RBAC
enterpriseRole-based access control over dashboard actions. Planned for v2.0.
ℹ️Planned for v2.0
RBAC ships with SSO/SAML in v2.0. Until then, dashboard access is binary: admins can do everything in a team, non-admins are read-only.
What's planned
A flexible role model letting Enterprise customers carve up dashboard actions across roles:
| Role | What they can do |
|---|---|
admin | Everything: edit policies, manage members, manage billing. |
policy-author | Author and publish policies; cannot manage members or billing. |
reviewer | Review queued digest items via the dashboard; cannot edit policies. |
viewer | Read-only across all dashboards. |
auditor | Read-only plus the ability to export compliance bundles. |
| Custom roles | Author-defined permission combinations. |
Permissions surface
The RBAC model will gate every dashboard action with a permission string. A non-exhaustive list:
policy.read,policy.write,policy.publish,policy.deletemember.invite,member.remove,member.role.assignchannel.read,channel.writekey.read,key.write,key.rotatedigest.review,digest.approve,digest.deny,digest.terminateaudit.export,audit.compliance.export
Roles are then permission bundles. Custom roles can be defined as any combination.
Group mapping (with SSO)
When SSO is configured, IdP groups can be mapped to grith roles:
"grith-admins" → admin
"grith-reviewers" → reviewer
"security-team" → auditor
* (default) → viewer
Users get role(s) based on their IdP group membership. Changes in the IdP propagate via SCIM.
Local RBAC
For deployments without SSO, RBAC can still be used — admins assign roles manually in the dashboard.
Timeline
Target: v2.0, late 2026. Some infrastructure (per-action permission gates) is already in the codebase; the surface area exposed in v0.1's dashboard is admin/non-admin only.