Hi everyone,
I’m building a SaaS with multiple subscription plans and I want to restrict access to certain pages and API endpoints based on the user’s plan. I was told that a “proper” way to do this is to have a users table, a roles table, and a permissions table ( I use Xano as a back-end).
Has anyone here implemented this kind of role/permission system for a SaaS and could share a simple schema or best practices, or point me to a good resource to follow?
Many thanks!
Hi,
You can create a few tables, such as Roles. Then you link the User’s table to the Roles table. This could be done ina number of ways, depending on your pricing model: roles, addons etc. Depending on what and how you are selling.
On user creation, you have a workflow to select/ link the role to the User.
Then on WeWeb, when you trigger workflows or page navigation etc , you query and check the user’s role. If correct, then you trigger the workflow; if not, then you may show a “You do not have access. Please upgrade“ etc.
This is a very simplistic explanation, but if you use the built-in help chat in weweb, combined with xano chat and claude/chatgpt, you can get there.