Permissions

The permission model in the User object is defined as:

{
    "permissions": {
        "request": {
            "read": true,
            "onboard": true,
            "update": false,
            "delete": false
        },
        "approval": {
            "read": true,
            "update": true,
            "delete": true
        },
        "view_accounts": false,
        "view_requests": true,
        "view_users": false,
        "view_groups": false
    }
}

Request

Onboard

Determines whether the user has permission to onboard a new account into Warden

Read

Determines whether the user has permission to request a token readout for an account

Update

Determines whether the user has permission to request a secret update on an existing account

Delete

Determines whether the user has permission to request an account deletion

Approval

Read

Determines whether the user can approve token readout requests

Update

Determines whether the user can approve secret update requests

Delete

Determines whether the user can approve account deletion requests

Viewing

Requests

Determines whether the user can view all requests. By default, users can view all of their own requests. Enabling this permission allows the user to view requests submitted by other users as well.

Accounts

Determines whether the user can view accounts in Warden

Users

Determines whether the user can view Warden users

Groups

Determines whether the user can view Warden groups