Frontegg Documentation

Welcome to the Frontegg developer hub. You'll find comprehensive guides and documentation to help you start working with Frontegg as quickly as possible, as well as support if you get stuck. Let's jump right in!

Roles & Permissions

With just a few clicks you can define multiple roles and permissions for your SaaS application. The Frontegg mechanism for defining roles and permissions behaves as you would expect from any standard RBAC system, but with a few unique features which we will explain below.


Creating Roles

The “Roles” submenu allows you to quickly define any number of roles for your application:

  • For each role, you designate a Role Name.
  • For each role, you designate a Role Key to serve as an internal identifier. At any later stage, you can change the role name without changing the internal role key. This allows you to change your public role names without influencing internal role functionality.
  • You can turn on the Default switch if you want the role to be assigned automatically to each new user in your company.
  • Once you define a role, you can assign one or more permissions to the role.
  • You can duplicate an existing role and then edit the duplicate.
  • You can delete a role at any time.
  • For each role, you specify a numeric Role Level (described below).
  • By default you have Admin and Read-only roles, already assigned with the relevant Frontegg Permissions. You can utilize these roles or remove them and add your own.

Specifying Role Levels

You can use the Role Level mechanism to create organizational role hierarchies. In the example shown below, there are six corporate roles divided among three overall role levels.

  • Role Level 0 for Agent, Admin
  • Role Level 1 for Operator, Editor
  • Role Level 2 for Viewer, Analyst

NOTE: By default, all roles are assigned Role Level 0.


Frontegg provides you with two separate lists of permissions, called Custom Permissions and Frontegg Permissions.

Custom Permissions

Custom Permissions can be used to create any required permissions for your SaaS application. You can add, edit or delete these permissions as desired.

Frontegg Permissions

Frontegg Permissions can be used to configure permissions for built-in Frontegg features. These are fixed lists of permissions which cannot be edited or deleted. All Frontegg Permissions have a Role Key beginning with the “fe” prefix (such as

Permission Categories

Permissions are always organized within permission categories, where the categories serve as logical groupings. This is true of both Customer Permissions and Frontegg Permissions.

Categories serve as simple holding folders for a group of related permissions. But keep in mind that each permission must be edited individually.

Example of Custom Permission Categories

In this example, the "Documents" category contains the three permissions titled:

  • Update Documents
  • Upload Files
  • View Documents

Example of Frontegg Permission Categories

In this example, the "Security Policies" category contains the following three permissions:

  • Delete Security Policies
  • Read Security Policies
  • Write Security Policies

Disabling Roles & Permissions

Disable roles & permissions if your app requires no user hierarchy. Enable this feature if you have multiple role levels within your application, “Admin”, “Editor”, “Viewer” - just to name a few.

In disable roles & permissions mode, every authenticated user will be allowed to send requests to frontegg build in features without Frontegg Permissions enforcement.

Updated 22 days ago

Roles & Permissions

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.