Module Builder access limitation

Question

Hello support, 
 
 i built an integration module for SUGAR. 
 By default when an admin installs the package on the SUGAR org, the permissions on the module will grant admin privileges over the module. 
 This means that a new user without any role, will have admin role over the module. 
 Is it possible to disable the access to the module by default in the manifest.php file ? 
 In this way when the admin install the package, no one will be able to access it, but the admin will need to create a role with admin privileges and associate it manually to all the users that can change it ? 
 
 Thx for your support.

Alessandro Casolla · Answer

It is possible to accomplish, but requires some JS and PHP coding: 
 Create a router for that module which will decide whether to grant access to the module, depending on attributes of authenticated user. 
 Create a custom CurrentUserApi which will load into user attributes a list of roles shared with the user and which grant access to the module. 
 From inside your custom router you will look at that new attribute @ user in order to decide whether to allow access accordingly.