Roles

last updated: 2025-07-26

Roles are privileges which can be assigned to identities.

All Roles are either privileges scoped to a context or to an identity. Each service can define their own roles and scopes.

Identity scoped Roles

Identity scoped roles are roles assigned to identities which give actions over itself or other identities.

For example,

  • assigning a password to an identity is a privilege. Not every user of an identity will have this privilege.
  • generating a api-key for an identity is a privilege. Not every user of an identity will have this privilege.

Sample Roles

Context scoped Roles

Context scoped roles are roles assigned to identities which give action over resources in a context.

For example,

  • update/deploy rss2email integration via the flows service
  • container deployments
  • access logs and metrics

Sample Roles

Available Context Roles

ID Name Scope
role-bfd584a9 objectstore admin https://dtz.rocks/objectstore/admin/{context_id}
role-6bd059b1 containerregistry admin https://dtz.rocks/containerregistry/admin/{context_id}
role-bb6d04d9 rss2email admin https://dtz.rocks/rss2email/admin/{context_id}
role-e7e4c3b3 context admin https://dtz.rocks/context/admin/{context_id}
role-bc43f2da containers admin https://dtz.rocks/containers/admin/{context_id}
role-f880b4a8 observabilty admin https://dtz.rocks/observability/admin/{context_id}

Available Identity Roles

ID Name Scope
role-e5832d4c billing admin https://dtz.rocks/billing/admin/{identity_id}
role-ceb9417c identity admin https://dtz.rocks/identity/admin/{identity_id}
role-5001d9c9 assume identity https://dtz.rocks/identity/assume/{identity_id}