Feature Request - Roles & Permissions Management #116
Description
Roles & Permissions Management
Description:
I’d like to request a new feature in Faction: the ability to create custom roles with specific permissions for each function/module under the Admin sub-menu.
Use-case:
In multi-tenant or team environments (such as my consulting business), we often have:
- Junior testers who can view and add findings but cannot edit report templates
- Senior pentesters who should access to all assessments data, creation/editing/deletion of findings, reports, dashboards, etc.
- Project Manager / Team Leader who have the same privileges as Senior Pentester plus access to team metrics and performance dashboards for their team.
- Reviewers who can approve assessments but not delete them
Having predefined roles is good, but being able to create a custom role, select permissions (create, read, update, delete) for each functional area would greatly improve control, security, and governance.
Proposed Implementation:
- Under Admin → Roles, add a “Roles” section where you can:
- Create a role name (e.g., “Junior Tester”, “Project Manager”)
- Check/uncheck permissions for modules.
- In the Assessments/Reports UI, when assigning users to a team, you choose a role per user or per team.
- On the backend, extend the permission check middleware to evaluate the new role permissions.
Benefits:
- Enhanced role-based access control (RBAC)
- Better suitability for consulting firms, multi-client setups, or internal enterprise teams
- Reduces risk of accidental template modification, report deletion, or unauthorized exports
Happy to provide mock-ups or collaborate if useful. Thanks for considering this feature!