Overview
In the Enterprise Stack, each operation is associated with a specific permission, providing granular access control across different levels of the system. Permissions can be:
- Creating a key
- Creating a Decentralized Identifier (DID)
- Deleting an API key
- Updating tenant configuration
Permission Scope
Nex to the permission itself, there is the level to which the permission should be applied (the scope). For example, a permission could be applied on an organizational or a tenant level thereby granting the permission on all sub-resources of that organization or tenant. The assignment of the level happens during role creation. Roles are the way permissions get assigned to API-Keys or Accounts.
Revoking Permissions & Wildcards
Also, next to granting permissions, permissions can also be revoked. This is particulary useful when using a wildcard
permission. A wildcard permission like ALL enables a user to do all operations under the specified scope (e.g.
Organization or Tenant). Therefore, revoking a particular permission could be used to decrease the amount of actions a
user can perform.
Permissions Available
Wildcards
ALL- Enables a user to do all operations under the specified scope.
API Endpoint Specific Operations
You can find the required permissions for the various API endpoints by visiting the SWAGGER documentation. In the description of each endpoint, look for a field labeled "Operation." This field indicates the specific permission needed to access that endpoint.
Visit the SWAGGER docs here.