Skip to main content
An policy is a governing document that defines what actions a given Role can take on a given Resource.

Role Object

Resource Object

To learn more about creating and managing your RBAC policy, see the RBAC guides.

Checking permissions

Each Member Session will be granted specific roles, which grants them permission to take specific actions on specific Resources. To check if a Member has permission to take an action on a Resource, use the .
Always validate permissions on the client and server before proceeding with an action. See the Enforcing Permissions guide and the Stytch API Reference for more details.
import { StytchB2BClient } from '@stytch/vanilla-js/b2b';

const stytch = new StytchB2BClient('public-token-test-b8c84de4-7d58-4ffc-9341-432b56596862');

const editButton = document.getElementById('edit-button');

// Check permissions both before taking actions
const editDocument = async () => {
  const { isAuthorized } = await stytch.rbac.isAuthorized({
    resourceId: 'documents',
    action: 'edit'
  });

  if (!isAuthorized) {
    throw new Error('You do not have permission to edit documents');
  }

  proceedWithEdit();
};

// And to hide or disable UI elements
const checkPermissions = async () => {
  const { isAuthorized } = await stytch.rbac.isAuthorized({
    resourceId: 'documents',
    action: 'edit'
  });

  editButton.disabled = !isAuthorized;
};

editButton.addEventListener('click', editDocument);
checkPermissions();