Skip to content

Cannot share roles across multiple Channels in Multi-Vendor setups #3779

New issue
New issue
Open
Open
Cannot share roles across multiple Channels in Multi-Vendor setups#3779
Labels
@vendure/core@vendure/dashboarddx 💙Quality of life improvements for developers
Milestone
v3.6.0
@dlhck

Description

@dlhck
dlhck
opened on Aug 26, 2025

Problem Description

In the current Vendure architecture, roles are tightly coupled with channel assignments, making it impossible to share role definitions across multiple channels in multi-vendor marketplace scenarios. This creates significant administrative overhead and limitations for marketplace operators.

Current Behavior

  • Each role contains both permissions AND the channels where those permissions apply
  • Users are assigned roles directly, which means they inherit both the permissions and channel access from those roles
  • In a multi-vendor setup, if vendors need the same permissions (e.g., "Product Manager", "Order Fulfillment"), separate roles must be created for each vendor's channel
  • This leads to role proliferation (e.g., "VendorA_ProductManager", "VendorB_ProductManager", etc.)

Impact

This limitation causes several problems:

  1. Role Management Overhead: Marketplace operators must create and maintain duplicate roles for each vendor/channel
  2. Lack of Isolation: When users share roles, they can potentially see each other's channels, breaking vendor isolation
  3. Scalability Issues: As the number of vendors grows, the number of roles grows multiplicatively
  4. Maintenance Complexity: Updating permissions requires changes across multiple duplicate roles

Expected Behavior

  • Roles should define permissions independently of channel assignments
  • Users should be able to have the same role applied to different channels
  • Vendors should be able to share role definitions without seeing each other's data
  • Channel-specific permissions should be managed through a separate association

Use Case Example

A marketplace with 50 vendors where each vendor needs:

  • Product Manager role
  • Order Fulfillment role
  • Customer Service role

Current approach requires: 50 × 3 = 150 separate role definitions
Desired approach: 3 shared role definitions, with channel-specific assignments

Proposed Solution

Introduce a bridge entity (ChannelRole) that associates Users, Roles, and Channels separately, allowing:

  • Shared role definitions across the marketplace
  • Channel-specific permission assignments
  • Proper vendor isolation while maintaining role consistency
  • Simplified role management at scale

This would enable marketplace operators to define roles once and assign them to users on a per-channel basis, significantly reducing complexity in multi-vendor scenarios.

The PR #3222 introduces a PoC.

This is a summary of dev interviews and conversation in the issue #3095

Metadata

Metadata

Assignees

No one assigned

    Labels

    @vendure/core@vendure/dashboarddx 💙Quality of life improvements for developers

    Type

    No type

    Projects

    Vendure OS Roadmap

    Status

    📅 Planned

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions