RBAC & Policy Authorization — Strait Docs

Authentication & Authorization OIDC Authentication RBAC & Policy Authorization Audit Events API Key Rotation Security Deployment Performance Tuning Job Dependencies Debug Bundles Job Groups Idempotency SDK Integration Workflow Approvals DAG Operations Playbook Event Triggers Environment Variables Database Tutorials Troubleshooting Migrating from BullMQ Migrating from Temporal

Guides

Roles, inheritance, resource policies, and tag policies in Strait.

Strait supports layered authorization for user actors:

Role permissions (project roles)
Role inheritance (parent_role_id chains)
Resource policies (direct user grant on a specific resource)
Tag policies (grant by resource tag match)

API keys continue to use scope-based authorization.

Core Endpoints

Roles

POST /v1/roles
GET /v1/roles
GET /v1/roles/{roleID}
PATCH /v1/roles/{roleID}
DELETE /v1/roles/{roleID}
POST /v1/seed-roles

Members

POST /v1/members
POST /v1/members/bulk
GET /v1/members
DELETE /v1/members/{userID}

Role Lineage Introspection

GET /v1/roles/{roleID}?include_lineage=true

Resource Policies

POST /v1/resource-policies
GET /v1/resource-policies (cursor pagination)
DELETE /v1/resource-policies/{policyID}

Tag Policies

POST /v1/tag-policies
GET /v1/tag-policies (cursor pagination)
DELETE /v1/tag-policies/{policyID}

Permission Resolution Order

For user actors, requirePermission() resolves access in this order:

Role/inherited role permissions
Resource policy permissions for (resource_type, resource_id, user_id)
Tag policy permissions for matching resource tags

Notes

RBAC mutations are rate-limited with stricter control-plane limits.
Permission cache is auto-invalidated when memberships/policies change.
Audit events are emitted for RBAC control-plane mutations.

See also:

Authentication & Authorization
Security
Audit Events

Was this page helpful?

OIDC Authentication

Optional OpenID Connect bearer-token validation for user API access.

Audit Events

Track and query security-sensitive actions with audit_events.

On this page

Core Endpoints Roles Members Role Lineage Introspection Resource Policies Tag Policies Permission Resolution Order Notes