Overview

In the Enterprise Stack, each operation is associated with a specific permission, providing granular access control across different levels of the system. Permissions can be:

  • Creating a key
  • Creating a Decentralized Identifier (DID)
  • Deleting an API key
  • Updating tenant configuration

Permission Scope

Nex to the permission itself, there is the level to which the permission should be applied (the scope). For example, a permission could be applied on an organizational or a tenant level thereby granting the permission on all sub-resources of that organization or tenant. The assignment of the level happens during role creation. Roles are the way permissions get assigned to API-Keys or Accounts.

Revoking Permissions & Wildcards

Also, next to granting permissions, permissions can also be revoked. This is particulary useful when using a wildcard permission. A wildcard permission like ALL enables a user to do all operations under the specified scope (e.g. Organization or Tenant). Therefore, revoking a particular permission could be used to decrease the amount of actions a user can perform.

WebOverview