Learn how to control data access within multi-tenancy applications through role-based access control (RBAC) or other authorization methods.
user
is assigned roles
, which in turn grant them the permissions
they need to access resources. In a multi-employer RBAC, users typically belong to a particular employer
and their permissions and roles are scoped to that employer. A user in one employer should not, by default, have any permissions or roles in another employer unless explicitly granted.Building upon the database tablesCross-Employer Authorization
There may be scenarios where a user needs access across multiple employers (maybe they manage multiple employers for a PEO, or Professional Employer Organization. In such cases, your RBAC authorization system must support cross-employer roles and permissions without compromising the security or isolation of individual employers.
customers
& finch_connections
defined in the Manage Connections guide, in order to implement multi-employer RBAC, we need a few additional tables.
customers
: Represents the “entities” who use your system.finch_connections
: Represents the different connections (i.e. employers) a customer might have in your system.users
: Represents individual users within a particular employer. Each user is associated with a specific connection, which defines the context of their roles and permissions.roles
: Represents different roles that can be assigned to users within an employer. Each role is associated with a particular connection, signifying the context in which the role exists.permissions
: Represents the different actions or operations that can be performed within your system. Permissions are not directly linked to a connection as permissions are typically more generic and can be used across multiple connections.role_permissions
: A junction (or associative) table that establishes a many-to-many relationship between roles and permissions. Allows you to assign multiple permissions to a single role and vice versa.user_roles
: Another junction table, but this one links users and roles. It determines which roles are assigned to a user in the context of a connection. Each combination signifies the roles a user has within a particular connection, which in turn dictates what actions they can perform with their employment data.Admin
role since it is the employer’s HR & Payroll admin who should only have the permissions to go through Finch Connect and establish a connection with their employment system. Since a regular employee does not have the permissions to see the whole company-wide details or payroll, they should not be shown the option to connect via Finch.