+1 Instead of having users:add, users:edit, users:view and users:delete we
can have all of them under users:manage scope.
But when designing the scopes it not possible to consider all the business
functionalities so we can provide basic functionalities such as
users:manage, roles:view,
IMO, scopes for any application should be designed and implemented taking
the end-to-end business functionalities into account, rather than focussing
on different discrete pieces of small functional units such as UI, BE, etc.
For instance, if some user is authorized to "manage users", the
+Dev
For the UI
IMO, UI should have their own permissions. and they should be associated
with scopes
Such as
*UI Permission scopes*
manage_user users:add, users:edit, users:delete, users:view, roles:view
view_user users:view
These UI permissions can to be assigned from the