Skip to main content
When a is assigned a role, they are granted permission to perform the actions that role allows. Roles are additive, so Users receive the combined permissions of all roles they are assigned.

Explicit role assignment

Explicit role assignment is when you directly assign a role to (or revoke from) a specific User. Once assigned, the User has that role until it is explicitly revoked. You can assign roles when making calls to the following API endpoints: Or manage roles in the Stytch Dashboard.

Example: assign a role via Update User

curl --request PUT \
  --url https://test.stytch.com/v1/users/user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6 \
  -u 'PROJECT_ID:SECRET' \
  -H 'Content-Type: application/json' \
  -d '{
    "roles": ["admin"]
  }'
Consumer RBAC supports explicit role assignment. If you need rule-based or attribute-based assignment, implement those rules in your application and apply roles via the Update User endpoint.

What’s next

Check out the enforcement guide to implement authorization checks in your app.