Activity-based authorization for page & menu visibility (on top of roles)

[Bhushan02-dot]

Hello @sbwalker , @leigh-pointer ,
Oqtane provides excellent built-in support for role-based security for pages, modules, and menus.
In my project, I need to introduce an additional abstraction layer called Activity, and I’m looking for guidance on the best Oqtane-aligned implementation.

Use Case / Requirement
I want to manage access using a custom Activity concept stored in my own table, for example:
ActivityId
ActivityName
Status
Roles (collection of roles)
Remarks
CreatedBy
ReportAccess
Behavior:

• An Activity can be associated with multiple roles

• When a user is assigned to an Activity:

  • The user should automatically inherit all roles linked to that Activity

• Page and module access will still use standard Oqtane role-based permissions

• Additionally:

  • Pages and menus should be shown/hidden based on Activity
    

  • Menu visibility should reflect Activity access, not just role access
    

[leigh-pointer]

Read this, it is fundimental

roles-vs-permissions-oqtane