ARTICLE AD BOX
I am developing an application where a user can sign up. During sign up the user becomes the owner of the account. The user is also added to a default workspace. Afterwards he can add additional workspaces if he wants.
He can also add additional users (members) and assign them to a workspace.
A user (member) can belong to multiple workspaces. Each workspace can have their own projects, tasks. Within a workspace a user can add projects, tasks, if they have the necessary permissions.
Importantly each workspace can have their own administrator. The admin of a workspace has all the permissions in that workspace. A user can also be the admin of multiple workspaces.
The application has permissions and roles. A role is basically a collection of permissions. Roles are assigned to users. Users get permissions via their role(s). Permissions are not directly assigned to users.
What am struggling now with is how to identify a user as workspace administrator.
Should i create a role for example with name "Workspace admin" and assign to the user and anytime i want to know if a user is a workspace admin i will check if he has a role called "Workspace admin".
From some blog posts i read they suggests you can create administrators group and assign users to that group as well. So basically if a user belongs to that group then he an administrator.
In real world production environment how do they identify workspace admins?
