I would try to explain our desired product idea as clear as possible but feel free to ask further questions.
So, basically what we want to build is a SaaS product that will be used by multiple clients. For now, we're not interested in custom domains like (cust1.myproduct.com, cust2.myproduct.com) and we will simply be using one database to manage all customers' data. So far so good.
Our SaaS product will be sold to enterprise organizations which will then be used by their employees. So for any one customer organization, there are three types of roles that we would like to provide their users, as follows:
Admin: An organization's admin that should be able to do all the settings for that particular organization
Manager: An organization's manager that can manage the users that are under his/her team
Employee: A normal user with bare minimal permissions that can only manage his own data
Now, to provision customers for this SaaS product and to set their global settings (e.g. maximum allowed users, license type etc), we also plan to create an admin portal and APIs that will be used by our internal employees only. For this portal, we also want to define roles as follows:
Executives: All the senior executives of our company that will have the permissions to see sensitive data of customers
Sales: All of our sales team that have some basic permissions to provision customers
Engineering: All of our engineering team with permissions to see some basic information
So, to summarize, we want to create three different roles for our customer users and three different roles for our internal admin portal. Both the systems are different from each other and have different purposes. Also, the users of both the portals have different fields.
So far I have considered the following routes:
1- Define a user model and then inherit two different types of users from this user model such as ManagementUser and CustomerUser, define their own fields, create a role field in both which can have different multi-choice values according to their roles. Then simply create permissions such as IsCustomerUserAdmin, IsCustomerUserManager, IsCustomerUserEmployee for customers and similary IsManagementUserExecutive, IsManagementUserSales, IsManagementUserEngineer for admin users.
2- Use Django's internal groups system and create three different groups for customers and three different groups for admin users depending upon their roles and define their relevant permissions.
3- Completely segregate the two projects, each having their own Database. The admin project will apply changes on the DB of the customer project directly to provision any new customers or to change their roles.
Please let me know which of the above approach we should use and if there's any alternative that will better suit our use-case.
Thanks!
