Skip to main content

Self Serve Permissions

The Warrant Self Service Dashboard is a Warrant-hosted page you can embed into your application to allow users to manage the privileges of other users within their organization. This quickstart will show you how to setup the Self Service Dashboard in your application.

note

Using the Self Service Dashboard requires that you've already setup multitenancy. Only users with the admin relation on a tenant can access the Self Service Dashboard for that tenant, so make sure you've implemented multitenancy before going through this guide.

Server Setup

Managing Basic Tenant Roles

The most common (and basic) use-case for the self service dashboard is allowing customers to manage simple admin (read/write everything), manager (read/write some things), and member (read-only) access to their organization. To make this easy, Warrant provides a built-in tenant object type which supports admin, manager, and member relations. Assign admin-level users the admin relation on a tenant to give them access to the self service dashboard for that tenant. From there, they can manage what relation other users in their tenant have.

Create a Self Service Dashboard Session for Managing Basic Tenant Roles

Add a POST endpoint on your server that creates a Self Service Dashboard Session for the logged in user and redirects to the self service URL generated by Warrant. Pass in a valid redirect URL to which the user will be redirected when their Self Service Dashboard session expires or when they navigate back to your website.

In a POST /create-self-service-session Endpoint

Using async/await
try {
  const selfServiceSessionUrl =
    await warrantClient.Session.createSelfServiceSession(
      {
        userId: userId,
        tenantId: tenantId,
        selfServiceStrategy: SelfServiceStrategy.FGAC,
      },
      "https://your-website.com/account"
    );
} catch (e) {
  // Handle error
}

// Redirect to selfServiceSessionUrl
Using Promises
warrantClient.Session.createSelfServiceSession(
  {
    userId: userId,
    tenantId: tenantId,
    selfServiceStrategy: SelfServiceStrategy.FGAC,
  },
  "https://your-website.com/account"
)
  .then((selfServiceUrl) => {
    // Redirect to selfServiceSessionUrl
  })
  .catch((error) => console.log(error));

Role Based Access Control

Another use-case for the self service dashboard is allowing customers to manage custom roles & permissions for their users. This is especially useful when your role & permission needs outgrow the basic admin, manager, and member roles provided by the default tenant object type, and you've already setup Role Based Access Control. For example, maybe your application exposes different features to different users based on their persona (i.e. accountants, field-managers, maintenance-staff, etc.) and some of the features available to the different personas overlap (i.e. field-managers and maintenance-staff both have access to a work order page).

Create a Self Service Dashboard Session for Managing RBAC

Add a POST endpoint on your server that creates a Self Service Dashboard Session for the logged in user and redirects to the self service URL generated by Warrant. Pass in a valid redirect URL to which the user will be redirected when their Self Service Dashboard session expires or when they navigate back to your website.

In a POST /create-self-service-session Endpoint

Using async/await
try {
  const selfServiceSessionUrl =
    await warrantClient.Session.createSelfServiceSession(
      {
        userId: userId,
        tenantId: tenantId,
        selfServiceStrategy: SelfServiceStrategy.RBAC,
      },
      "https://your-website.com/account"
    );
} catch (e) {
  // Handle error
}

// Redirect to selfServiceSessionUrl
Using Promises
warrantClient.Session.createSelfServiceSession(
  {
    userId: userId,
    tenantId: tenantId,
    selfServiceStrategy: SelfServiceStrategy.RBAC,
  },
  "https://your-website.com/account"
)
  .then((selfServiceUrl) => {
    // Redirect to selfServiceSessionUrl
  })
  .catch((error) => console.log(error));

Fine Grained Access Control

A third use-case for the self service dashboard is allowing your users to manage which other users have access to specific resources they created in your application. For example, Google Docs allows users to manage which other users have editor and viewer access to the documents they created.

Create a Self Service Dashboard Session for Managing FGAC

Add a POST endpoint on your server that creates a Self Service Dashboard Session for the logged in user and redirects to the self service URL generated by Warrant. Pass in a valid redirect URL to which the user will be redirected when their Self Service Dashboard session expires or when they navigate back to your website.

In a POST /create-self-service-session Endpoint

Using async/await
try {
  const selfServiceSessionUrl =
    await warrantClient.Session.createSelfServiceSession(
      {
        userId: userId,
        tenantId: tenantId,
        selfServiceStrategy: SelfServiceStrategy.FGAC,
        objectType: "document",
        objectId: "doc_edwards_excellent_essay",
      },
      "https://your-website.com/account"
    );
} catch (e) {
  // Handle error
}

// Redirect to selfServiceSessionUrl
Using Promises
warrantClient
  .createSelfServiceSession(
    {
      userId: userId,
      tenantId: tenantId,
      selfServiceStrategy: SelfServiceStrategy.FGAC,
      objectType: "document",
      objectId: "doc_edwards_excellent_essay",
    },
    "https://your-website.com/account"
  )
  .then((selfServiceUrl) => {
    // Redirect to selfServiceSessionUrl
  })
  .catch((error) => console.log(error));

Client Setup

Add a Button Directing to the Self Service Dashboard

To direct users to the self service dashboard, add a Button in your application's account management flow. When your users click this button, they'll be redirected to the Warrant-hosted Self Service Dashboard where they can manage their organization's roles and permissions.

<form action="/create-self-service-session" method="POST">
  <button type="submit">Manage Permissions</button>
</form>