Skip to main content

Role Based Access Control

The Warrant API provides out-of-the-box support for Role Based Access Control (RBAC). Roles and permissions can be managed from the Warrant Dashboard or via the API. This quickstart will show you how to manage them via the API.

Creating Permissions

Create permissions by passing in a unique string identifier for each permission.


Creating Roles

Create roles by passing in a unique string identifier for each role.

Let's create two roles: one called admin and one called basic. We'll eventually assign the permissions we created to these roles.


Assigning Permissions to Roles

The roles we created aren't useful until we assign permissions to them. Let's assign the view-dashboards permission to the basic role and all four permissions to the admin role.

warrantClient.assignPermissionToRole("admin", "view-dashboards");
warrantClient.assignPermissionToRole("admin", "create-dashboards");
warrantClient.assignPermissionToRole("admin", "edit-dashboards");
warrantClient.assignPermissionToRole("admin", "delete-dashboards");

warrantClient.assignPermissionToRole("basic", "view-dashboards");

Assigning Roles to Users

Roles can be assigned to users. Users can be assigned multiple roles. Let's create two users and assign each of them one of the roles we created.

const adminUser = warrantClient.createUser("");
const basicUser = warrantClient.createUser("");

warrantClient.assignRoleToUser(adminUser.userId, "admin");
warrantClient.assignRoleToUser(basicUser.userId, "basic");

Assigning Permissions to Users

Permissions can also be directly assigned to users. Let's assign edit-dashboards to a user.

warrantClient.assignPermissionToUser(basicUser.userId, "edit-dashboards");

Checking for Permissions

Once you've created your roles and permissions and assigned them to users, check if a user has a permission by passing in the user id and the permission id.

// Returns true
warrantClient.hasPermission("delete-dashboards", adminUser.userId);

// Returns false
warrantClient.hasPermission("delete-dashboards", basicUser.userId);