@quirin-sailer Hiya, you could also use entity management: https://fusionauth.io/docs/v1/tech/core-concepts/entity-management and represent the roles as permissions and grants. You'd create a company entity type with permissions like 'admin' or 'editor', add each company as an entity, and then individually manage the grants to the user.

Do note that entity management is not part of the community edition, but instead requires a paid license.

Alternatively, I think you could do this with many groups (you'd want to manage these via the API, probably). Users are assigned the roles for the groups they are in and the applications they are registered for.

You could create an admin group for each application, then an editor group for each application, then add a user to the admin group for application A and the editor group for application B, and register them for both applications. When they logged into A, they'd get admin, and when they logged into B, they'd get the editor role.

Does that work?

Groups would be a good solution. The group just allows you to assign the roles to the group instead of the user - and then the group membership allows you to inherit those roles (assuming the user is registered for the application whose roles belong to the group).