Roles | Auth.it Documentation

The Roles view in the Auth.it Dashboard allows you to create global roles:

The Roles view

Auth.it supports two types of roles:

Global roles represent permissions that span all your applications. These roles are configured in this view.
Organization roles represent a user’s permissions within a specific organization. Because Auth.it allows users to be members of multiple organizations, this enables different permission levels per organization. To create organization roles, go to the Organizations view, open an organization profile, and navigate to the Roles tab.

Adding roles

To add a new global role, click Add Role, then specify the name and (optionally) a description:

Adding a role

Roles can be removed from the list. Doing so also removes the role assignment from all users.

Assigning roles to users

To assign roles to a user, go to the Users view, select a user profile, and open the Roles tab. From there, you can assign roles to the user by clicking Assign Role.

Assigning a role to a user

You can then view the list of roles assigned to the user and unassign them as needed:

The list of roles assigned to a user

Roles that have been assigned to a user appear in the user’s JWT access token and are identified by name:

1 "realm_access": {
2   "roles": [
3     "viewer",
4     "default-roles-authit-docs",
5     "support-agent",
6     "offline_access",
7     "uma_authorization",
8     "content-moderator"
9   ]
10 }

Including the list of global roles in the token allows your application to make authorization decisions based on role membership.