Skip to main content

Permissions Blueprint

A Permissions Blueprint is a schema representation of different types of resources that need to be protected, actions that can be taken on them, and roles.

There are 2 steps to doing this:

  1. Defining your Resource Types and the actions that can be taken on them
  2. Defining your Roles

Defining Resource Types & Actions#

A Resource Type represents the type of resource that needs to be protected - typically this is a table name or section of your platform.

You must also specify the actions that can be taken on the Resource Type, as well as attributes if you need column-level permissions.

drawing

Defining Roles#

A role is a grouping of permissions that can be granted to users/usersets. A role consists of a list of permissions - the resource IDs affected are determined by the OwnerId, and its corresponding ownership query. This ownership query is evaluated against your database to generate a list of IDs that the permissions applies to - these are implicit grants, as you're not specifying the IDs yourself, but rather the query to retrieve them.

Roles can be inherited, where a child role inherits permissions from the parent.

drawing