Appearance
Roles & Scopes
One permission system across your whole app — who (and which bots) can read, write, or manage every entity, integration, action, and endpoint.
Configure
Roles
Define roles for your users — each decides what someone can access and do. Examples: Admin / Member / Viewer, or Photographer / Client, or Free / Premium.
Scopes
Scopes are the granular permissions a role carries. A scope can control:
- Which entities a role can read, write, or manage
- Which integrations a role can use
- Which actions it can invoke
- Which API endpoints are reachable
"Create a viewer role that can read Projects but not edit anything." "Create a public scope that only exposes the product catalog."
Bot-to-bot access
Scopes aren't just for people. When another AI agent connects over MCP, its token carries scopes — so you control exactly what an external agent can see and do.
Use in your app
Access is enforced by the backend automatically — calls that exceed a user's scope are rejected, so you don't re-check permissions in the frontend. Read the current user's role from their account to tailor the UI.