Skip to main content
import { StytchB2BClient } from '@stytch/vanilla-js/b2b';

const stytch = new StytchB2BClient('public-token-test-b8c84de4-7d58-4ffc-9341-432b56596862');

// Get all permissions asynchronously
stytch.rbac
  .allPermissions()
  .then((permissions) => {
    // Example: Check if user can edit documents
    if (permissions.documents?.edit) {
      console.log('User can edit documents');
    }

    // Example: Display all permissions
    Object.entries(permissions).forEach(([resource, actions]) => {
      console.log(`Resource: ${resource}`);
      Object.entries(actions).forEach(([action, allowed]) => {
        console.log(`  ${action}: ${allowed ? '✓' : '✗'}`);
      });
    });
  })
  .catch((error) => {
    console.error('Error:', error);
  });
rbac.allPermissions is an asynchronous method that returns the complete list of permissions assigned to the currently logged-in Member. If the Member is not logged in, all values will be false.
As a best practice, authorization checks for sensitive actions should also occur on the backend.

Response

permissions
Promise<Record<ResourceId, Record<Action, boolean>>>
required
A promise that resolves to a map of all permissions assigned to the currently logged-in Member.The key is the human-readable ID of the resource, and the value is a map of all actions for the given resource. The boolean value signifies whether the Member has permission (true) or not (false) to perform the specified action.