Hi everyone,
I’m building a SaaS with multiple subscription plans and I want to restrict access to certain pages and API endpoints based on the user’s plan. I was told that a “proper” way to do this is to have a users table, a roles table, and a permissions table.
Has anyone here implemented this kind of role/permission system for a SaaS and could share a simple schema or best practices, or point me to a good resource to follow?
Many thanks!