Authentication & RBAC

Three-plane auth model, guards API, and permission enforcement.

Platform · 6 articles

Platform, Tenant, and Consumer auth planes with role hierarchies and permission matrices.

authrbacthree-planeplatform

Role guards, RBAC engine with 18 resources, cross-tenant validation, and 122 assertTenantOwnership sites.

guardpermissionrbacrole

SUPPORT/OPS/BILLING/SUPER_ADMIN permissions, route filtering, and impersonation.

platformrbacsupportops

7-role hierarchy, DEFAULT_PERMISSIONS matrix, permission overrides, temporary elevation, and IP allowlisting.

tenantrbacrolepermission

requireCustomer, requireOrCreateCustomer, IDOR prevention with household and delegation checks.

customerconsumerguardidor

Kiosk device fingerprint auth, hardware serial auth, and org-scoped device tokens.

devicekioskauthfingerprint

Access all guides with a free trial

Full help center access with contextual in-app guidance, search, and video tutorials.