AccessPolicy

AccessPolicy Type

Represents an access control policy that defines permissions for resources and actions within the system. AccessPolicies are used for role-based access control (RBAC) to secure the application.

Fields

Field

Type

Description

id

ID!

Unique identifier of the access policy

createdAt

Time!

Creation timestamp

createdBy

UUID!

User identifier who created the policy

updatedAt

Time

Last update timestamp

updatedBy

UUID

User identifier who last updated the policy

deletedAt

Time

Deletion timestamp

deletedBy

UUID

User identifier who deleted the policy

tenantID

UUID!

Tenant identifier

resource

String!

Resource identifier (e.g., 'inventory.item')

action

String!

Action to perform (e.g., 'read', 'write', 'delete')

effect

String!

Effect of the policy: 'allow' or 'deny'

Interfaces

Node

Usage Example

query {
  accessPolicies(first: 10) {
    edges {
      node {
        id
        resource
        action
        effect
        tenantID
        createdAt
        updatedAt
      }
    }
  }
}

Policy Structure

AccessPolicies follow a resource-action-effect pattern:

Resource: Identifies what is being accessed (e.g., inventory.item, management.user)
Action: Specifies the operation being performed (e.g., read, write, delete, create)
Effect: Determines whether to allow or deny the access

Common Use Cases

Restricting user access to specific inventory items
Controlling who can create or modify users
Implementing fine-grained permissions for different tenant resources
Setting up role-based access control across the application

PreviousTypes NextCollectionMovement

Last updated 4 months ago

Was this helpful?