One admin deleting/editing permissions of other admins should not be allowed

[pranay01]

Is your feature request related to a problem?

As of now one admin can delete/edit permission of other admins. This could potentially lead to issues with one admin revoking access for others

Describe the solution you'd like

there should be a concept of owner of an organization. Only owner should be allowed to delete other admins, edit their permissions

Describe alternatives you've considered

Additional context

Add any other context or screenshots about the feature request here.

Thank you for your feature request – we love each and every one!

[mariuskimmina]

Hey,

I'd like to give this a try. Feel free to assign me.

[pranay01]

Sure, can you first discuss the underlying logic as well and proposed solution before implementing?

[mariuskimmina]

Sure, I would try to split this into multiple PRs
Currently I am thinking of the following steps:

1. Create a new "Owner" Role
2. Enable the new Owner Role to count as an Admin - so Owner and Amin basically have the same rights
3. Add a check on that forbids deleting the owner entirely and forbid admins from deleting other admins
4. Put the user that is first created into the Owner group instead of the admin group

I am not yet sure what the migration for existing instances of signoz could look like

[pranay01]

@ankitnayan do take a look on the above proposal ☝️