Role Scopes
Role Scopes
The Role Scopes configuration defines clear authorization permission arrays distinguishing operational developer profiles from standard billing managers.
Token Permission Topology
graph LR
UserSession["Active User Identity"] ==>|"Evaluate JWT Scope"| PolicyEngine["Access Verification Core"]
PolicyEngine ==>|"Scope == 'Studio'"| AccessStudio["Workspace Editing Capabilities"]
PolicyEngine -->|"Scope == 'Billing'"| AccessWallet["Wallet Top-Up Capabilities"]
classDef coreToken fill:#0f172a,stroke:#38bdf8,stroke-width:2px,color:#fff,rx:6px,ry:6px;
classDef tierToken fill:#312e81,stroke:#ec4899,stroke-width:2px,color:#fff,rx:6px,ry:6px;
class UserSession,PolicyEngine coreToken;
class AccessStudio,AccessWallet tierToken;
Role Assignment guidelines
1. Studio Permissions
Grants full canvas editing power alongside outbound script deployment capabilities while blocking organization billing updates.
2. Billing Permissions
Unlocks balance ledger tables and payment methods while keeping graphical node design structures read-only.