Roles

🚧 Stub. This page is a placeholder. The Roles API (/v1/roles, /v1/roles/{id}) and the permission catalog (/v1/permissions, /v1/me/permissions) shipped recently and the docs haven't been written yet. Track Roles in the API reference for the live shape until this page is filled in.

What this page will cover

• The permission catalog - what org.role.read, customer.write, etc. actually gate
• Creating a custom role with a subset of permissions
• The built-in roles (admin, billing operator, finance reviewer, developer, viewer)
• Assigning roles to members (Members)
• How /me/permissions resolves the caller's effective permission set
• Permission semantics for API keys (the "all-assignable" bundle) vs Keycloak sessions

Endpoints

• All Roles endpoints
• Authorization catalog - /v1/permissions
• Me - /v1/me/permissions for the caller's resolved set

Related

• Members - assign roles to people in the organization
• Authentication - how API keys and sessions resolve to a permission set