Skip to main content
Version: 2.0.0

Working with RBAC

At our company, have a shared todo app that allows users to create, read, update, toggle and delete tasks. Let's see how it would be created in practice with the use of the RBAC API" and delete it below.

We have a shared todo app that allows users to create, read, update, toggle and delete tasks.

First, lets define our roles resources and permissions.

Roles - Admin and Operator.
Resource - Task with create, read, update, toggle and delete actions.
Permissions - Admin can do everything and Operator can only read and toggle tasks.

Now let's create a Roles and Resources and Role Permissions through the API.
But before we need to get our API_SECRET_KEY from the dashboard and get current project_id and env_id

After you got your API_SECRET_KEY, project_id and env_id you can create your roles, resources and role permissions.
Make sure to replace API_SECRET_KEY, project_id and env_id with your own values project_id and project_key are interchangeable the same apply to env_id and env_key.

# create an admin role
curl 'https://api.permit.io/v2/schema/{project_id}/{env_id}/roles' \
-H 'authorization: Bearer API_SECRET_KEY' \
--data-raw '{"key":"admin","name":"admin","description":""}'

# create an operator role
curl 'https://api.permit.io/v2/schema/{project_id}/{env_id}/roles' \
-H 'authorization: Bearer API_SECRET_KEY' \
--data-raw '{"key":"operator","name":"operator","description":""}'


# create a task resource with create, read, update, toggle and delete actions
curl 'https://api.permit.io/v2/schema/{project_id}/{env_id}/resources' \
-H 'authorization: Bearer API_SECRET_KEY' \
--data-raw '{"key":"task","name":"task","actions":{"create":{"name":"create"},"read":{"name":"read"},"update":{"name":"update"},,"toggle":{"name":"toggle"},,"delete":{"name":"delete"}},"attributes":{}}'


# create a role permission for admin
curl 'https://api.permit.io/v2/schema/{project_id}/{env_id}/roles/admin/permissions' \
-H 'authorization: Bearer API_SECRET_KEY' \
--data-raw '{"permissions":["task:create","task:read","task:update","task:toggle","task:delete"]}'

# create a role permission for user
curl 'https://api.permit.io/v2/schema/{project_id}/{env_id}/roles/operator/permissions' \
-H 'authorization: Bearer API_SECRET_KEY' \
--data-raw '{"permissions":["task:read","task:toggle"]}'

Now we have our roles, resources and role permissions created. Let's create a user and assign the user to the user role.

# create the first user (we will assign this user to the admin role)
curl 'https://api.permit.io/v2/facts/{project_id}/{env_id}/users' \
-H 'authorization: Bearer API_SECRET_KEY' \
--data-raw '{"key":"unique_id_for_admin_username","email":"admin@domain.com","first_name":"","last_name":""}'

# create another user
'https://api.permit.io/v2/facts/{project_id}/{env_id}/users' \
-H 'authorization: Bearer API_SECRET_KEY' \
--data-raw '{"key":"unique_id_for_username","email":"user@domain.com","first_name":"","last_name":""}'

Now we have our users created. Let's assign the admin user to the admin role and the user to the user role.

# assign the admin user to the admin role
curl 'https://api.permit.io/v2/facts/{project_id}/{env_id}/role_assignments' \
-H 'authorization: Bearer API_SECRET_KEY' \
--data-raw '{"role":"admin","tenant":"default","user":"unique_id_for_admin_username"}'

# assign the operator role to the other operator
curl 'https://api.permit.io/v2/facts/{project_id}/{env_id}/role_assignments' \
-H 'authorization: Bearer API_SECRET_KEY' \
--data-raw '{"role":"operator","tenant":"default","user":"unique_id_for_username"}'

Contents