Resources

Resources are the things you want to protect — documents, dashboards, API endpoints, database records, or anything else.

Resource types

Before creating resources, define a resource type. A resource type is a blueprint that specifies:

Name — The category (e.g., document, dashboard, contact)
Actions — What can be done with this type (e.g., read, write, delete, share)

Example resource type:

{
  "name": "document",
  "actions": ["read", "write", "delete", "share"]
}

Resources

A resource is a specific instance of a resource type:

{
  "name": "Engineering Wiki",
  "type": "document",
  "id": "doc-456",
  "attributes": {
    "classification": "internal",
    "owner": "engineering"
  }
}

Resource hierarchy

Resources can have parent-child relationships via the parent_id field. This enables hierarchical access control — for example, granting access to a folder automatically grants access to documents within it.

In the evaluate call

When checking access, specify the resource type and ID:

{
  "resource": {
    "type": "document",
    "id": "doc-456"
  }
}

Resource types​

Resources​

Resource hierarchy​

In the evaluate call​

Resource types

Resources

Resource hierarchy

In the evaluate call