Resource Object - Stytch Docs

A Resource is an entity with an associated list of actions. The actions list enumerates all the valid operations that can be performed upon the Resource. All Resources are stored in your Project’s RBAC Policy. You can create and manage Resources in the RBAC Policies page of the Stytch Dashboard. Check out the RBAC overview to learn more about Stytch’s RBAC permissioning model.

resource_id

string

required

A unique identifier of the RBAC Resource, provided by the developer and intended to be human-readable.

A resource_id is not allowed to start with stytch, which is a special prefix used for Stytch default Resources with reserved resource_ids. These include:

stytch.organization
stytch.member
stytch.sso
stytch.self

Check out the guide on Stytch default Resources for a more detailed explanation.

description

string

required

The description of the RBAC Resource.

actions

string[]

required

A list of all possible actions for a provided Resource.

Reserved actions that are predefined by Stytch include:

*
For the stytch.organization Resource:
- update.info.name
- update.info.slug
- update.info.untrusted_metadata
- update.info.email_jit_provisioning
- update.info.logo_url
- update.info.email_invites
- update.info.allowed_domains
- update.info.default_sso_connection
- update.info.sso_jit_provisioning
- update.info.mfa_policy
- update.info.implicit_roles
- delete
For the stytch.member Resource:
- create
- update.info.name
- update.info.untrusted_metadata
- update.info.mfa-phone
- update.info.delete.mfa-phone
- update.settings.is-breakglass
- update.settings.mfa_enrolled
- update.settings.roles
- search
- delete
For the stytch.sso Resource:
- create
- update
- delete
For the stytch.self Resource:
- update.info.name
- update.info.untrusted_metadata
- update.info.mfa-phone
- update.info.delete.mfa-phone
- update.info.delete.password
- update.settings.mfa_enrolled
- delete