Sign up for Frontegg

Managing permissions

Suggest Edits

Permissions are essential for controlling user access to information and functionality in your application.

An individual permission represents the ability to do something, like upload a video or edit a profile page. Permissions are assigned to roles such that each role is essentially a group of permissions. Each user has one or more roles that define what the user can do.

To get you started quickly, Frontegg comes with a robust collection of default permissions that we call Frontegg Permissions, these permissions are related to the features we give you within the admin-box. Additionally, you can add Custom Permissions to use in addition to or instead of the Frontegg Permissions. Read below to learn more.

The way to use permissions is to add them to a role and assign a role to a user.

Where to manage permissions for your app

Permissions exists in every environment you use (Development, Staging, QA, and Production). In order to get to the permission page and create permissions, go to the portal → Environment → Authorization → Permissions

1440

Frontegg Permissions and defaults

The Frontegg permissions provide you and your customers with granularity to select which users can do what regarding functionality from the admin-box.

Examples include permissions for operations such as Invite user and Change security polices.

This impacts actions your users can take in the admin portal embedded in your application and backend API calls sent to Frontegg on behalf of your users.

The Frontegg Permissions list is a fixed list that you cannot edit or delete. All Frontegg permissions begins with the fe prefix (such as fe.connectivity.read.eventCategories)

Permission Properties

PropertyDescription
NameThe permission name.
DescriptionThe description is intended to help you and your teammates understand the permission internally.
CategoryCategories serve as simple holding folders for a group of related permissions. This is true of both Frontegg Permissions and Custom Permissions.
Each Frontegg Permission is already assigned to a category and cannot be reassigned to a different one. Each Custom Permission you must assign to a category and can edit which category it belongs to. Although organized in categories, each permission must be edited individually.
KeyAn internal identifier that must be unique. As a best practice, a permissions key should include the name of the resource and the action it is protecting. For example: If I I want to protect SAML configuration with permissions I’ll add three permissions with different actions
fe.secure.delete.samlConfiguration
fe.secure.read.samlConfiguration
fe.secure.write.samlConfiguration

Permissions table and actions

On the permissions table, you can see all permissions created by Frontegg and by you (custom permissions).

  1. Search bar - gives you the option to search for a specific permission
  2. Filters - you can filter permissions by category and the creator (you or Frontegg)
  3. Delete a permission - use the three dots on the right side of each permission to delete it
1440

Permission Creation and Editing

Create a new permission by clicking on the "Add New Permission" button.

On the Settings tab add the following:

FieldDescription
Name (required)Add a descriptive name for your permission
DescriptionWe advise you to add a description that will help you and other teammates manage the permissions.
Category (required)Choose a category from the category list. You can assign an existing category, or create a new one.
Key (required)add a unique key, which will be used to identify the permission and will be added to your code.

On the role tab, you are able to attach the permission you are editing or creating to multiple roles

  1. Click on “Assign roles”
  2. Mark the roles you would like to add to this permission
  3. Click “Assign roles”
  4. Click ‘Save’ to add the permission to the permission table

📘

A permission can be saved without a role attached, and you can add those later on.

1440 1440 1440

Edit existing permissions

In order to go back and edit an existing permission, click on the permission in the table and edit its settings.

Wrapping it all up - permissions are set only by you

  1. Setting up roles and permissions on each environment (this document explains how you can do that)
  2. Adding/editing permission for specific roles within the backoffice

Going live checklist

  1. Make sure you’ve enabled the roles and permission option under the authorization → Roles (in each environment).
  2. In case you created custom roles and added custom permissions, make sure you’ve added them to your code to be enforced.
  3. Create roles and permissions in one of the testing environments before moving them to Production.
    Add a new test user with that role and validate the enforcement on your side.
  4. Move the roles and Permissions to Production

Additional resources

APIs related to permissions

  1. Get permissions
  2. Create permissions
  3. Delete permission
  4. Update permission
  5. Set a permission to multiple roles

APIs related to permission categories

  1. Get permissions categories
  2. Create category
  3. Update category
  4. Delete category

See next

After configuring your roles and permissions in the Frontegg Portal, you can enforce them in your application. Specifically, you can:

  1. Protect your backend APIs
  2. Protect specific frontend pages

Updated 3 months ago