Permissions are essential for controlling user access to information and functionality in your application.
An individual permission represents the ability to do something, like upload a video or edit a profile page. Permissions are assigned to roles such that each role is essentially a group of permissions. Each user has one or more roles that define what the user can do.
To get you started quickly, Frontegg comes with a robust collection of default permissions that we call Frontegg Permissions, these permissions are related to the features we give you within the admin-box. Additionally, you can add Custom Permissions to use in addition to or instead of the Frontegg Permissions. Read below to learn more.
The way to use permissions is to add them to a role and assign a role to a user.
Permissions exists in every environment you use (Development, Staging, QA, and Production). In order to get to the permission page and create permissions, go to the portal → Environment → Authorization → Permissions
The Frontegg permissions provide you and your customers with granularity to select which users can do what regarding functionality from the admin-box.
Examples include permissions for operations such as
Invite user and
Change security polices.
This impacts actions your users can take in the admin portal embedded in your application and backend API calls sent to Frontegg on behalf of your users.
The Frontegg Permissions list is a fixed list that you cannot edit or delete. All Frontegg permissions begins with the fe prefix (such as
|Name||The permission name.|
|Description||The description is intended to help you and your teammates understand the permission internally.|
|Category||Categories serve as simple holding folders for a group of related permissions. This is true of both Frontegg Permissions and Custom Permissions.|
Each Frontegg Permission is already assigned to a category and cannot be reassigned to a different one. Each Custom Permission you must assign to a category and can edit which category it belongs to. Although organized in categories, each permission must be edited individually.
|Key||An internal identifier that must be unique. As a best practice, a permissions key should include the name of the resource and the action it is protecting. For example: If I I want to protect SAML configuration with permissions I’ll add three permissions with different actions|
On the permissions table, you can see all permissions created by Frontegg and by you (custom permissions).
- Search bar - gives you the option to search for a specific permission
- Filters - you can filter permissions by category and the creator (you or Frontegg)
- Delete a permission - use the three dots on the right side of each permission to delete it
On the Settings tab add the following:
|Name (required)||Add a descriptive name for your permission|
|Description||We advise you to add a description that will help you and other teammates manage the permissions.|
|Category (required)||Choose a category from the category list. You can assign an existing category, or create a new one.|
|Key (required)||add a unique key, which will be used to identify the permission and will be added to your code.|
On the role tab, you are able to attach the permission you are editing or creating to multiple roles
- Click on “Assign roles”
- Mark the roles you would like to add to this permission
- Click “Assign roles”
- Click ‘Save’ to add the permission to the permission table
A permission can be saved without a role attached, and you can add those later on.
In order to go back and edit an existing permission, click on the permission in the table and edit its settings.
- Setting up roles and permissions on each environment (this document explains how you can do that)
- Adding/editing permission for specific roles within the backoffice
- Make sure you’ve enabled the roles and permission option under the authorization → Roles (in each environment).
- In case you created custom roles and added custom permissions, make sure you’ve added them to your code to be enforced.
- Create roles and permissions in one of the testing environments before moving them to Production.
Add a new test user with that role and validate the enforcement on your side.
- Move the roles and Permissions to Production
APIs related to permissions
- Get permissions
- Create permissions
- Delete permission
- Update permission
- Set a permission to multiple roles
APIs related to permission categories
After configuring your roles and permissions in the Frontegg Portal, you can enforce them in your application. Specifically, you can:
Updated about 1 month ago