Skip to main content
import { useStytchB2BClient } from '@stytch/react/b2b';

export const AdminPanel = () => {
  const stytch = useStytchB2BClient();
  const isAuthorized = stytch.rbac.isAuthorizedSync('documents', 'edit');

  return isAuthorized ? (
    <button>Edit Document</button>
  ) : (
    <p>You don't have permission to edit documents</p>
  );
};
rbac.isAuthorizedSync is a synchronous method that returns an authorization verdict on a resource-action pair (that is, whether the logged-in is authorized to perform the specified action on the specified Resource). This method will use locally-cached instances of the Member and the configured RBAC policy. If the RBAC policy has not been loaded, this method will always return false. See the SWR caching strategy. If the Member is not logged in, this method will always return false. If the resource or action provided are not valid for the configured RBAC policy, this method will return false. If you need to asynchronously fetch guaranteed-fresh data from the API, use the rbac.isAuthorized method.
As a best practice, authorization checks for sensitive actions should also occur on the backend.

Parameters

resource_id
string
required
The human-readable ID of the resource to check authorization for.
action
string
required
The action to take on the specified resource.

Response

authorized
boolean
required
true if the Member is authorized to perform the specified action on the specified resource, false otherwise.Will resolve to false if the RBAC policy has not been loaded or if the resource or action provided are not valid for the configured RBAC policy.