Roles and Permissions
In RBAC, roles represent a collection of permissions. Each role defines a set of actions or operations that a user with that role can perform. Permissions can be associated with various resources within your application, such as endpoints, data objects, or functionality.
Common roles may include:
Administrator: Has full access to all resources and functionality.Editor: Can create, read, update, and delete specific resources.Viewer: Can only view resources but cannot modify them.
Roles
Creating, updating and deleting roles is available in the dashboard.
Create
- Go to /app/authorization/roles
- Click
Create New Role - Enter a unique name for your role and optionally a human readable description.
- Click
Create
After the role is created, you are forwarded and can update/delete the role or connect existing permissions.
Update
- Go to /app/authorization/roles
- Click on the role you want to update
- Click
Update Role - Make changes to the name, description or both
- Click
Save
Delete
- Go to /app/authorization/roles
- Click on the role you want to delete
- Click
Delete Role - Enter the name of the role to confirm
- Click
Delete Role
Permissions
Creating, updating and deleting permissions is available in the dashboard.
Create
- Go to /app/authorization/permissions
- Click
Create New Permission - Enter a unique name for your permissoin and optionally a human readable description.
- Click
Create New Permission
Update
- Go to /app/authorization/permissions
- Click on the permission you want to update
- Click
Update Role - Make changes to the name, description or both
- Click
Save
Delete
- Go to /app/authorization/permisions
- Click on the permission you want to delete
- Click
Delete - Enter the name of the permission to confirm
- Click
Delete
Connecting roles and permissions
After you have created at least 1 role and 1 permission, you can start associating them with each other.
Go to /app/authorization/roles and click on the role to go to the permissions screen. Now you can click the checkboxes to connect the role and permission.
A checked box means the role will grant the permission to keys.
Connecting roles to keys
- In the sidebar, click on one of your APIs
- Then click on
Keysin the tabs - Select one of your existing keys by clicking on it
- Go to the
Permissionstab
You should now be on /app/keys/key_auth_???/key_???/permissions
You can connect a role to your key by clicking on the checkbox in the graph.
Let’s give this key the dns.manager and read-only roles.
As you can see, now the key is connected to the following permissions:
domain.dns.create_record, domain.dns.read_record, domain.dns.update_record, domain.dns.delete_record, domain.create_domain, domain.read_domain
Creating keys
When a user of your app creates a new key, you can attach zero, one or multiple previously created roles to the key.
curl -XPOST \
--url https://api.unkey.dev/v1/keys.createKey \
-H "Authorization: Bearer ${ROOT_KEY}" \
-H "Content-Type: application/json" \
-d '{
"apiId": "${API_ID}",
"roles": [
"role1", "role2", "role3"
]
}'
See here for details.