Users and Permissions Plugin: How to assign multiple roles to single end-user

How to assign multiple roles to a single user for the end-users?
As of now, we can assign multiple roles to a single user for the admin user management. However, for the end-users, in Strapi V4, there isn’t a way to assign multiple roles to a single user. Can this be configured somewhere?

You can find the schema.json of ‘users-permissions’ plugin at path src/extensions/users-permissions/content-types/user. the you can modify the user-role relation to ‘manyToMany’

"role": {
      "type": "relation",
      "relation": "manyToMany",
      "target": "plugin::users-permissions.role",
      "inversedBy": "users",
      "configurable": false

and save, waiting server restart. then you can add a user to many role.
Though you can modify it, I think it is hard to manage the relationship between manyToMany, it will be a mussy maybe.
Add a new field to manage the permission maybe better I think.

1 Like

I’m interested in this topic as well.

How would the above “manyToMany” customization handle conflicting permissions? For example, given a Role B permission is allowed, and Role A permission is not. Which takes precedence?

Let’s assume there’s some kind of priority. So if you consider an example priority like this: “Role C, Role A, Role B”… then in the same scenario above Role A’s permission overrides Role B’s.

In addition to all of this, I’m interested in integrating limits to access control as well. Count limit, rate limit, etc. So, for example “Only allow if they have less than X posts” or “Only allow if they under the threshold of 100 in the past hour”. As well the ability to add exceptions, like “For user X, allow unlimited posts”. These things are outside of the scope here, but… they must wrap the API. Presumably this would be a custom plugin from-scratch.