- Strapi Version: 3.4.4
- Operating System: Ubuntu 18.04
- Database: Mysql 8.0
- Node Version: 12.20.1
- NPM Version: 6.14.10
So basically I want my web app users to be able to create sub users with different permissions.
Imagine group A.
Group A user A-Master is created and they are in group A. I need A-Master to be able to create sub users in his own group without any of these group members having access to other groups users data.
For example - A-Master creates a sub user A-Primary. This user can do everything A-Master does - create, read, update, delete new users of the same group. Meaning, data from group B or C cannot be accessed.
A user called A-Admin can also be created, but they cannot create or delete users.
The way I thought I could do this is by adding another field called group in the Users Collection Type. However, any public user could just register as a user of that group and get access to their data, right?
Also users from group A could also request all the data from group B, because there is nothing stopping them from doing that in the back end. Like, how could I add permissions to users so that they can only request data from certain Collection Types that is of their group?
Or maybe there is a better way of doing this all together?