Feature flags or feature toggles work good with managing who can see what feature. The idea of this question is can we use the same feature flag tool to manage authorisation/user permissions.
For example, Can we use some feature flag tool to control access to an admin page? If no, what is the reason for not to use it?
Using Feature Flag’s for authorization is a good solution if you do not require a robust authorization system. Assuming you already know some information about the user you can then evaluate the Feature Flag for an attribute that you want to associate to the Admin Permission, such as email address or account id, and give the user access to the admin page of the app.
For example, using the DevCycle React SDK (https://docs.devcycle.com/docs/sdk/client-side-sdks/react) you can identify a user with an email address:
const variableKey = 'admin-permission'
const defaultValue = false
const featureVariable = useDVCVariable(variableKey, defaultValue)
const client = useDVCClient()
useEffect(() => {
const newUser = {
user_id: 1,
email: 'test@example.com',
}
if (client) {
client.identifyUser(newUser)
.then((variables) => {
console.log('Updated Variables:', variables)
})
}
}, [client]);
Then you can set up user targeting to return true for users who have example.com in their email address.
Architectural cavet:
Permissions are usually tightly coupled with the application's user administration system, so one would usually put it there, along with the ability for users to manage their own and other users’ permissions. Where using a Feature Flag for authentication is a good fix for the short term while you are building out the feature of permissions management in your app, I think architecturally it would be better to build this directly into your application or use a purpose build framework.
