`rbac.proto`

path sdk/rbac.proto

package m10.sdk

Messages

Expression represents a conditional expression that refines the scope of a RoleBinding.

Name	Type	Description
`collection`	`string`	The collection the expression applies to.
`expression`	`string`	The actual expression string. The syntax and semantics of this string are context-dependent.

Role defines a set of permissions.

Name	Type	Description
`id`	`bytes`	Unique identifier for the Role.
`owner`	`bytes`	ID (public key) of the owner of this Role.
`name`	`string`	Human-readable name for the Role.
`rules`	repeated `Rule`	List of rules that define the permissions granted by this role.

RoleBinding represents the binding of a Role to a set of subjects.

Name	Type	Description
`id`	`bytes`	Unique identifier (uuid) for the RoleBinding.
`name`	`string`	Human-readable name for the RoleBinding.
`role`	`bytes`	Reference to the Role being bound. This is expected to be the Role's ID.
`subjects`	repeated `bytes`	List of subjects (public keys) this role binding applies to.
`expressions`	repeated `Expression`	List of expressions that further refine the scope of the role binding.
`is_universal`	`bool`	If true, this RoleBinding applies universally, regardless of expressions or subjects.
`owner`	`bytes`	ID (public key) of the owner of this RoleBinding.

Rule specifies permissions on a particular collection.

Name	Type	Description
`collection`	`string`	The collection this rule applies to.
`instance_keys`	repeated `Value`	Optional list of instance keys. If provided, the rule only applies to these specific instances within the collection. Assumes a Value message is defined elsewhere.
`verbs`	repeated `Rule.Verb`	List of verbs allowed for this rule.
`excluded_instance_keys`	repeated `Value`	Exclusion: If present, these instance keys are explicitly NOT allowed

Verb defines the actions a subject can perform on a resource.