B2B Saas Authentication

/

API reference

/

RBAC

/

Get RBAC Policy

Get RBAC Policy

GEThttps://test.stytch.com/v1/b2b/rbac/policy

Get the active RBAC Policy for your current Stytch Project. An RBAC Policy is the canonical document that stores all defined Resources and Roles within your RBAC permissioning model.

When using the backend SDKs, the RBAC Policy will be cached to allow for local evaluations, eliminating the need for an extra request to Stytch. The policy will be refreshed if an authorization check is requested and the RBAC policy was last updated more than 5 minutes ago.

Resources and Roles can be created and managed within the Dashboard. Additionally, Role assignment can be programmatically managed through certain Stytch API endpoints.

Check out the RBAC overview to learn more about Stytch's RBAC permissioning model.

Response fields

request_idstring
status_codeint
policyobject
curl --request GET \
  --url https://test.stytch.com/v1/b2b/rbac/policy \
  -u 'PROJECT_ID:SECRET' \
  -H 'Content-Type: application/json'

RESPONSE

200
{
  "status_code": 200,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "policy": {
    "resources": [
      {
        "actions": [
          "create",
          "read",
          "write",
          "delete"
        ],
        "description": "Documents are text files owned by a user who can grant access to others for collaboration.",
        "resource_id": "documents"
      },
      {
        "actions": [
          "create",
          "read",
          "export",
          "share"
        ],
        "description": "Images are media files for sharing.",
        "resource_id": "images"
      },
      {
        "actions": [
          "update.info.name",
          "update.info.slug",
          "update.info.logo-url",
          "update.settings.allowed-auth-methods",
          "update.settings.allowed-mfa-methods",
          "update.settings.email-jit-provisioning",
          "update.settings.email-invites",
          "update.settings.allowed-domains",
          "update.settings.default-sso-connection",
          "update.settings.sso-jit-provisioning",
          "update.settings.mfa-policy",
          "update.settings.implicit-roles",
          "delete"
        ],
        "description": "Built-in resource for Stytch Organization objects",
        "resource_id": "stytch.organization"
      },
      {
        "actions": [
          "create",
          "update.info.name",
          "update.info.untrusted-metadata",
          "update.info.mfa-phone",
          "update.info.delete.mfa-phone",
          "update.info.delete.password",
          "update.settings.is-breakglass",
          "update.settings.mfa-enrolled",
          "update.settings.roles",
          "search",
          "delete"
        ],
        "description": "Built-in resource for Stytch Member objects",
        "resource_id": "stytch.member"
      },
      {
        "actions": [
          "create",
          "update",
          "delete"
        ],
        "description": "Built-in resource for Stytch SSO Connection objects",
        "resource_id": "stytch.sso"
      },
      {
        "actions": [
          "update.info.name",
          "update.info.untrusted-metadata",
          "update.info.mfa-phone",
          "update.info.delete.mfa-phone",
          "update.info.delete.password",
          "update.settings.mfa-enrolled",
          "delete"
        ],
        "description": "Built-in resource for the logged-in Stytch Member object",
        "resource_id": "stytch.self"
      }
    ],
    "roles": [
      {
        "description": "",
        "permissions": [],
        "role_id": "default"
      },
      {
        "description": "",
        "permissions": [
          {
            "actions": [
              "*"
            ],
            "resource_id": "documents"
          },
          {
            "actions": [
              "*"
            ],
            "resource_id": "images"
          }
        ],
        "role_id": "organization_admin"
      },
      {
        "description": "",
        "permissions": [
          {
            "actions": [
              "read",
              "write"
            ],
            "resource_id": "documents"
          },
          {
            "actions": [
              "read",
              "export",
              "share"
            ],
            "resource_id": "images"
          }
        ],
        "role_id": "editor"
      },
      {
        "description": "",
        "permissions": [
          {
            "actions": [
              "read"
            ],
            "resource_id": "documents"
          },
          {
            "actions": [
              "read"
            ],
            "resource_id": "images"
          }
        ],
        "role_id": "reader"
      }
    ]
  }
}