Zenskar employs a mix of role-based access control (RBAC) and permission-based access control for authorization. People often get confused between authentication and authorization. It is important to remember that authorization is not the same as authentication:

AuthenticationAuthorization
Are you who you claim to be?Are you allowed to do what you are trying to do?
You are challenged to validate your credentials through mechanisms such as password verification, fingerprint matching, facial recognition.You are provided access to a resource through policies and rules created by an administrator.
Generally governed by the OpenID Connect (OIDC) protocol.Generally governed by the OAuth 2.0 framework.

In summary, access to a resource is protected by both authentication and authorization: you have to prove your identity and possess appropriate permissions to interact with resources

Important concepts are summarized in the table below:

Authorization objectDescription
PermissionsSets of permitted verbs (or actions) on a set of resources. In Zenskar, Read, Write, Delete, and Approve are the verbs available.
RolesCollections of permissions. You can bind (or assign) users to a role.
BindingsAssociations of a user with a role.

How to add a new role?

  1. Click on the named drop-up menu located at the bottom of the side panel, and click on Roles.
  2. Click on the + ADD NEW ROLE button.
  3. Enter the new role name.
  4. Grant required permissions to the role by selecting permissions from the AVAILABLE PERMISSIONS list and adding them to the GRANTED PERMISSIONS list.
  5. Click ADD ROLE.

🚧

Choose all permissions

The option to choose all permissions must be used with caution. The user attains unlimited power.

Available permissions

The permissions are of the form:

Can Read
Can Write
Can Delete

πŸ“–

Can Approve permission

There is also a Can Approve permission applicable only to invoices.

Resource
Accounting
Aggregate
Analytics
Contract
Credit Notes
Customer
Data Sources
Integrations
Invoices
Jobs
Monitors
Payments
Payment Methods
Product
Raw Metric
Roles
Template
Triggers
User

How to update a role?

  1. Click on the named drop-up menu located at the bottom of the side panel, and click on Roles.
  2. From the roles listed on the page, click on the role you wish to edit.
  3. Make the necessary edits and click the UPDATE ROLE button.

How to delete a role?

  1. Click on the named drop-up menu located at the bottom of the side panel, and click on Roles.
  2. Each row on the Roles page has a kebab menu. Clicking on the kebab menu will display the option to delete a role.

🚧

Caution

A user can be granted more permissions than allowed by a role. Deleting a role will revoke the permissions granted to user by the role. However, the user will retain the extra permissions.