`Role`¶

Represents a SecurityPrincipal’s system-wide role.

enum class Role {
    GUEST,
    USER,
    ADMIN,
    SERVICE,
    THIRD_PARTY_APP,
    PROVIDER,
    UNKNOWN,
}

This is usually not used for application-specific authorization.

Services are encouraged to implement their own authorization control, potentially from a common library.

Properties

GUEST The security principal is an unauthenticated guest

USER The security principal is a normal end-user.

Normal end users can also have “admin-like” privileges in certain parts of the application.

ADMIN The security principal is an administrator of the system.

Very few users should have this role.

SERVICE The security principal is a first party, __trusted__, service.

THIRD_PARTY_APP The security principal is some third party application.

This type of role is currently not used. It is reserved for potential future purposes.

PROVIDER

UNKNOWN The user role is unknown.

If the action is somewhat low-sensitivity it should be fairly safe to assume USER/THIRD_PARTY_APP privileges. This means no special privileges should be granted to the user.

This will only happen if we are sent a token of a newer version that what we cannot parse.

Role¶

`Role`¶