ARTICLE AD BOX
I am building an admin dashboard using Node.js, Express, and MongoDB, and I want to implement a scalable and secure roles/permissions system.
Currently, I have different user types such as Admin, Doctor, Patient, and Pharmacist. Some users should have full access, while others should only access specific pages or APIs.
I want to know the best practice for handling:
Roles and permissions structure
Dynamic permission management
Route/API protection
Dashboard menu visibility based on permissions
Scalability for future roles and features
Should I use:
Role-Based Access Control (RBAC)?
Permission-Based Access Control?
A combination of both?
Also, how should permissions typically be stored in MongoDB for large-scale applications?
I would appreciate examples or architecture recommendations from real projects
