Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

abdul-kaeum's avatar

RBAC: Users with teams with roles with permissions

Greetings fellow Laracasters,

After watching ACL in Laravel: Roles and Permissions, I wanted to ask if it was possible to achieve the below?

A USER can belong to one or more TEAMS.

For each TEAM they belong to, they can belong to one or more ROLES.

Each of those ROLES can then have its own permissions.

Essentially the same as https://laracasts.com/series/whats-new-in-laravel-5-1/episodes/16 but with teams table.

In the end, I'd like to query the database to show the teams and roles within each team for a given user.

I was thinking:

Users

Teams

Roles

Permissions

then 3 pivot tables (many-to-many):

team_user [team_id, user_id]

team_role [team_id, role_id]

permission_role [role_id, permission_id]

Can it be done?

Should it be done?

Thanks in advanced

0 likes
8 replies
Sherif_Tarek's avatar

Definitely the way you designed it is a right approach for doing it.

If you want to take it further you can use polymorphic relationships and allow assigning the roles to both the users and the teams using the same pivot table, it's structure would be something like this:

roleables [role_id, roleable_id, roleable_type]

If you're not aware of the polymorphic relationships, don't worry the way you have designed it is a good one, and actually could be the best if you have no need for the polymorphic relationship.

1 like
jlrdw's avatar

You need role_team. But then would, for example, Bobby have the same permissions on team A that he has on team K? To me it's easier using a prefix with roles. I would still suggest normal authentication usage and apply authorization to determine what a role can or cannot do.

The team concept to me seems to be redundant when laravel already has authentication and authorization.

But just my opinion.

1 like
abdul-kaeum's avatar

@jlrdw Thank you.

Yes, Bobby could potentially end up as you suggest.

I am intrigued with how you would implement the prefix idea you suggest? sounds like a neat trick.

1 like
Snapey's avatar

@abdul-kaeum you can use teams with spatie permissions, without spatie permissions, you would want to have a team scope column on every role so that you only get roles applicable to the current team

1 like
abdul-kaeum's avatar

@Snapey Thanks,

When you refer to team scope column, are you referring to my role_team pivot table, or have I misunderstood? Yes, seems like Spatie is where everyone is turning toward to when incorporating teams.

Snapey's avatar

@abdul-kaeum no i meant a team_id column on the roles table. yes every role might be duplicated in other teams

1 like
Sherif_Tarek's avatar

@abdul-kaeum If this question solves your problem, please mark the correct answer so we know it's been solved.

1 like

Please or to participate in this conversation.