The admin panel RBAC system has been updated
In Strapi 5, the content-manager_rbacManager, which is a section of Strapi's redux store for the admin panel, is removed and the regular permissions system is used instead. Additionally, the useRBAC hook is updated.
This page is part of the breaking changes database and provides information about the breaking change and additional instructions to migrate from Strapi v4 to Strapi 5.
| 🔌 Is this breaking change affecting plugins? | Yes |
|---|
| 🤖 Is this breaking change automatically handled by a codemod? | No |
|---|
Breaking change description
In Strapi v4
Permissions are handled with the content-manager_rbacManager section of the redux store, like in the following generic example:
const cmPermissions useSelector(state => state['content-manager_rbacManager'])
const { allowedActions } = useRBAC({
main: [{ action: 'admin::something.main', subject: null }]
})
const canMain = allowedActions.canMain
In Strapi 5
content-manager_rbacManager is removed and the regular permissions system is used instead, which implies the useRBAC hook is used differently, as in the following generic example:
const { allowedActions } = useRBAC([
{ action: 'admin::something.main', subject: null }
])
const canMain = allowedActions.canMain
Migration
This section regroups useful notes and procedures about the introduced breaking change.
Notes
- A new RBAC API is available and users can utilise a middleware system to interact with calls (see contributors documentation).
- Additional information can be found in the Contributors Documentation, in the Fetching permissions and Authentication sections.
Manual migration
Plugin developers that are hooking into the redux store to tweak RBAC permissions in Strapi v4 need to update their code according to the described changes.