Roles
last updated: 2025-07-26
Roles are privileges which can be assigned to identities
.
All Roles are either privileges scoped to a context
or to an identity
. Each service can define their own roles and scopes.
Identity scoped Roles
Identity scoped roles are roles assigned to identities which give actions over itself or other identities.
For example,
- assigning a password to an identity is a privilege. Not every user of an identity will have this privilege.
- generating a api-key for an identity is a privilege. Not every user of an identity will have this privilege.
Sample Roles
Context scoped Roles
Context scoped roles are roles assigned to identities which give action over resources in a context
.
For example,
- update/deploy rss2email integration via the flows service
- container deployments
- access logs and metrics
Sample Roles
- “https://dtz.rocks/context/admin/{context_id}"
- “https://dtz.rocks/flows/admin/{context_id}"
- “https://dtz.rocks/containers/admin/{context_id}"
- “https://dtz.rocks/observability/admin/{context_id}"
Available Context Roles
ID | Name | Scope |
---|---|---|
role-bfd584a9 | objectstore admin | https://dtz.rocks/objectstore/admin/{context_id} |
role-6bd059b1 | containerregistry admin | https://dtz.rocks/containerregistry/admin/{context_id} |
role-bb6d04d9 | rss2email admin | https://dtz.rocks/rss2email/admin/{context_id} |
role-e7e4c3b3 | context admin | https://dtz.rocks/context/admin/{context_id} |
role-bc43f2da | containers admin | https://dtz.rocks/containers/admin/{context_id} |
role-f880b4a8 | observabilty admin | https://dtz.rocks/observability/admin/{context_id} |
Available Identity Roles
ID | Name | Scope |
---|---|---|
role-e5832d4c | billing admin | https://dtz.rocks/billing/admin/{identity_id} |
role-ceb9417c | identity admin | https://dtz.rocks/identity/admin/{identity_id} |
role-5001d9c9 | assume identity | https://dtz.rocks/identity/assume/{identity_id} |