> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# RBAC (Roles-Based Access Control)

> Enforce RBAC permissions in your application's frontend using the Stytch Vanilla JS SDK

export const member = "Represents an individual end user's account within a given Organization, uniquely identified within that Organization by their email address.";

export const rbac = "Role-Based Access Control: An authorization model that manages access to resources within your application based on user roles.";

export const isReact_0 = undefined

An <Tooltip tip={rbac}>RBAC</Tooltip> policy is a governing document that defines what actions a given Role can take on a given Resource.

<Columns cols={2}>
  <Card title="Role Object" icon="braces" href="/api-reference/b2b/api/rbac/role-object" />

  <Card title="Resource Object" icon="braces" href="/api-reference/b2b/api/rbac/resource-object" />
</Columns>

To learn more about creating and managing your RBAC policy, see the [RBAC guides](/multi-tenant-auth/enterprise-ready/rbac/create-rbac-policy).

## Checking permissions

Each Member Session will be granted specific roles, which grants them permission to take specific actions on specific Resources. To check if a Member has permission to take an action on a Resource, use the {isReact_0 ? <><a href="../../hooks/use-stytch-is-authorized"><code>useStytchIsAuthorized</code> hook</a></> : <><a href="./is-authorized"><code>isAuthorized</code> method</a></>}.

<Warning>
  Always validate permissions on the client **and** server before proceeding with an action.  See the [Enforcing Permissions guide](/multi-tenant-auth/enterprise-ready/rbac/enforcing-permissions#frontend-authorization-checks) and the [Stytch API Reference](/api-reference/b2b/api/rbac/overview) for more details.
</Warning>

```javascript theme={null}
import { StytchB2BClient } from '@stytch/vanilla-js/b2b';

const stytch = new StytchB2BClient('public-token-test-b8c84de4-7d58-4ffc-9341-432b56596862');

const editButton = document.getElementById('edit-button');

// Check permissions both before taking actions
const editDocument = async () => {
  const { isAuthorized } = await stytch.rbac.isAuthorized({
    resourceId: 'documents',
    action: 'edit'
  });

  if (!isAuthorized) {
    throw new Error('You do not have permission to edit documents');
  }

  proceedWithEdit();
};

// And to hide or disable UI elements
const checkPermissions = async () => {
  const { isAuthorized } = await stytch.rbac.isAuthorized({
    resourceId: 'documents',
    action: 'edit'
  });

  editButton.disabled = !isAuthorized;
};

editButton.addEventListener('click', editDocument);
checkPermissions();
```