DEV Community

Discussion on: How to distinguish admin users from normal users?

Collapse
 
rhymes profile image
rhymes • Edited

Hi Mohammad!

In my experience it really depends on how complicated the thing you want to build is.

I think the simplest is having a list of users and a list of roles. Each user can have roles. Users with no roles are regular users, users acquire super powers for each role they have (admin, editor, etc. etc.). Usually a user with the admin role doesn't need other roles, but that depends on what meaning and logic you attribute to each role.

I remember an app I did for a client where they wanted store managers to have a set of permissions, admins to have another set of permissions and supervisors to be completely read only but with a wide spectrum of read permissions on the systems.

What permissions a role has is entirely dependent on your business logic.

Should the first user who has registered on the platform would be the "admin user"?

Nope, usually the admin or creator of the platform has some sort of admin role. It should be a person whom you trust, not "the first one".

FYI: most stacks have libraries that already solve this issue, by handling users and admins, the concept of current user and roles and permissions. Some are just binary (a user is either a user or an admin), others are more granular (a user can have a list of roles).

So, to recap: you have users that have certain roles and then in your business logic you decide which permissions each role has on each "object" they are allowed to access.

Collapse
 
iaziz786 profile image
Mohammad Aziz • Edited

Thanks, rhymes for your simple and clear explanation.

Having just binary concept of user's roles might be helpful in some situations but I really like the idea of having a list of roles. It almost works like an authorization step for the entire system and it is scalable too.