Roles
A Role groups together a set of permissions. Roles can be assigned to one or more User Groups and each Role can have one or more Permissions.
Permissions define granular API-level access control, such as being able to list all the users, being able to send email, etc.
The permissions of the role will be populated in the authenticated User’s Bearer tokens under the scope claim. The scope claim will then be verified by the service receiving a request. Roles are used to group low-level Permissions into reusable mappings.
Components of a Role
| Field | Description | Example |
|---|---|---|
| Application | The name of the client application | My App Name , my-app-client-id |
| Name of Role | The name of this role | My Sample Role |
| Client Role | A selector for whether or not this is a client role | |
| Description | The description of this role | This Role is for XYZ |
| Permissions | The scopes for this role | auth.clients.list |
| User Groups | The users groups associated with this role | My User Group |
| Namespace | The namespace | default |