> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Policy

> Get the active RBAC Policy for the current Stytch Project.

An RBAC Policy is the canonical document that stores all defined [Resources](./resource-object), [Roles](./role-object), and [Scopes](./scope-object).  This represents your RBAC permissioning model.

When using the backend SDKs, the RBAC Policy will be cached to allow for local evaluations, eliminating the need for an extra request to Stytch. The policy will be refreshed if an authorization check is requested and the RBAC policy was last updated more than 5 minutes ago.

Resources, Roles, and Scopes can be created and managed in the [Stytch Dashboard](https://stytch.com/dashboard/rbac).

Learn more about checking and enforcing permissions in the [RBAC guide](/multi-tenant-auth/enterprise-ready/rbac).


## OpenAPI

````yaml GET /v1/b2b/rbac/policy
openapi: 3.0.3
info:
  title: Stytch API
  description: The Stytch API provides endpoints for authentication and user management.
  version: 2.1.1
  contact:
    name: Stytch Support
    url: https://stytch.com/docs
    email: support@stytch.com
servers:
  - url: https://api.stytch.com
    description: Production server
  - url: https://test.stytch.com
    description: Test server
security:
  - basicAuth: []
paths:
  /v1/b2b/rbac/policy:
    get:
      tags:
        - B2B Rbac
      summary: Policy
      description: >-
        Get the active RBAC Policy for your current Stytch Project. An RBAC
        Policy is the canonical document that stores all defined Resources and
        Roles within your RBAC permissioning model.


        When using the backend SDKs, the RBAC Policy will be cached to allow for
        local evaluations, eliminating the need for an extra request to Stytch.
        The policy will be refreshed if an authorization check is requested and
        the RBAC policy was last updated more than 5 minutes ago.


        Resources and Roles can be created and managed within the [RBAC
        page](https://stytch.com/dashboard/rbac) in the Dashboard.

        Additionally, [Role
        assignment](https://stytch.com/docs/b2b/guides/rbac/role-assignment) can
        be programmatically managed through certain Stytch API endpoints.


        Check out the [RBAC
        overview](https://stytch.com/docs/b2b/guides/rbac/overview) to learn
        more about Stytch's RBAC permissioning model.
      operationId: api_b2b_rbac_v1_Policy
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/api_b2b_rbac_v1_PolicyResponse'
        '400':
          description: Bad request
        '401':
          description: Unauthorized
          content:
            application/json:
              example:
                status_code: 401
                request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141
                error_type: unauthorized_credentials
                error_message: Unauthorized credentials.
                error_url: https://stytch.com/docs/api/errors/401
        '429':
          description: Too Many Requests
          content:
            application/json:
              example:
                status_code: 429
                request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141
                error_type: too_many_requests
                error_message: Too many requests have been made.
                error_url: https://stytch.com/docs/api/errors/429
        '500':
          description: Internal server error
          content:
            application/json:
              example:
                status_code: 500
                request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141
                error_type: internal_server_error
                error_message: >-
                  Oops, something seems to have gone wrong, please reach out to
                  support@stytch.com to let us know what went wrong.
                error_url: https://stytch.com/docs/api/errors/500
      x-code-samples:
        - lang: csharp
          label: C#
          source: |-
            // GET /v1/b2b/rbac/policy
            const stytch = require('stytch');

            const client = new stytch.B2BClient({
              project_id: '${projectId}',
              secret: '${secret}',
            });

            const params = {
            };

            client.RBAC.Policy(params)
              .then(resp => { console.log(resp) })
              .catch(err => { console.log(err) });
        - lang: go
          label: Go
          source: "// GET /v1/b2b/rbac/policy\npackage main\n\nimport (\n\t\"context\"\n\t\"log\"\n\n\t\"github.com/stytchauth/stytch-go/v18/stytch/b2b/b2bstytchapi\"\n\t\"github.com/stytchauth/stytch-go/v18/stytch/b2b/rbac\"\n)\n\nfunc main() {\n\tclient, err := b2bstytchapi.NewClient(\n\t\t\"${projectId}\",\n\t\t\"${secret}\",\n\t)\n\tif err != nil {\n\t\tlog.Fatalf(\"error instantiating client: %v\", err)\n\t}\n\n\tparams := &rbac.PolicyParams{}\n\n\tresp, err := client.RBAC.Policy(context.Background(), params)\n\tif err != nil {\n\t\tlog.Fatalf(\"error in method call: %v\", err)\n\t}\n\n\tlog.Println(resp)\n}\n"
        - lang: java
          label: Java
          source: |-
            // GET /v1/b2b/rbac/policy
            package com.example;

            import com.stytch.java.b2b.models.rbac.PolicyRequest;
            import com.stytch.java.b2b.StytchB2BClient;
            import com.stytch.java.common.StytchResult;

            public class Main {
                public static void main(String[] args) {
                    StytchB2BClient.configure("${projectId}", "${secret}");

                    PolicyRequest params = new PolicyRequest();

                    Object result = StytchB2BClient.getRBAC().policy(params);
                    if (result instanceof StytchResult.Success) {
                      System.out.println(((StytchResult.Success) result).getValue());
                    } else {
                      System.out.println(((StytchResult.Error) result).getException());
                    }
                }
            }
        - lang: kotlin
          label: Kotlin
          source: |
            // GET /v1/b2b/rbac/policy
            package com.example

            import com.stytch.java.b2b.StytchB2BClient
            import com.stytch.java.b2b.models.rbac.PolicyRequest

            fun main() {
                StytchB2BClient.configure(
                    projectId = "${projectId}",
                    secret = "${secret}",
                )

                when (
                    val result =
                        StytchB2BClient.rbac.policy(
                            PolicyRequest(),
                        )
                ) {
                    is StytchResult.Success -> println(result.value)
                    is StytchResult.Error -> println(result.exception)
                }
            }
        - lang: javascript
          label: Node.js
          source: |-
            // GET /v1/b2b/rbac/policy
            const stytch = require('stytch');

            const client = new stytch.B2BClient({
              project_id: '${projectId}',
              secret: '${secret}',
            });

            const params = {
            };

            client.rbac.policy(params)
              .then(resp => { console.log(resp) })
              .catch(err => { console.log(err) });
        - lang: php
          label: PHP
          source: |-
            $response = $client->rbac->policy([
            ]);
        - lang: python
          label: Python
          source: |
            # GET /v1/b2b/rbac/policy
            from stytch import B2BClient

            client = B2BClient(
                project_id="${projectId}",
                secret="${secret}",
            )

            resp = client.rbac.policy()

            print(resp)
        - lang: ruby
          label: Ruby
          source: |-
            # frozen_string_literal: true

            # GET /v1/b2b/rbac/policy
            require 'stytch'

            client = StytchB2B::Client.new(
              project_id: "${projectId}",
              secret: "${secret}"
            )

            resp = client.rbac.policy(
              
            )

            puts resp
        - lang: rust
          label: Rust
          source: |-
            // GET /v1/b2b/rbac/policy
            use stytch::b2b::client::Client;
            use stytch::b2b::rbac::PolicyRequest;

            fn main() {
                let client = Client::new("${projectId}", "${secret}").unwrap();
                let resp = client.rbac.policy(
                    PolicyRequest{
                        ..Default::default()
                    }
                ).await;
                println!("The response is {:?}", resp);
            }
        - lang: bash
          label: cURL
          source: |-
            # GET /v1/b2b/rbac/policy
            curl --request GET \
              --url https://test.stytch.com/v1/b2b/rbac/policy \
              -u '${projectId}:${secret}' \
              -H 'Content-Type: application/json'
components:
  schemas:
    api_b2b_rbac_v1_PolicyResponse:
      type: object
      properties:
        request_id:
          type: string
          description: >-
            Globally unique UUID that is returned with every API call. This
            value is important to log for debugging purposes; we may ask for
            this value to help identify a specific API call when helping you
            debug an issue.
        status_code:
          type: integer
          format: int32
          description: >-
            The HTTP status code of the response. Stytch follows standard HTTP
            response status code patterns, e.g. 2XX values equate to success,
            3XX values are redirects, 4XX are client errors, and 5XX are server
            errors.
        policy:
          $ref: '#/components/schemas/api_b2b_rbac_v1_Policy'
          description: >-
            The RBAC Policy document that contains all defined Roles and
            Resources – which are managed in the
            [Dashboard](https://stytch.com/dashboard/rbac). Read more about
            these entities and how they work in our [RBAC
            overview](https://stytch.com/docs/b2b/guides/rbac/overview).
      required:
        - request_id
        - status_code
    api_b2b_rbac_v1_Policy:
      type: object
      properties:
        roles:
          type: array
          items:
            $ref: '#/components/schemas/api_b2b_rbac_v1_PolicyRole'
          description: >-
            An array of [Role
            objects](https://stytch.com/docs/b2b/api/rbac-role-object).
        resources:
          type: array
          items:
            $ref: '#/components/schemas/api_b2b_rbac_v1_PolicyResource'
          description: >-
            An array of [Resource
            objects](https://stytch.com/docs/b2b/api/rbac-resource-object).
        scopes:
          type: array
          items:
            $ref: '#/components/schemas/api_b2b_rbac_v1_PolicyScope'
          description: >-
            An array of [Scope
            objects](https://stytch.com/docs/b2b/api/rbac-scope-object).
      required:
        - roles
        - resources
        - scopes
    api_b2b_rbac_v1_PolicyRole:
      type: object
      properties:
        role_id:
          type: string
          description: >-
            The unique identifier of the RBAC Role, provided by the developer
            and intended to be human-readable.

              Reserved `role_id`s that are predefined by Stytch include:

              * `stytch_member`
              * `stytch_admin`

              Check out the [guide on Stytch default Roles](https://stytch.com/docs/b2b/guides/rbac/stytch-default) for a more detailed explanation.

              
        description:
          type: string
          description: The description of the RBAC Role.
        permissions:
          type: array
          items:
            $ref: '#/components/schemas/api_b2b_rbac_v1_PolicyRolePermission'
          description: >-
            A list of permissions that link a
            [Resource](https://stytch.com/docs/b2b/api/rbac-resource-object) to
            a list of actions.
      required:
        - role_id
        - description
        - permissions
    api_b2b_rbac_v1_PolicyResource:
      type: object
      properties:
        resource_id:
          type: string
          description: >-
            A unique identifier of the RBAC Resource, provided by the developer
            and intended to be human-readable.

              A `resource_id` is not allowed to start with `stytch`, which is a special prefix used for Stytch default Resources with reserved `resource_id`s. These include:

              * `stytch.organization`
              * `stytch.member`
              * `stytch.sso`
              * `stytch.self`

              Check out the [guide on Stytch default Resources](https://stytch.com/docs/b2b/guides/rbac/stytch-default) for a more detailed explanation.

              
        description:
          type: string
          description: The description of the RBAC Resource.
        actions:
          type: array
          items:
            type: string
          description: |-
            A list of all possible actions for a provided Resource.

              Reserved `actions` that are predefined by Stytch include:

              * `*`
              * For the `stytch.organization` Resource:
                * `update.info.name`
                * `update.info.slug`
                * `update.info.untrusted_metadata`
                * `update.info.email_jit_provisioning`
                * `update.info.logo_url`
                * `update.info.email_invites`
                * `update.info.allowed_domains`
                * `update.info.default_sso_connection`
                * `update.info.sso_jit_provisioning`
                * `update.info.mfa_policy`
                * `update.info.implicit_roles`
                * `delete`
              * For the `stytch.member` Resource:
                * `create`
                * `update.info.name`
                * `update.info.untrusted_metadata`
                * `update.info.mfa-phone`
                * `update.info.delete.mfa-phone`
                * `update.settings.is-breakglass`
                * `update.settings.mfa_enrolled`
                * `update.settings.roles`
                * `search`
                * `delete`
              * For the `stytch.sso` Resource:
                * `create`
                * `update`
                * `delete`
              * For the `stytch.self` Resource:
                * `update.info.name`
                * `update.info.untrusted_metadata`
                * `update.info.mfa-phone`
                * `update.info.delete.mfa-phone`
                * `update.info.delete.password`
                * `update.settings.mfa_enrolled`
                * `delete`
              
      required:
        - resource_id
        - description
        - actions
    api_b2b_rbac_v1_PolicyScope:
      type: object
      properties:
        scope:
          type: string
          description: >-
            The unique identifier of the RBAC Scope, provided by the developer
            and intended to be human-readable.
        description:
          type: string
          description: The description of the RBAC Scope.
        permissions:
          type: array
          items:
            $ref: '#/components/schemas/api_b2b_rbac_v1_PolicyScopePermission'
          description: >-
            A list of permissions that link a
            [Resource](https://stytch.com/docs/b2b/api/rbac-resource-object) to
            a list of actions.
      required:
        - scope
        - description
        - permissions
    api_b2b_rbac_v1_PolicyRolePermission:
      type: object
      properties:
        resource_id:
          type: string
          description: >-
            A unique identifier of the RBAC Resource, provided by the developer
            and intended to be human-readable.

              A `resource_id` is not allowed to start with `stytch`, which is a special prefix used for Stytch default Resources with reserved `resource_id`s. These include:

              * `stytch.organization`
              * `stytch.member`
              * `stytch.sso`
              * `stytch.self`

              Check out the [guide on Stytch default Resources](https://stytch.com/docs/b2b/guides/rbac/stytch-default) for a more detailed explanation.

              
        actions:
          type: array
          items:
            type: string
          description: >-
            A list of permitted actions the Scope is required to take with the
            provided Resource. You can use `*` as a wildcard to require a Scope
            permission to use all possible actions related to the Resource. 
      required:
        - resource_id
        - actions
    api_b2b_rbac_v1_PolicyScopePermission:
      type: object
      properties:
        resource_id:
          type: string
          description: >-
            A unique identifier of the RBAC Resource, provided by the developer
            and intended to be human-readable.

              A `resource_id` is not allowed to start with `stytch`, which is a special prefix used for Stytch default Resources with reserved `resource_id`s. These include:

              * `stytch.organization`
              * `stytch.member`
              * `stytch.sso`
              * `stytch.self`

              Check out the [guide on Stytch default Resources](https://stytch.com/docs/b2b/guides/rbac/stytch-default) for a more detailed explanation.

              
        actions:
          type: array
          items:
            type: string
          description: >-
            A list of permitted actions the Scope is required to take with the
            provided Resource. You can use `*` as a wildcard to require a Scope
            permission to use all possible actions related to the Resource. 
      required:
        - resource_id
        - actions
  securitySchemes:
    basicAuth:
      type: http
      scheme: basic

````