v0.0.4b

Permissions

Jan 1, 2026

Variables

Role-based permission levels that control user access and capabilities within the system.

Permission Levels

Listed from lowest to highest access:

Level

Name

Description

VIEWER

Viewer

Read-only access to view processes and data

ENGINEER

Engineer

Can create and modify process definitions

MANAGER

Manager

Can manage teams and approve workflows

ADMIN

Admin

Full administrative access to organization

SUPER_ADMIN

Super Admin

System-wide administrative privileges

Permission Hierarchy

The permission system uses a hierarchical model where higher-level permissions inherit all capabilities of lower levels:

SUPER_ADMIN
    
  ADMIN
    
 MANAGER
    
ENGINEER
    
 VIEWER

Access Control

Permissions are checked using a greater-than-or-equal comparison:

  • A user with ADMIN permission can perform actions requiring ENGINEER, MANAGER, or ADMIN levels

  • A user with VIEWER permission can only perform actions requiring VIEWER level

  • Higher permissions automatically include all lower permission capabilities

Common Permission Requirements

Action

Typical Required Permission

View process instances

VIEWER

Create process definitions

ENGINEER

Publish processes

ENGINEER

Manage user access

MANAGER

Organization settings

ADMIN

System configuration

SUPER_ADMIN

Usage in Code

The permission system supports comparison operations:

user_permission >= required_permission  # Returns boolean
user_permission < other_permission      # Hierarchy comparison

Validation

  • Permission checks occur at API endpoints

  • Failed permission checks return authorization errors

  • User permissions are determined at authentication time

  • Organization membership required for permission assignment

‹ Progress Status

Fields ›