Skip to main content

Role Based Access Control

The Warrant API natively provides support for Role Based Access Control. The easiest way to manage roles and permissions is via the Warrant Dashboard, but programmatic management via the API is possible using our RBAC endpoints. To support Role Based Access Control, Warrant provides the following:


role is a pre-defined object type that exists in every Warrant account. Roles allow you to group together sets of permissions according to a particular user persona (ex: admin, customer-success, engineer, etc.) by assigning those permissions to a role. That role can then be assigned to a user, implicitly granting that user all of the permissions assigned to that role. This simplifies the assignment of large groups of related permissions. Roles support hierarchy (roles can be members of other roles) and are particularly useful for B2B applications with complex, hierarchical access control models that are easily expressed using RBAC.


permission is a pre-defined object type that exists in every Warrant account. Permissions allow you to define rules that designate access to resources or actions in your application (ex: view-dashboard, edit-dashboard, etc). They can be assigned to roles or directly to users to grant access to the designated resource or action.


As their product matures, many B2B software companies eventually offer customers the ability to manage their own organization's roles and permissions. From the database to the backend to the user experience, building this self-service feature is a huge undertaking. The Warrant Self-Service Dashboard allows you to seamlessly embed a well-designed page for managing roles and permissions right into your application with just a few lines of code. To learn more about adding the Self-Service Dashboard to your application, check out the Self Service Quickstart.