Multi-tenancy authentication API reference - get rbac policy

Get RBAC Policy

GEThttps://test.stytch.com/v1/b2b/rbac/policy

Get the active RBAC Policy for your current Stytch Project. An RBAC Policy is the canonical document that stores all defined Resources and Roles within your RBAC permissioning model.

When using the backend SDKs, the RBAC Policy will be cached to allow for local evaluations, eliminating the need for an extra request to Stytch. The policy will be refreshed if an authorization check is requested and the RBAC policy was last updated more than 5 minutes ago.

Resources and Roles can be created and managed within the Dashboard. Additionally, Role assignment can be programmatically managed through certain Stytch API endpoints.

Check out the RBAC overview to learn more about Stytch's RBAC permissioning model.

Response fields

request_id string

status_code int

policy object

curl --request GET \
  --url https://test.stytch.com/v1/b2b/rbac/policy \
  -u 'PROJECT_ID:SECRET' \
  -H 'Content-Type: application/json'

RESPONSE

{
  "status_code": 200,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "policy": {
    "resources": [
      {
        "actions": [
          "create",
          "read",
          "write",
          "delete"
        ],
        "description": "Documents are text files owned by a user who can grant access to others for collaboration.",
        "resource_id": "documents"
      },
      {
        "actions": [
          "create",
          "read",
          "export",
          "share"
        ],
        "description": "Images are media files for sharing.",
        "resource_id": "images"
      },
      {
        "actions": [
          "update.info.name",
          "update.info.slug",
          "update.info.logo-url",
          "update.settings.allowed-auth-methods",
          "update.settings.allowed-mfa-methods",
          "update.settings.email-jit-provisioning",
          "update.settings.email-invites",
          "update.settings.allowed-domains",
          "update.settings.default-sso-connection",
          "update.settings.sso-jit-provisioning",
          "update.settings.mfa-policy",
          "update.settings.implicit-roles",
          "delete"
        ],
        "description": "Built-in resource for Stytch Organization objects",
        "resource_id": "stytch.organization"
      },
      {
        "actions": [
          "create",
          "update.info.name",
          "update.info.untrusted-metadata",
          "update.info.mfa-phone",
          "update.info.delete.mfa-phone",
          "update.info.delete.password",
          "update.settings.is-breakglass",
          "update.settings.mfa-enrolled",
          "update.settings.roles",
          "search",
          "delete"
        ],
        "description": "Built-in resource for Stytch Member objects",
        "resource_id": "stytch.member"
      },
      {
        "actions": [
          "create",
          "update",
          "delete"
        ],
        "description": "Built-in resource for Stytch SSO Connection objects",
        "resource_id": "stytch.sso"
      },
      {
        "actions": [
          "update.info.name",
          "update.info.untrusted-metadata",
          "update.info.mfa-phone",
          "update.info.delete.mfa-phone",
          "update.info.delete.password",
          "update.settings.mfa-enrolled",
          "delete"
        ],
        "description": "Built-in resource for the logged-in Stytch Member object",
        "resource_id": "stytch.self"
      }
    ],
    "roles": [
      {
        "description": "",
        "permissions": [],
        "role_id": "default"
      },
      {
        "description": "",
        "permissions": [
          {
            "actions": [
              "*"
            ],
            "resource_id": "documents"
          },
          {
            "actions": [
              "*"
            ],
            "resource_id": "images"
          }
        ],
        "role_id": "organization_admin"
      },
      {
        "description": "",
        "permissions": [
          {
            "actions": [
              "read",
              "write"
            ],
            "resource_id": "documents"
          },
          {
            "actions": [
              "read",
              "export",
              "share"
            ],
            "resource_id": "images"
          }
        ],
        "role_id": "editor"
      },
      {
        "description": "",
        "permissions": [
          {
            "actions": [
              "read"
            ],
            "resource_id": "documents"
          },
          {
            "actions": [
              "read"
            ],
            "resource_id": "images"
          }
        ],
        "role_id": "reader"
      }
    ]
  }
}