Role Assignment Service
Component Detail
Service Layer
medium complexity
backend
0
Dependencies
0
Dependents
3
Entities
0
Integrations
Description
Backend service that mediates all role assignment, change, and revocation operations for existing users. Enforces access-boundary rules so privilege escalations such as promoting a Peer Mentor to Global Admin are rejected, and supports valid multi-role combinations like Coordinator plus Peer Mentor.
role-assignment-service
Sources & reasoning
Source lists Role Assignment as an explicit feature of admin-user-management and ties role-based access to the four-role model. MVP scope for admin explicitly includes rolletildeling (role assignment).
-
docs/source/likeperson.md · line 374admin-user-management | User Management | User CRUD, Role Assignment, Bulk Actions
-
docs/source/likeperson.md · line 189-1934 defined user roles: Peer Mentor (Likeperson), Coordinator, Organization Administrator (Org Admin), Global Administrator
-
docs/source/likeperson.md · line 244-247Brukeradministrasjon (invitere, deaktivere, rolletildeling)
Responsibilities
- Validate role transitions against access-boundary and privilege-escalation rules
- Persist role assignments and revocations atomically against the user record
- Support multi-role memberships where the combination is permitted
- Emit audit events for every role change with actor, target user, and old/new roles
- Reject unauthorized callers and surface clear validation errors to the UI
Interfaces
assignRole(userId, roleId, actorId): AssignmentResult
revokeRole(userId, roleId, actorId): RevocationResult
getRolesForUser(userId): RoleMembership[]
validateTransition(userId, fromRoles, toRoles): ValidationResult
Related Data Entities (3)
Data entities managed by this component