DEV Community

Rodel Talampas
Rodel Talampas

Posted on

Authorisation using NodeJS, AzureAD and MongoDB (Part 1 - Design)

#node #azure #mongodb #programming

Application administrators use roles to group together permissions and assign them to individual users or groups of users. These permissions determine the actions that a user is able to take within a particular software. The roles that are assigned to a user depend on their tasks within the application itself. For instance, in a simple inventory application, users who are analysts might only need permissions to browse and download, but not to modify or change information. However, in an analyst group, a senior analyst may be granted full permissions to allow them to modify existing data or create/upload new inventory data.

In general, roles are used to make it easier to manage permissions by allowing administrators to assign a set of permissions to a user or group of users all at once, rather than having to assign individual permissions one at a time. This can make it more efficient to set up and manage access controls within an application.

A role is therefore defined as a collection of permissions that are grouped together and assigned to a user or group of users. A permission, on the other hand, is a specific action or set of actions that a user is allowed to take within a particular application.

I am designing an integration with AzureAD, and MongoDB collections using NodeJS. Roles/Groups will be created in AzureAD that will be synced in MongoDB for application usage. Each role will have its own permissions and Users can have one or more roles.

Data Definition

Permission Schema 

const permissionSchema = mongoose.Schema(
  {
    permission: {
        type: String,
        unique: true,
        required: true
    }
  }
  {
    timestamps: true,
  }
);

const Permission = mongoose.model('Permission', permissionSchema);
Enter fullscreen mode Exit fullscreen mode

Role Schema 

const roleSchema = mongoose.Schema(
  {
    role: {
        type: String,
        unique: true,
        required: true
    },
    permissions: [
      {
        permissionId: {
          type: mongoose.Schema.Types.ObjectId,
          ref: 'Permission',
        },
      },
    ]
  }
  {
    timestamps: true,
  }
);

const Role = mongoose.model('Role', roleSchema);
Enter fullscreen mode Exit fullscreen mode

User Schema 

const userSchema = mongoose.Schema(
  {
    firstName: {
      type: String,
      required: true,
    },
    lastName: {
      type: String,
      required: true,
    },
    phone: {
      type: String,
      required: true,
    },
    email: {
      type: String,
      required: true,
      unique: true,
      lowercase: true,
    },
    roles: [
      {
        roleId: {
          type: mongoose.Schema.Types.ObjectId,
          ref: 'Role',
        }
      },
    ],
  },
  {
    timestamps: true,
  }
);

const User = mongoose.model('User', userSchema);
Enter fullscreen mode Exit fullscreen mode

Management Process

Image description

Sync Process

Image description

On Load

Image description

Top comments (0)

Read next

parkerava profile image

Unlock 100s of Microservices in 5 Easy Steps with Spring Cloud Config & Kotlin!

Ava Parker -

dm8ry profile image

Python code that generates a stock price chart for the last n days.

Dmitry Romanoff -

testifytech profile image

How to run Selenium tests on Chrome using ChromeDriver?

Steve Wortham -

somadevtoo profile image

8 System Design Courses to learn Distributed System Architecture (2025)

Soma -