RBAC

role

{
    "id": "urn:role::tenent-id:role-name",
    "description": "string",
    "members": [
        "urn:identity::120b5cb7-41d3-4713-9abb-fc6f72074fde",
        "urn:identity:credential::chl:srcei:rut:1-9",
        "urn:identity:document::chl:srcei:rut:1-9"
    ]
}
Name Type Required Restrictions Description
id string false none ID is the role’s unique id.
description string false none Description is the description of the role.
members [string] false none Members is who belongs to the role.

scp (service control policy)

{
    "id": "urn:policy:tenant-id:policy-name",
    "actions": [
        "read",
        "write",
    ],
    "description": "string",
    "effect": "(allow|deny)",
    "subjects": [
        "urn:role::tenent-id:role-name",
        "urn:identity::66bb201b-e368-40cd-81b7-37f01ec73ed8"
    ],
    "resources": [
        "string"
    ]
}
Name Type Required Restrictions Description
id string false none ID is the unique identifier of the SCP. It is used to query, update, and remove the SCP.
actions [string] false none Actions is an array representing all the actions this SCP applies to.
description string false none Description is an optional, human-readable description.
effect string false none Effect is the effect of this SCP. It can be “allow” or “deny”.
subjects [string] false none Subjects is an array representing all the subjects this SCP applies to.
resources [string] false none Resources is an array representing all the resources this SCP applies to.

check request

{
    "action": "string",
    "context": {},
    "resource": "string",
    "subject": "string"
}