Self-Service Role Configuration

A pattern that we at Frontegg have noticed is that it doesn’t take too long for customers to grow beyond the roles that come out-of-the-box with most identity providers. Go ahead and look at some SaaS pricing plans and you’re likely to see that custom roles are listed as a feature of the plan. This is considered a paid feature because of the time it can take to coordinate with clients and create a suite of custom roles that more closely resemble the customer’s actual access patterns. Custom roles become critical as your user base expands and diversifies, ultimately requiring more nuanced access controls than a cookie-cutter approach could ever achieve. Recognizing this need, Frontegg has introduced the Self-Service Roles feature. This was designed to empower developers and their clients with the flexibility to define and manage custom roles directly, reducing dependency on your support teams and accelerating the customization process.

Why Self-Service Roles Matter

Custom roles are not just a luxury, they’re a necessity for many growing SaaS platforms. They allow for granular access control, ensuring that suers have exactly the permissions they need – no more, no less. This precision not only enhances security by adhering to the principle of least privilege but also improves user satisfaction by tailoring the user experience on an individual level. No more generic roles that don’t satisfy the needs of your clients or leave you questioning if a role is both permissive enough but doesn’t grant the user too much control.

The traditional process of defining these roles can be cumbersome, often requiring back-and-forth communication between clients and the service provider. This not only slows down the deployment for the client but also increases overhead costs for clients and service providers alike. Frontegg’s Self-Service Roles feature addresses this bottleneck by handing the reins over to the clients themselves, enabling them to define and manage custom roles as their business requirements evolve.

How to Implement Self-Service Roles

To get started, just head to your Frontegg account. First, you will want to enable roles in the admin portal builder. Then, select the environment you want to configure then navigate to Entitlements > Permissions. The user will now see that permissions have three classifications: assignable, always , and never .

“Assignable” means that the role is able to be assigned in the roles configuration tab of the admin portal.

“Always” means that any role created in the admin portal will include this role.

"Never” simply means that the particular role is not eligible to be assigned in the admin portal.

Any of the permissions that you see in the Frontegg dashboard can be toggle between these classifications depending on your needs. Once you have configured these permissions to show up in the admin portal as you see fit, you can then begin assigning them to users. If you filter permissions by the keyword roles , you will be presented with the permissions that need to be assigned to a user in order for them to be able to create, update, and remove roles.

From here, you can delegate the roles set of permissions to any user to enable them to edit the roles associated with their account. When they navigate to the admin portal on your application, they will see a new tab called Roles where they will be able to view and configure roles for their account.