Skip to main content

Permissions Blueprint

A Permissions Blueprint is a schema representation of different types of resources that need to be protected, actions that can be taken on them, and roles.

There are 2 steps to doing this:

  1. Defining your Resource Types and the actions that can be taken on them
  2. Defining your Roles

Defining Resource Types & Actions#

A Resource Type represents the type of resource that needs to be protected - typically this is a table name or section of your platform.

You must also specify the actions that can be taken on the Resource Type, as well as attributes if you need column-level permissions.

drawing

Defining Roles#

A Role is a grouping of permissions that can be granted to users/usersets, for a particular object(s). A role consists of a list of action-resourceType pairs, which describes actions that can be taken on the specified Resource Type - notice this does not specify which object ID!

Roles can be inherited, where a child role inherits permissions from the parent.

drawing