-
Notifications
You must be signed in to change notification settings - Fork 565
Users vs Employees
Please read the below information to avoid huge confusion between users and employees in the Gauzy.
- users are more like accounts, where we store the username, password, email, etc. It used mostly for Authentication / Authorization (access / permissions control, etc). Users connected to Organizations, but mostly to just detect to which organization the given user should have access and to which don't. It's great to think about users as someone who can login into Gauzy, but not an employee. For example a company owner (your boss 😉) or external accountant, etc.
- employees are users (one to one connection), who have more properties relevant for someone who works in the organization, e.g. salary, position, department, the organization where an employee working and so on. So for example, in Gauzy, Expenses also can be associated with employees (e.g. employee A need VS Professional license paid monthly). Same all properties related to how bonuses calculated/shared should be properties for employees (e.g. should employee bonus be anonymous or public etc). Employees can also login to Gauzy to see relevant information, for example how they bonus calculated, what equipment employee use, what is his/her salary and so on.
Please do NOT mix users/employees in your code! In 99% if you need to add property it's employee, not user! Same in 99% cases you need to use the relation between some domain entity table and Employee table, not User table!
During the onboarding process in Gauzy, a user signed up with the role of employee. Later, they created another organization within the same tenant, raising an important question:
- Question: If a user is associated with multiple organizations, how should their roles be managed across these organizations?
- Answer: A user can only have one unique role at the tenant level, not per organization. This means that their role is consistent across all organizations within the same tenant. For example, if a user is an Admin, they are an Admin for all organizations in that tenant.
A question was raised regarding the possibility of having multiple roles for a single user:
- Question: Why can't a user have multiple roles within a tenant, but for different organizations?
- Answer: Each user has a unique role at the tenant level. For example, if the user is a Super Admin in a tenant, they hold this role in all organizations within that tenant. Allowing multiple roles for the same user could lead to security concerns.
Another question was raised about managing employee records for users associated with multiple organizations:
- Question: If a user belongs to multiple organizations, should we create separate employee records for each organization?
- Answer: Yes. Each organization within a tenant can have its own employee record for a user. This allows for managing organization-specific settings, such as enabling or disabling time tracking.
It’s essential to understand the distinction between a user and an employee.
- Question: Can a single user have different roles in different organizations?
- Answer: A user has only one role at the tenant level. However, the user can have multiple employee records in different organizations within that tenant, with specific roles for each organization.
In some software platforms like Vendure or Hubstaff, a user can have multiple roles, prompting the following clarification:
- Response: It is clarified that, in Gauzy, a "RoleId" is defined in the users table. Currently, it is recommended to keep a simple model with a single role per user.
A detailed explanation is provided on how roles and employee records work in Gauzy:
An example is provided to illustrate how a user can have multiple employee records across different organizations in a single tenant, while being a Super Admin in another tenant:
- The user has the role of Employee in Tenant A, meaning they can only be an employee in Tenant A across any organization they are employed in.
- Tenant A contains 10 organizations.
- The user has an Employee A record in Organization A, an Employee B record in Organization B, and an Employee C record in Organization C.
- The user works in three organizations as an employee.
- The user does not have access to the other seven organizations in Tenant A.
- Additionally, the user may be a Super Admin in Tenant B, which may have five organizations. In some of these organizations, they may also have employee records (e.g., for time tracking), but in others, it may not be necessary.
- A user can be associated with multiple organizations within a tenant.
- Each organization in the same tenant can have a distinct employee record for the same user, with specific settings.
- Roles are primarily managed at the tenant level, not at the organization level, to maintain security and simplicity.
- The employee table stores organization-specific settings for each user where they are employed.