Using Permissions vs RoleUsing Permissions vs Rolehttps://liferay.dev/en/c/message_boards/find_thread?p_l_id=119785333&threadId=1066804532024-03-28T19:55:40Z2024-03-28T19:55:40ZRE: Using Permissions vs RoleOlaf Kockhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1066847332018-04-16T06:15:33Z2018-04-16T06:15:33ZDon't forget that there might be even more to consider:<br /><br />Provided that your reports are site-aware (or organized by sites): You may limit access to them through membership in different sites. This will be runtime-extensible: Just create another site and stick the reports in there, exclusively for site members. <br /><br />Speaking about a custom portlet, permission checks might be fully implemented through business logic as well, no need for Permission Checker. <em>Sometimes</em> this is the simplest solution, while at other times it creates an immediate burden.<br /><br />I'm not saying that any of these is the way to go, just showing that there are more options. As David already hinted: Your option 2 will typically end up <em>a lot</em> more complex than a single call to <span style="font-family: Courier New">roleLocalService.hasUserRole(user, role)</span>.Olaf Kock2018-04-16T06:15:33ZRE: Using Permissions vs RoleDavid H Nebingerhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1066802452018-04-16T05:23:37Z2018-04-16T05:23:37ZThe purist way is definitely option #1.<br /><br />In fact, it is the only way if there is a mixture of different permission/role mappings (i.e. a report master role would have all permissions, but a department head role might only get reports for their dept).<br /><br />It will often seem easier to use and check for roles, but only on the surface. When you start "inheriting" roles because they are assigned to the org you're in or the team that you're connected to or ..., well those checks get unwieldy.<br /><br />But the permission checker, which checks access at a permission level, takes inheritance, etc into account out of the box.David H Nebinger2018-04-16T05:23:37ZUsing Permissions vs RoleMike Mhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1066804522018-04-15T21:41:25Z2018-04-15T21:41:25ZHello,<br /><br />I have a requirement where the user can view reports in a custom porlet based on the role/permissions he has.<br />There are 10 report types and a each report type has several reports. The role/permission should be applied at the report type level.<br />For example: If user A has a role to view report type 1, then user A should be able to view all the reports of the report type 1.<br /><br />Please suggest of which of the following two is the right approach.<br />1) Create a custom <strong>Permission </strong>to view the report type (ex: VIEW_REPORTTYPE1) and then create a role and then add this permission to the role and then assign the role to the user<br /> Write code to check if the user has the permission to view the report.(Using Permission Checker)<br /><br />2) Create a <strong>Role </strong>(ex: REPORTTYPE1) and assign the role to the User.<br />Write code to ch