Share via

Best way to implement dynamic permissions in a Node.js & React job application platform ussing Azure?

Javiera Osorio Mardones (Alumno) 20 Reputation points
2025-02-07T02:08:23.72+00:00

Hi, I’m new to Azure and currently developing a web application using Node.js for the backend and React for the frontend. The platform allows users to apply for job postings, and I need to implement a dynamic permission system that controls access based on different roles and actions.

For example, when a user applies for a job, they should gain additional permissions to interact with the company, such as uploading documents or scheduling an interview. Additionally, some job postings should only be visible to users with specific permissions. After submitting an application, users might gain access to different sections of the platform.

I need a way to assign and modify user permissions dynamically, without hardcoding them in the code. Currently, I’m managing it with a function to update permissions in the controllers and a user schema that contains the permissions. However, I’m not sure if this is the most optimal approach.

Are there any updated tools or libraries within Azure that can help make authentication and authorization more dynamic and flexible? Or is it better to manage permissions directly within the controllers and assign them individually to each user?

I would be very grateful for any advice or responses. Thanks :D

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,931 questions
Accepted answer
  1. Bhargavi Naragani 5,270 Reputation points Microsoft External Staff Moderator
    2025-02-11T07:15:16.4333333+00:00

    Hi @Javiera Osorio Mardones (Alumno),
    Welcome to the Microsoft Q&A Platform!
    It seems like you need a dynamic user permission management system that is simple to extend without hardcoding. Since your job application platform has users acquiring and losing permissions depending on what they do, your approach to updating permissions in controllers and maintaining them in the user schema works. This may, however, be difficult to manage as your platform expands. With the resources of Azure, you can easily develop this system and secure your platform.

    1. To have a more scalable and easier-to-manage permission system, adopt Role-Based Access Control (RBAC) via Azure Active Directory (Azure AD) or Azure AD B2C. This will allow you to dynamically define roles and assign them to users instead of hardcoding permissions.
      • Steps to Deploy RBAC: Register your application in the Azure portal.
      • Define roles like "Applicant," "Recruiter," or "Admin" in the app registration.
      • Assign them to users or groups as needed.
    2. Use libraries like @azure/msal-node for your Node.js Backend to authenticate and validate tokens. After a user is authenticated, Azure AD places the user's roles in the token's claims. Your backend can now authorize requests based on the roles.
    3. Use @azure/msal-react for your React Frontend to authenticate users and get tokens. Conditionally render elements or block access to parts of your app based on the roles in the token.
    4. For situations where permissions need to be renewed depending on what the user is performing (e.g., a job application), you can:
      • Update the user's Azure AD roles to include additional permissions.
      • Store custom permissions as Azure AD B2C custom attributes and include them with the token. Your application can then read these attributes to ascertain access levels.

    Microsoft Documentation for Reference:
    Use role-based access control in your Node.js web application
    Manage user access in Azure Active Directory B2C
    Roles and resource access control - Azure AD B2C

    Hope the above provided information help in better understanding and help you resolve the issue, if you have any further concerns or queries, please feel free to reach out to us.
    If the answer is helpful, please click Accept Answer and kindly upvote it so that other people who faces similar issue may get benefitted from it.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Javiera Osorio Mardones (Alumno) 20 Reputation points
    2025-02-20T12:31:11.94+00:00

    Thank you for your response and the detailed explanation. I appreciate the insights on managing permissions dynamically with Azure AD B2C.

    My project has changed slightly, and we are now using PostgreSQL, Azure Storage, and Redis alongside Azure AD B2C and Microsoft Graph API for authentication and authorization.

    I need to implement dynamic permissions without hardcoding roles in the application code. Since user permissions change based on their actions, I want to define and manage permissions dynamically at the user or group level without modifying the code every time.

    Could you guide me on the best approach to achieve this with Azure AD B2C and Microsoft Graph API? Specifically:

    1. How can I dynamically assign and update user permissions in Azure AD B2C without modifying the application code?
    2. Would it be better to store additional permissions in PostgreSQL and retrieve them dynamically instead of relying solely on Azure AD B2C?
    3. What is the recommended way to integrate Microsoft Graph API to manage roles dynamically?
    4. Would caching permissions with Redis improve authentication performance, and how should I implement it?

    I appreciate any guidance or documentation you can share to help me implement this system effectively.

    Thanks in advance for your support!

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.