Back to page

Role Scopes

Raw Markdown & AI/RAG Chunks
Raw Markdown Source 1124 chars
# Role Scopes

The **Role Scopes** configuration defines clear authorization permission arrays distinguishing operational developer profiles from standard billing managers.

---

## Token Permission Topology

```mermaid
graph LR
    UserSession["Active User Identity"] ==>|"Evaluate JWT Scope"| PolicyEngine["Access Verification Core"]
    PolicyEngine ==>|"Scope == 'Studio'"| AccessStudio["Workspace Editing Capabilities"]
    PolicyEngine -->|"Scope == 'Billing'"| AccessWallet["Wallet Top-Up Capabilities"]

    classDef coreToken fill:#0f172a,stroke:#38bdf8,stroke-width:2px,color:#fff,rx:6px,ry:6px;
    classDef tierToken fill:#312e81,stroke:#ec4899,stroke-width:2px,color:#fff,rx:6px,ry:6px;

    class UserSession,PolicyEngine coreToken;
    class AccessStudio,AccessWallet tierToken;
```

---

## Role Assignment guidelines

### 1. Studio Permissions
Grants full canvas editing power alongside outbound script deployment capabilities while blocking organization billing updates.

### 2. Billing Permissions
Unlocks balance ledger tables and payment methods while keeping graphical node design structures read-only.
AI Chunks (RAG) 3 chunks
Chunk #1 Role Scopes
# Role Scopes

The **Role Scopes** configuration defines clear authorization permission arrays distinguishing operational developer profiles from standard billing managers.

---
Chunk #2 Token Permission Topology
## Token Permission Topology

```mermaid
graph LR
    UserSession["Active User Identity"] ==>|"Evaluate JWT Scope"| PolicyEngine["Access Verification Core"]
    PolicyEngine ==>|"Scope == 'Studio'"| AccessStudio["Workspace Editing Capabilities"]
    PolicyEngine -->|"Scope == 'Billing'"| AccessWallet["Wallet Top-Up Capabilities"]

    classDef coreToken fill:#0f172a,stroke:#38bdf8,stroke-width:2px,color:#fff,rx:6px,ry:6px;
    classDef tierToken fill:#312e81,stroke:#ec4899,stroke-width:2px,color:#fff,rx:6px,ry:6px;

    class UserSession,PolicyEngine coreToken;
    class AccessStudio,AccessWallet tierToken;
```

---
Chunk #3 Role Assignment guidelines
## Role Assignment guidelines

### 1. Studio Permissions
Grants full canvas editing power alongside outbound script deployment capabilities while blocking organization billing updates.

### 2. Billing Permissions
Unlocks balance ledger tables and payment methods while keeping graphical node design structures read-only.