I'm building a Site Administration Module in NixMash Spring and starting with User and Role Management. (For the sake of this post I'll be using the term “Roles” for “Authorities.”) To prevent bad things happening when essential roles like ROLE_ADMIN and ROLE_USER are accidentally deleted I added Role Locking. Here are the design basics.
First our Roles List, nestled in a Dandelion Datatable. We can add, modify and remove roles. Any roles removed are first automatically unassigned from any users before they are removed.
Like I said, we don't want to mess with these two essential roles, so they are locked with a database bit and a new isLocked model property. Here is the updated Authority table schema.
With the new property we can check on the Role's isLocked status and return a Feedback Message at (1) below.
And return it to the page.
As you've noticed, I haven't yet added the ability to lock/unlock a Role in the UI, but will probably do that at some point.