What are Permissions in Frontegg?

Permissions are essential for controlling user access to information and functionality in your application.

Permissions represent the ability to do something in your app, e.g., deleting users or editing a profile page. Permissions are strongly linked to Roles, since a role is essentially a group of permissions. Each user has one or more roles that define what they can perform in your app.

To get you started quickly, Frontegg comes with a robust collection of default permissions, that are related to the features we give you within the admin box. Additionally, you can set Custom Permissions to use in addition to or instead of your preset Frontegg Permissions. Read below to learn more.



Note that you need to enable (toggle-on) the Admin Portal areas you want to give users access to. Otherwise, giving them permissions or roles including specific permissions will have no effect as the areas will remain hidden.

Creating and Granting Permissions

As mentioned in the Prerequisite box above, giving users access to Admin Portal areas is essential for them to see these tabs. The first step before granting them permissions is, therefore, to toggle on the different areas in your app you want them to access, like so:

Where to manage permissions for your app

Permissions exist for every environment. The permission tab is located at {Environment Name} → Entitlements → Permissions

Frontegg Permissions and Default Settings

Frontegg's set of permissions provides you and your customer the granularity to select which users can do what from within your admin box.

Examples include permissions to perform actions such as Give access to sub accounts, Edit group roles, Delegation, etc.

Permissions impact the actions your users can take in the admin portal in your application. Frontegg's Permissions list is fixed and cannot be edited or deleted. All Frontegg permissions begin with an fe prefix (such as

User and Tenant Permissions in the Admin Portal

When granting users Roles and permissions, you can determine which tabs they see in the Admin Portal. See the table below for a quick reference on which permission controls what tab (note that the following refers to read permissions; there are write and delete permissions as well (for example, also has and You can always use the search bar to see all available permissions under each category.

CategoryPermissionKeyLocation in Portal
Security PoliciesRead & Security
AuditsRead logs
API TokensRead tenant API tokens
API TokensRead user API tokens
User ManagementRead
Account SettingsRead details
Webhook IntegrationRead

Wildcard and Global Permissions

In addition to individual permissions, you can add global permissions to users. Use the * in the search bar to see all permissions supported for this functionality. When granting a user with an* permission, you are granting the user with global read permissions (in comparison which grants a much more granular capability).* permission, for example, will grant users complete read and write permissions.

Permission Properties

Each permission has the following properties:

NameThe permission name.
DescriptionThe description is intended to help you and your teammates understand the permission internally.
CategoryCategories serve as simple holding folders for a group of related permissions. This is true of both Frontegg Permissions and Custom Permissions.
Each Frontegg Permission is already assigned to a category and cannot be reassigned to a different one. Each Custom Permission you must assign to a category and can edit which category it belongs to. Although organized in categories, each permission must be edited individually.
KeyAn internal identifier that must be unique. As a best practice, a permissions key should include the name of the resource and the action it is protecting. For example, If I want to protect SAML configuration with permissions, I would add three permissions with different actions:
IDEach permission has a unique ID that is generated automatically upon creation

Permissions table and actions

In the permissions dashboard, you can view all supported permissions, search for specific ones and assign them roles.

  1. Search bar - gives you the option to search for a specific permission
  2. Filters - you can filter permissions by category and the creator (you or Frontegg)
  3. Assign Roles - Assign roles to permissions. When roles are assigned to permissions, the permissions become part of the Roles' subset features— I.e., every user assigned with that specific role will be entitled to perform its subset set of permissions.
  1. Delete a permission - use the three dots on the right side of each permission to delete it.
CategoryPermissionKeyLocation in Portal
Security PoliciesRead & Security
AuditsRead logs
API TokensRead tenant API tokens
API TokensRead user API tokens
User ManagementRead
Account SettingsRead details
Webhook IntegrationRead

Creating and Editing Permissions

Create a new permission by clicking the "Add New Permission" button.

The Settings tab includes the following fields:

Name (required)Add a descriptive name for your permission
DescriptionWe advise you to add a description that will help you and other teammates manage the permissions.
Category (required)Choose a category from the category list. You can assign an existing category, or create a new one.
Key (required)add a unique key, which will be used to identify the permission and will be added to your code.

To add new permission, press the Add new permission button, and fill in the Name, Category, and Key _fields. The _Key field is the unique identifier stored in the user JWT.


Permissions dependency

Permissions can be created without any role attached— Roles can be added later on.

Permissions APIs

Permission APIs:

  1. Get permissions
  2. Create permissions
  3. Delete permission
  4. Update permission
  5. Set a permission to multiple roles

Permission Category APIs

  1. Get permissions categories
  2. Create category
  3. Update category
  4. Delete category