Docs

Hosted user roles and permissions

User roles and permissions

GovBase hosted tenants use tenant-scoped roles and API key scopes. Canonical JSON: ../../hosted-saas/user-roles-model.json and ../../hosted-saas/api-key-scopes.json.

Roles#

RolePurpose
OwnerBilling, tenant deletion request, full admin capabilities.
AdministratorPolicies, integrations, user invites, API key rotation.
AuditorRead compliance posture and download exports; no writes.
DeveloperSubmit evidence, read summaries, CI integration.
Read-only viewerDashboard and summary reads only.
Service accountNon-interactive CI/automation principal with scoped API keys.

Role inheritance is declared in the JSON model (inherits_from). Effective capabilities are the union of inherited and direct capabilities.

API key scopes#

Scopes use the form resource:action (for example evidence:write, compliance:read). Every key is bound to:

  • tenant_id (required)
  • Optional project_slug allowlist

Keys must not span tenants. Rotation target: 90 days (operator may enforce sooner for incident response).

Tenant-scoped permissions#

Console and API authorization checks always include tenant_id from the session or key material. Project-scoped keys cannot read other projects' runs unless the role grants view_all_projects.

Separation of duties#

When customers enable dual control, billing administrators should not be the sole approver of enforcement policy changes. The product may require a second owner or admin approval for promotion-sensitive settings.

Implementation readiness#

The dashboard enforces Supabase session auth on JWT routes (/api/tenants/*, /api/me, assessments). Tenant owners are stored as team_members.role = 'owner'. API keys are persisted in tenant_api_keys with scopes JSON and resolved at the audit gate via SHA-256 hash lookup. Role assignment beyond owner provisioning is still console-first at /tenant-onboarding. Full route-level RBAC enforcement should align with ../../multi-tenant/role-hierarchy.json for enterprise deployments.

← Back to home