Skip to main content
Once you’ve created permissions and roles, you can assign them to your users. Laravel Permission provides flexible methods for managing user permissions both directly and through roles.
Your User model must use the HasRoles trait to access these methods.

Assigning Roles to Users

Users can have multiple roles, and roles determine what permissions users have.
Give one or more roles to a user:
use Spatie\Permission\Models\Role;

$user = User::find(1);

// Assign single role (string)
$user->assignRole('writer');

// Assign single role (Role model)
$role = Role::findByName('writer');
$user->assignRole($role);

// Assign multiple roles
$user->assignRole('writer', 'editor');
$user->assignRole(['writer', 'editor']);
If the user already has the role, it won’t be assigned again. The method is idempotent.

Assigning Direct Permissions to Users

Besides inheriting permissions through roles, users can also have direct permissions.
Grant permissions directly to a user:
$user = User::find(1);

// Single permission (string)
$user->givePermissionTo('edit articles');

// Multiple permissions
$user->givePermissionTo('edit articles', 'delete articles');
$user->givePermissionTo(['edit articles', 'delete articles']);

// Using Permission model
$permission = Permission::findByName('edit articles');
$user->givePermissionTo($permission);
Direct permissions are useful for granting special access to specific users without creating a new role.

Understanding Permission Sources

Users can have permissions from two sources:
1

Direct Permissions

Permissions assigned directly to the user:
// Get only direct permissions
$directPermissions = $user->permissions;
// or
$directPermissions = $user->getDirectPermissions();
2

Role Permissions

Permissions inherited from the user’s roles:
// Get permissions via roles
$rolePermissions = $user->getPermissionsViaRoles();
3

All Permissions

Combined permissions from both sources:
// Get all permissions (direct + via roles)
$allPermissions = $user->getAllPermissions();

Combining Roles and Direct Permissions

You can use both roles and direct permissions together: 
$user = User::find(1);

// Assign a base role
$user->assignRole('writer');
// Now user has: 'edit articles' (via role)

// Grant additional direct permission
$user->givePermissionTo('publish articles');
// Now user has: 'edit articles' (via role) + 'publish articles' (direct)
Best Practice: Use roles for standard permissions and direct permissions for exceptions.Example: All writers can edit articles (via role), but only some writers can publish (via direct permission).

Method Signatures

Here are the key method signatures from the HasRoles trait: 
public function assignRole(
    string|int|array|Role|Collection|BackedEnum ...$roles
): static
And from the HasPermissions trait: 
public function givePermissionTo(
    string|int|array|Permission|Collection|BackedEnum ...$permissions
): static

Assigning During User Creation

You can assign roles and permissions when creating users: 
$user = User::create([
    'name' => 'John Doe',
    'email' => '[email protected]',
    'password' => bcrypt('secret'),
]);

// Assign roles and permissions
$user->assignRole('writer');
$user->givePermissionTo('edit articles');
The user must be saved to the database before assigning roles or permissions. If you try to assign to an unsaved model, the assignments will be queued and applied when the model is saved.

Working with Multiple Guards

When using multiple authentication guards: 
// User with web guard
$webUser = User::find(1);
$webUser->assignRole('admin'); // Assigns web guard role

// API user with api guard
$apiUser = ApiUser::find(1);
$apiUser->assignRole('admin'); // Assigns api guard role

// Explicitly specify guard
$user->assignRole(Role::findByName('admin', 'api'));
Roles and permissions must match the user’s guard. You’ll get a GuardDoesNotMatch exception if they don’t match.

Bulk Assignment

Assign roles and permissions to multiple users: 
// Get multiple users
$users = User::whereIn('id', [1, 2, 3])->get();

// Assign same role to all
foreach ($users as $user) {
    $user->assignRole('writer');
}

// Or using query builder
User::whereIn('id', [1, 2, 3])
    ->each(fn($user) => $user->assignRole('writer'));

Event Handling

Laravel Permission fires events when roles and permissions are assigned: 
use Spatie\Permission\Events\RoleAttachedEvent;
use Spatie\Permission\Events\PermissionAttachedEvent;

// Listen for role assignments
Event::listen(RoleAttachedEvent::class, function ($event) {
    $model = $event->model; // The user
    $roleIds = $event->roleIds; // Array of role IDs
});

// Listen for permission assignments
Event::listen(PermissionAttachedEvent::class, function ($event) {
    $model = $event->model; // The user
    $permissionIds = $event->permissionIds; // Array of permission IDs
});
Events are only fired if permission.events_enabled is set to true in your config.

Common Patterns

Automatically assign a role to new users:
// In User model
protected static function booted()
{
    static::created(function ($user) {
        $user->assignRole('user');
    });
}
Change user roles based on actions:
public function promoteToEditor(User $user)
{
    $user->removeRole('writer');
    $user->assignRole('editor');
}

public function demoteToWriter(User $user)
{
    $user->removeRole('editor');
    $user->assignRole('writer');
}
Grant temporary additional permissions:
// Grant extra permission for specific task
$user->givePermissionTo('delete articles');

// Perform task
$article->delete();

// Revoke the permission
$user->revokePermissionTo('delete articles');

Next Steps

Checking Permissions

Learn how to check if users have permissions

Blade Directives

Use permissions in your Blade templates

Build docs developers (and LLMs) love

Get started for freeTalk to us