Skip to main content
import { StytchClient } from '@stytch/vanilla-js';

const stytch = new StytchClient('public-token-test-b8c84de4-7d58-4ffc-9341-432b56596862');

export const getAllPermissions = async () => {
const permissions = await stytch.rbac.allPermissions();
console.log(permissions);
return permissions;
};

{
    "stytch_permissions": {
      "documents": {
        "edit": false,
        "read": true,
      },
      "images": {
        "create": false,
        "view": true,
      },
    },
}
rbac.allPermissions is an asynchronous method that returns the complete list of permissions assigned to the currently logged-in User. If the User is not logged in, all values will be false.
As a best practice, authorization checks for sensitive actions should also occur on the backend.

Response

permissions
Promise<Record<RoleId, Record<Action, boolean>>>
required
A promise that resolves to a map of all permissions assigned to the currently logged-in User.The key is the human-readable ID of the role, and the value is a map of all actions for the given role. The boolean value signifies whether the User has permission (true) or not (false) to perform the specified action.