Configuring user permissions in Payload with the Simple RBAC plugin
We've created the simple Role-Based Access Control (RBAC) plugin to help new setups go a lot smoother for managing access control in Payload.
The plugin aims to remain simple and it won't provide deep grained control or complex and overlapping roles, skip to the end of the article where we explain how it works.
Quick setup
We'll show you how quickly you can add managed permissions to your Payload app.
Install the plugin
1yarn add @nouance/payload-simple-rbac
Add the configuration to payload using the provided starter roles
1import { buildConfig } from "payload/config";2import payloadSimpleRBAC, { starterRoles } from "@nouance/payload-simple-rbac";34const config = buildConfig({5 // ... rest of my config6 plugins: [7 payloadSimpleRBAC({8 roles: starterRoles,9 users: [Users.slug],10 defaultRole: "editor", // set a default11 collections: [12 {13 slug: Posts.slug,14 permissions: {15 read: "publishedOnly",16 update: "editor",17 create: "editor",18 delete: "manager",19 },20 },21 ],22 }),23 ],24});2526export default config;
And that's it! You now have RBAC implemented. You will now find a role field present on the users you've added to the configuration, make sure you assign them the desired roles.
We'll explain how it works and how to extend the configuration in order for you to take full advantage of it.
How it works
Role priority
The array of roles sets the priority of them as well and use their index to determine which role can override certain permissions.
Permission overrides
For each permission, we override the target collection's configuration just for that permission. This means that if you don't configure any one particular permission such as read
or update
it will default to your initial configuration or Payload's.
You can find out more about how Payload's access hooks work here.
Preconfigured permissions
public
and publishedOnly
are preconfigured permissions that we can use to provide additional common functionality such as allowing the access fully public or limiting it to published content only.
Configuration
We've exposed some configuration to help you integrate this plugin meaningfully for your needs.
roles
is fully configurable with your own custom array of rolesdefaultRole
allows you to set what the value should be initially
Stable release
We're still testing this plugin and trying to manage the sweet spot of not over-engineering as well as making it useful for our clients and the rest of the community so we appreciate all the feedback we can get over at our GitHub page.
There are still developments in the works of things we want to release and polish and if you want to stay up to date with our journey follow us on Twitter.