I was wondering what are the possible (or maybe standard) ways of implementing user roles in a single page application. I'm using React front end, Express server, Postgres DB.
Before integrating Active Directory, I simply stored users in a table in my Postgres DB, with a column being set to user role ("Admin", "Analyst", "Engineer"). Now that I've integrated Active Directory, I get "username" and "name" properties (when checking for active user). Do I somehow "sync" the active user in Active Directory with a user entry in the database? If they are not entered in the database as a user yet, do I just create an entry for them? If I just create an entry for them, how do I assume which role they are taking as a brand new user? Do I have to set them as a "guest" or "default" role until an Admin assigns them a role?
What is the best way to "assign" them one of 3 roles? I'm working with someone who handles Azure and AD, and they said to just line it up with the users in my database, but they are also very new to this as well and we're sort of figuring this out together.
Check for activeAccount, get the username (email) and then check for that email in the users table on the database, if it exists set a state variable that contains the role on the database linked to that user?
It seems like there should be a way to set "roles" with Active Directory, and I could just skip the "users" table altogether, no?
Any sort of insight here would be helpful.
Thank you.
CodePudding user response:
It seems like there should be a way to set "roles" with Active Directory, and I could just skip the "users" table altogether, no?
It is certainly possible to do so. Please take a look at Azure AD App Roles functionality which lets you define roles specific to your application.
The process would be to create app roles in your Azure AD application and then assign one or more app roles to a user in Azure AD.
When a user successfully logs in into your application, their application roles will be returned as part of user claims.