Roles

last updated: 2024-11-09

Role are privileges which can be assigned to identities.

All Roles are either privileges scoped to a context or to an identity. Each service can define their own roles and scopes.

Identity scoped Roles

Identity scoped roles are roles assigned to identities which give actions over itself or other identities.

For example,

  • assigning a password to an identity is a privilege. Not every user of an identity will have this privilege.
  • generating a api-key for an identity is a privilege. Not every user of an identity will have this privilege.

Sample Roles

Context scoped Roles

Context scoped roles are roles assigned to identities which give action over resources in a context.

For example,

  • update/deploy rss2email integration via the flows service
  • container deployments
  • access logs and metrics

Sample Roles

Available Context Roles

ID Name Scope
33a9b7bf-abcf-4da5-8992-aa8e61e33b05 objectstore admin https://dtz.rocks/objectstore/admin/{context_id}
357023f5-d2be-4049-bf0c-1bad1159f832 containerregistry admin https://dtz.rocks/containerregistry/admin/{context_id}
8fd46b8c-ff7b-4965-8b0e-23a58e0d038a rss2email admin https://dtz.rocks/rss2email/admin/{context_id}
a13bcc9a-42d0-4c24-9f3f-a275760e9efb context admin https://dtz.rocks/context/admin/{context_id}
cb7023f5-d2be-4049-bf0c-0bac1159f889 containers admin https://dtz.rocks/containers/admin/{context_id}
d53bcc9a-42d0-4c24-9f3f-a275760e9efb observabilty admin https://dtz.rocks/observability/admin/{context_id}

Available Identity Roles

ID Name Scope
088cd831-f14a-4a61-8035-37cc008aef12 billing admin https://dtz.rocks/billing/admin/{identity_id}
cb7023f8-b2be-4049-bf0c-0bac1159f889 identity admin https://dtz.rocks/identity/admin/{identity_id}
e13bcc9a-42d0-4c24-9f3f-a275760e9efb assume identity https://dtz.rocks/identity/assume/{identity_id}