Roles

Roles group permissions together. Instead of assigning individual policies to each subject, assign a role, and the subject inherits all the role's policies.

How roles work

Create a role (e.g., editor)
Assign policies to the role (e.g., "can read and write documents")
Assign the role to subjects (e.g., Alice gets the editor role)

Now Alice can read and write documents — through the role-based access path.

Role scoping

Roles can be scoped to specific namespaces (applications). An editor role in the CRM namespace is separate from an editor role in the Docs namespace.

Examples

Role	Typical policies
`viewer`	Read-only access to resources
`editor`	Read + write access
`admin`	Full access including delete
`api-consumer`	Programmatic read access

Multiple roles

A subject can have multiple roles. During evaluation, AuthzX checks policies from all of the subject's roles.

How roles work​

Role scoping​

Examples​

Multiple roles​

How roles work

Role scoping

Examples

Multiple roles