I like what Ory is doing. I explored and read alot but I have a scenario for which I am unable to see whether it can be handled via Ory. -----Part-A----- I am building an SAAS App in which a user(Super-Admin) after signup can create multiple companies. Every company will have different teams. eg. marketing, operations, HR. Now, user(Super-Admin) will be able to be add more users to different teams. Also, When It comes to Roles: a. Super-Admin can manage Roles of all companies and teams, eg: Assign Team Admin for teams, and add Editors, and Viewers also at same time. b. Team Admin can manage Roles of their teams eg: add editor or viewers to their team. Options for Following Roles: a. Super-Admin b. Team-Admin c. Editors d. Viewer Its like a hierarchy with Roles in Company and Teams. Any suggestion, how can we achieve scenario like this in Ory? -----Part-B----- If in above platform, we also have a CLI app for team to do custom development in which user has to login with the credentials they used while signing up on website. Can we do this, like by issuing token etc, like user has to login in CLI using credentials used in Part-A and then do their work and then logout from CLI? Suggestion will be really helpful.

Part A: You can use Ory Kratos for the user authentication and self-service part and Ory Keto to implement roles and permissions. You can either selfhost those services or use them in Ory Cloud. For different example implementations check the documentation, and also the community contributed projects: https://www.ory.sh/docs/ecosystem/community/ Also check out factlys talk, could be related:

@User thanks for suggestions. How about Part-B ?

And for Part B, I suggest to take a look at Ory Oathkeeper. This article is a bit dated but on a high level it still can be useful: https://www.ory.sh/api-access-control-kubernetes-cloud-native/#ory-oathkeeper