Overview
The RBAC API provides functionality for managing:
- Access control
- Permissions
- Role management
- Record-level security
- Audit logging
Core Concepts
Permission Types
| Type | Description | Format |
|---|
user | User-specific | UUID |
role | Role-based | UUID |
Inheritance Rules
| Source | Target | Behavior | Scope |
|---|
| Role | User | Inherit all | Global |
| Admin | All | Full access | System |
Permission Flags
| Flag | Value | Description |
|---|
C | Create | |
R | Read | |
U | Update | |
D | Delete | |
A | All records | Filtering of individual records is not applied |
Role Assignment
| Type | Behavior | Example |
|---|
| Single role | Direct permissions | User → Admin |
| Multiple roles | Cumulative permissions | User → Admin + Editor |
| Conflicting roles | Most permissive wins | Read-only + Write = Write access |
Permission Resolution
When a user has multiple roles, their effective permissions are:
- Combined permissions from all assigned roles
- Direct user permissions override role permissions
- Most permissive permission takes precedence
A flag overrides record-level filtering
See individual endpoint documentation for detailed request/response formats and examples.
