Roles
Roles (along with their partner Role Bindings) are the two core elements of M10's permissions system. They group together a set of permissions on resources into a single object. For instance you might have a Role called bank-admin that allows a user to create or read accounts. Or you might have a role called "viewer" which allows a user to view all resources. Roles are only useful once they are "bound" to a specific key using a Role Binding.
Rules
Each Role is made up of a number of "Rules". A rule contains a collection, a list of instance_keys, and a list of verbs. The collection is the type of object you are granting permissions to, for instance if you wanted to grant permissions for a user to access an account, the collection would be accounts. "Verbs" are actions that can take place on an instance. There are 7 verbs:
- Read
- Create
- Update
- Delete
- Transact
- Initiate
- Commit
Each rule can take an optional set of instance_keys. If one or more instance keys is specified, the rule only applies to those instances. Imagine you are trying to give a user access to just their own account. You could create a Rule that contains only the id for that account in instance_keys.
Model
API Calls
Create
- Rust
- TS
- Dart
- CLI
Get
- Rust
- TS
- Dart
- CLI
List
- Rust
- TS
- Dart
- CLI
Update
- Rust
- TS
- Dart
- CLI
Delete
- Rust
- TS
- Dart
- CLI