☒ i was thinking to extend/upgrade the permissions being not "linked" directly to a user but to a "user-profile" ... something like: "user.profile.permissions" have you did this before ? any suggestion ?
☒ Technically yes. However, since these permissions are highly derivative based on the application code, it doesn't make much sense to have it in the database. For example, if you add a new attribute to a user model, there will be a database change for sure, but also there will be application code change to consume this new attribute. It makes sense to keep the permission list with the code since that's where it is ultimately tied to.