Organizational Unit / Group in UserRoles Recipe

[Dan6erbond]

🚀 Feature

The recently released UserRoles recipe is great for managing user permissions on a large scale, but one missed opportunity to me seems to be the inclusion of groups and organizational units in the recipe as it would offer a similar functionality to LDAP per this doc:

LDAP is the Lightweight Directory Access Protocol. It's a hierarchical organization of Users, Groups, and Organisational Units - which are containers for users and groups. Every object has it's own unique path to it's place in the directory - called a Distinguished Name, or DN. For example, we might have the following DNs for a user and a group:

Currently I'm using the UserMetadata recipe to store user groups, as I don't care about organizational units at the moment. But my suggestion would be to have some default groups and units, which are assigned to all users, and allow the recipe to initialize roles, permissions, groups and units directly in the recipe init() function so that applications don't have to manage their own lifecycle.

Since the init() functionality does not allow me to setup roles and permissions, I have to make sure that my app runs a "create if not exists" logic every time it runs to set those up. Something that I believe should be the responsibility of the core SDK, especially with a multi-app setup.

Implementation details

(Please outline any details about how this feature would e implemented. If you don't know, you can just skip this section.)

[bert2002]

That would be a great feature :)