Permissions Blueprint
A Permissions Blueprint is a schema representation of different types of resources that need to be protected, actions that can be taken on them, and roles.
There are 2 steps to doing this:
- Defining your Resource Types and the actions that can be taken on them
- Defining your Roles
#
Defining Resource Types & ActionsA Resource Type represents the type of resource that needs to be protected - typically this is a table name or section of your platform.
You must also specify the actions that can be taken on the Resource Type, as well as attributes if you need column-level permissions.

#
Defining RolesA role is a grouping of permissions that can be granted to users/usersets. A role consists of a list of permissions - the resource IDs affected are determined by the OwnerId
, and its corresponding ownership query
. This ownership query
is evaluated against your database to generate a list of IDs that the permissions applies to - these are implicit grants, as you're not specifying the IDs yourself, but rather the query to retrieve them.
Roles can be inherited, where a child role inherits permissions from the parent.
