> ## Documentation Index > Fetch the complete documentation index at: https://unkey.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Example > Walk through a realistic RBAC example showing how to define roles, assign permissions to API keys, and verify access in your application. Let's look at an example app for allowing your users to manage domains. As part of the API, your users will be able to perform CRUD operations against domains or individual dns records. Users of our app can have the following permissions: * `domain.delete_domain` * `domain.dns.create_record` * `domain.dns.read_record` * `domain.dns.update_record` * `domain.dns.delete_record` * `domain.create_domain` * `domain.read_domain` * `domain.update_domain` Sign into your [dashboard](https://app.unkey.com). - For `Roles`, navigate to the `Authorization/Roles`. Default when navigating to `Authorization`. - For `Permissions`, navigate to the `Authorization/Permissions`. Create them in your `Authorization/Permissions` page. Use the button in the upper right. `+ Create new permission` Example permissions

We define the following roles: * `admin`: An admin can do everything. * `dns.manager`: Can create, read, update and delete dns records but not access the domain itself. * `read-only`: Can read domain or dns record information. Create them in your `Authorization/Roles` page. Use the button in the upper right. `+ Create new role` Example roles

For each role, we need to connect the permissions it should have. Admin roles

Now that we have permissions and roles in place, we can connect them to keys. 1. In the sidebar, click on one of your keyspaces 2. Next click on keys in the expanded keyspace you selected. Breadcrumb Navigation

3. On the key you want to use, click on the action menu (`...`) at the end of that table row. 4. Select `Manage roles and permissions...` Unconnected roles and permissions

5. You can connect a role to your key by using the `Assign role` input. Let's give this key the `dns.manager` and `read-only` roles. Unconnected roles and permissions

As you can see, the key now contains 2 `roles` and 5 `permissions` shown just above the Roles section: You can attach roles to a key when creating it by providing the role names as an array: ```bash theme={"theme":"kanagawa-wave"} curl -XPOST \ --url https://api.unkey.com/v2/keys.createKey \ -H "Authorization: Bearer ${ROOT_KEY}" \ -H "Content-Type: application/json" \ -d '{ "apiId": "${API_ID}", "roles": [ "role1", "role2", "role3" ] }' ``` See the [API reference](/api-reference/overview) for details. Now you can verify this key and perform permission checks. [Read more](/platform/apis/features/authorization/verifying)