[akajla]

Building and maintaining UIs for RBAC and org management (including self-service, user-facing UIs) isn't trivial. That's why we built it into Warrant. We handle basic authz schemes like RBAC as well as fine-grained authz: https://blog.warrant.dev/introducing-the-self-service-dashbo...

[sebmellen]

We’ve found one of the biggest issue with RBAC services to be the integrations with our tech stack. Building the RBAC system ourselves helped it be congruent with our stack.

[mooreds]

That's cool. FusionAuth has a self service function: https://fusionauth.io/docs/v1/tech/account-management/ but it is limited to user profile data, rather than roles and permissions.

How do you prevent a user from assigning themselves roles they shouldn't? Is there some kind of cage preventing escalation?

[akajla]

The self-service dashboard is scoped only to privileged users (typically account/tenant-specific admins like IT admins) that have a specific permission.