Permissions Reference

Complete reference for all permissions in ARSAKA PUGUH.

Permission Format

All permissions follow this pattern:

plaintext

{domain}.{resource}.{action}

IAM Domain

Permission	Description
`iam.users.view`	View user list and details
`iam.users.invite`	Invite new users to organization
`iam.users.update`	Update user details
`iam.users.suspend`	Suspend/activate users
`iam.users.remove`	Remove users from organization
`iam.roles.view`	View roles and permissions
`iam.roles.create`	Create custom roles
`iam.roles.update`	Modify role permissions
`iam.roles.delete`	Delete custom roles
`iam.service-accounts.view`	View service accounts
`iam.service-accounts.create`	Create service accounts
`iam.service-accounts.delete`	Delete service accounts
`iam.service-accounts.rotate`	Rotate API keys

Organization Domain

Permission	Description
`organization.settings.view`	View organization settings
`organization.settings.update`	Update organization settings
`organization.members.view`	View member list
`organization.members.manage`	Add/remove members
`organization.applications.view`	View applications
`organization.applications.create`	Create new applications
`organization.applications.update`	Update application settings
`organization.applications.delete`	Delete applications
`organization.delete`	Delete the entire organization

Webhook Domain

Permission	Description
`webhook.endpoints.view`	View webhook endpoints
`webhook.endpoints.create`	Create webhook endpoints
`webhook.endpoints.update`	Update webhook configuration
`webhook.endpoints.delete`	Delete webhook endpoints
`webhook.endpoints.test`	Send test ping to webhook
`webhook.deliveries.view`	View delivery history
`webhook.deliveries.retry`	Retry failed deliveries

Storage Domain

Permission	Description
`storage.files.view`	View and download files
`storage.files.upload`	Upload new files
`storage.files.delete`	Delete files
`storage.buckets.view`	View storage buckets
`storage.buckets.create`	Create storage buckets
`storage.buckets.delete`	Delete storage buckets

Control Domain

Permission	Description
`control.audit.view`	View audit trails
`control.audit.export`	Export audit logs
`control.events.view`	View event timeline
`control.events.detail`	View event details
`control.metrics.view`	View system metrics
`control.dlq.view`	View dead letter queue
`control.dlq.retry`	Retry failed events
`control.dlq.dismiss`	Dismiss DLQ items

Billing Domain

Permission	Description
`billing.subscription.view`	View current subscription
`billing.subscription.update`	Change subscription plan
`billing.invoices.view`	View invoice history
`billing.invoices.download`	Download invoices
`billing.payment-methods.view`	View payment methods
`billing.payment-methods.update`	Update payment methods

Role Permission Mapping

Owner (All Permissions)

Has all permissions in all domains.

Admin

plaintext

iam.users.*
iam.roles.*
iam.service-accounts.*
organization.settings.*
organization.members.*
organization.applications.*
webhook.*
storage.*
control.*

Excludes:

organization.delete
billing.*

Member

plaintext

iam.users.view
iam.roles.view
iam.service-accounts.view
organization.settings.view
organization.members.view
organization.applications.view
webhook.endpoints.*
webhook.deliveries.view
storage.files.view
storage.files.upload
control.audit.view
control.events.view
control.metrics.view

Viewer

plaintext

iam.users.view
iam.roles.view
organization.settings.view
organization.members.view
organization.applications.view
webhook.endpoints.view
webhook.deliveries.view
storage.files.view
control.audit.view
control.events.view
control.metrics.view

Checking Permissions

In the Dashboard

Navigate to IAM > Permissions to see:

Your effective permissions
Comparison across roles
Missing permissions for specific actions

Via API

javascript

// Check single permission
const result = await client.checkPermission('webhook.endpoints.create');
// { allowed: true }

// Check multiple permissions
const results = await client.checkPermissions([
  'webhook.endpoints.create',
  'webhook.endpoints.delete',
  'storage.files.upload'
]);
// {
//   'webhook.endpoints.create': true,
//   'webhook.endpoints.delete': false,
//   'storage.files.upload': true
// }

// Get all permissions
const allPermissions = await client.getMyPermissions();
// ['webhook.endpoints.view', 'webhook.endpoints.create', ...]

Permission Errors

When a permission check fails, you'll see:

Dashboard:

"You don't have permission to perform this action."

API:

json

{
  "detail": "Missing permission: webhook.endpoints.delete"
}

Permissions Reference

Permission Format

IAM Domain

Organization Domain

Webhook Domain

Storage Domain

Control Domain

Billing Domain

Role Permission Mapping

Owner (All Permissions)

Admin

Member

Viewer

Checking Permissions

In the Dashboard

Via API

Permission Errors

Related