them:

Permission-aware implementation with Filamentโ
If you'd like to add resources to the tenant panel (the dashboard panel) and you want to make sure that only users with certain roles can access these resources, you can do that by using Laravel Policies.
For each new resource you add to the tenant panel, you can create a policy that checks if the user has the required role to access the resource.
You can check the pre-existing policies in app/Policies
(like SubscriptionPolicy
and OrderPolicy
) to see how they are implemented.