Almost every application will need to control who can do what - and a good way to solve for this is "roles"! Often this is referred to as role-based access control (RBAC). An ‘admin’ is a role, for instance, and so is a ‘moderator’. Roles map very nicely to how we talk about our systems.
To celebrate a new release of Oso, our open-source authorization library, this blog post demonstrates a few ways of modeling role-based access control in Python and SQLAlchemy. It has complex examples to provide you with the building blocks for adding RBAC to your app and are written in a multi-tenant production system.
If this is an area you’re exploring, we encourage you to join the community of developers in the Oso Slack! Our core engineering team is also in Slack and is happy to engage and answer your questions.