Role Scopes

Role Scopes

The Role Scopes configuration defines clear authorization permission arrays distinguishing operational developer profiles from standard billing managers.


Token Permission Topology

graph LR
    UserSession["Active User Identity"] ==>|"Evaluate JWT Scope"| PolicyEngine["Access Verification Core"]
    PolicyEngine ==>|"Scope == 'Studio'"| AccessStudio["Workspace Editing Capabilities"]
    PolicyEngine -->|"Scope == 'Billing'"| AccessWallet["Wallet Top-Up Capabilities"]

    classDef coreToken fill:#0f172a,stroke:#38bdf8,stroke-width:2px,color:#fff,rx:6px,ry:6px;
    classDef tierToken fill:#312e81,stroke:#ec4899,stroke-width:2px,color:#fff,rx:6px,ry:6px;

    class UserSession,PolicyEngine coreToken;
    class AccessStudio,AccessWallet tierToken;

Role Assignment guidelines

1. Studio Permissions

Grants full canvas editing power alongside outbound script deployment capabilities while blocking organization billing updates.

2. Billing Permissions

Unlocks balance ledger tables and payment methods while keeping graphical node design structures read-only.