Managing User Access with Roles and Profiles

Managing User Access with Roles and Profiles

Controlling who can access what in your application is very important. That’s where roles and profiles help.

✅ What Are Roles?

Roles define what a user can do in the system.

🎯 Common Roles:

  • Admin – full control

  • Editor – can change content

  • Viewer – read-only access

  • User – regular access

πŸ’‘ Example:

{
  "name": "Rasagna",
  "email": "rasagna@example.com",
  "role": "admin"
}

✅ What Are Profiles?

Profiles store user-related information, like:

  • Name

  • Email

  • Preferences

  • Photo

  • Language

  • Theme

Profiles help personalize the experience but do not control permissions.

🧠 Difference Between Roles and Profiles:

FeatureRoleProfile
PurposeAccess controlUser info & preferences
Editable byAdminUser (mostly)
AffectsWhat user can doHow user sees the system

πŸ”— Why Manage Roles?

  • Prevent unauthorized access

  • Give the right access to the right person

  • Improve security

  • Separate concerns (Admin vs. User)

πŸ› ️ Implementing Role-Based Access in a Web App

Let’s use Node.js + Express + MongoDB + React for the example.

πŸ“ MongoDB User Schema Example

// models/User.js
const mongoose = require('mongoose');

const userSchema = new mongoose.Schema({
  name: String,
  email: String,
  password: String,
  role: { type: String, enum: ['admin', 'editor', 'viewer'], default: 'viewer' },
  profile: {
    photo: String,
    language: String,
    theme: String,
  }
});

module.exports = mongoose.model('User', userSchema);

πŸ§ͺ Middleware to Check Role in Express.js

// middleware/checkRole.js
function checkRole(role) {
  return (req, res, next) => {
    if (req.user && req.user.role === role) {
      next();
    } else {
      return res.status(403).json({ message: "Access Denied" });
    }
  };
}

module.exports = checkRole;

πŸ” Example Routes with Role Protection

const express = require('express');
const router = express.Router();
const checkRole = require('./middleware/checkRole');

// Only admin can access this route
router.get('/admin/data', checkRole('admin'), (req, res) => {
  res.json({ secret: "Admin only content" });
});

πŸ§‘‍πŸ’» React: Conditional Rendering Based on Role

function Dashboard({ user }) {
  return (
    <div>
      <h1>Welcome, {user.name}</h1>

      {user.role === 'admin' && (
        <button onClick={handleAdminTask}>Admin Task</button>
      )}

      {user.role === 'editor' && (
        <button onClick={handleEditContent}>Edit Content</button>
      )}
    </div>
  );
}

πŸ” Frontend Route Guard (React + React Router)

import { Navigate } from "react-router-dom";

function PrivateRoute({ user, children, allowedRoles }) {
  return allowedRoles.includes(user.role)
    ? children
    : <Navigate to="/unauthorized" />;
}

πŸ“ Profile Management in React

function UserProfile({ user }) {
  return (
    <div>
      <img src={user.profile.photo} alt="User" />
      <p>Name: {user.name}</p>
      <p>Language: {user.profile.language}</p>
      <p>Theme: {user.profile.theme}</p>
    </div>
  );
}

πŸ”„ Updating Role in Admin Panel

// PUT /api/users/:id/role
router.put('/users/:id/role', checkRole('admin'), async (req, res) => {
  const { role } = req.body;
  const updatedUser = await User.findByIdAndUpdate(req.params.id, { role }, { new: true });
  res.json(updatedUser);
});

πŸ”’ Secure Practices

  • Always validate role on server-side

  • Do not trust frontend-only checks

  • Store role info securely (e.g., JWT or sessions)

  • Use HTTPS

  • Keep roles simple and easy to understand

🧠 Bonus: Role Hierarchy (Optional)

You can define role levels:

const roleLevels = {
  admin: 3,
  editor: 2,
  viewer: 1
};

function hasAccess(userRole, requiredRole) {
  return roleLevels[userRole] >= roleLevels[requiredRole];
}

πŸ›‘️ JWT Token with Role Example

// JWT payload
{
  id: "user123",
  name: "Rasagna",
  role: "editor"
}

Use this info to authorize routes without querying DB every time.

🚦 Summary Table

FeatureExample
Role Fieldadmin, editor, viewer
Profile DataName, Theme, Language
Access CheckExpress Middleware
UI DisplayReact Role-Based Components
Auth StorageJWT or Session

🧩 Real-World Example:

Imagine an online learning platform:

RoleAccess Rights
AdminAdd/delete courses, manage users
TeacherUpload materials, grade students
StudentView lessons, submit assignments

You can create roles and apply access rules as shown above.


Learn Salesforce Development Training Course


Read More




Comments

Post a Comment

Popular posts from this blog

Tosca System Requirements and Installation Guide (Step-by-Step)

Tosca System Requirements and Installation Guide (Step-by-Step) Tricentis Tosca is a powerful test automation tool. Before installing it, you need to make sure your system meets certain requirements. This guide will walk you through: System Requirements Prerequisites Step-by-Step Installation Activation and First Launch ✅ 1. System Requirements for Tosca (as of 2025) πŸ–₯️ Operating System Windows 10 (64-bit) Windows 11 (64-bit) Windows Server 2016 / 2019 / 2022 ❗ Tosca does not support Mac OS or Linux natively. πŸ“¦ Software Requirements .NET Framework 4.8 or later Microsoft Visual C++ Redistributables (2015–2022) Microsoft Office (for Excel integration, optional) Admin rights for installation πŸ§ͺ Browser Support (for testing web apps) Google Chrome (latest) Microsoft Edge (Chromium-based) Mozilla Firefox (limited support) Tosca also supports browser automation through TBox and XScan engines. πŸ› ️ 2. Prerequisites Before...
Read more

How to Install Selenium for Python Step-by-Step

 How to Install Selenium for Python: Step-by-Step Guide πŸ§ͺ Introduction Selenium is one of the most powerful and widely used automation tools for testing web applications. It's open-source, supports multiple programming languages—including Python—and enables automated browser interaction. This article provides a step-by-step guide to installing Selenium with Python on your system in 2025. πŸ“Œ What Is Selenium? Selenium is a suite of tools that allows you to automate browsers. It supports: Cross-browser testing (Chrome, Firefox, Safari, Edge) Web scraping (in some cases) Regression and functional testing Integration with test frameworks like PyTest and Unittest ✅ Prerequisites Before starting, make sure: Python is installed on your system pip (Python package installer) is available A web browser (like Chrome or Firefox) is installed Internet connection is active πŸ“ Step 1: Install Python (If Not Already Installed) πŸ”½ Windows: Go to the official Python website: πŸ‘‰ https://www.python.o...
Read more

Tosca Commander: A Beginner’s Overview

Tosca Commander: A Beginner’s Overview Tosca Commander is the main interface for working with Tosca , a popular tool used for automated software testing . If you're starting your journey with Tosca, understanding Tosca Commander is your first big step . Let’s break it down in simple terms. πŸ’‘ What Is Tosca? Tosca is an automation tool developed by Tricentis . It helps QA teams automate functional and regression testing for web, desktop, mobile, and APIs — without writing code . 🧭 What Is Tosca Commander? Tosca Commander is the graphical user interface (GUI) of Tosca. It’s where you create, manage, and execute your tests. Think of it as the "control panel" for all your test automation activities. πŸ–₯️ Tosca Commander Interface Overview The main areas in Tosca Commander: Section Purpose Project Root The starting point of all your work Modules Reusable blocks for interacting with the application under test (AUT) Test Cases Actual automated tests you cre...
Read more