Access Management


How to Assign and Unassign Users to Roles Using an API

To assign or unassign roles to a user, we can use ROQ's Node.js SDK API. For a step-by-step guide on how to accomplish this, please read this tutorial.

Filtering Data by Users

Depending on their user, roles and permission, users will have varying levels of access to different entities. ROQ offers access management that operates through a query plan that is computed based on the user's current permissions and the database tables. To understand how this provides access to different entities, check out this tutorial on filtering data by user roles.

How to Cache Query Plans

To make changes to user roles and permissions, you can use the ROQ Console. It's important to note that these changes will impact query plans and should be applied to both generated and custom applications. ROQ offers several methods for updating query plans, and you can find a tutorial on how to do so at how to cache query plans.

How to Protect API Routes

When using an application generated by ROQ, it's important to secure the API routes. This can be achieved by verifying the user's level of authorization or role-based access and permissions. For more information on how to secure the API routes, check out how to protect API routes tutorial.

How to Protect Application Pages

In the client-side generated application, we must implement security measures to ensure that only users with the appropriate access and permissions are authorized to access the pages. You can read How to protect application pages tutorial to learn more about protecting application pages.

How to Deactivate Access Management

When working on local development, it is possible to disable access management. This allows you to bypass any user permission settings, allowing users to act as super administrators. This can be particularly helpful during development. Please look into this documentation on how to skip authorization.