Strait supports layered authorization for user actors:Documentation Index
Fetch the complete documentation index at: https://docs.strait.dev/llms.txt
Use this file to discover all available pages before exploring further.
- Role permissions (project roles)
- Role inheritance (
parent_role_idchains) - Resource policies (direct user grant on a specific resource)
- Tag policies (grant by resource tag match)
Core Endpoints
Roles
POST /v1/rolesGET /v1/rolesGET /v1/roles/{roleID}PATCH /v1/roles/{roleID}DELETE /v1/roles/{roleID}POST /v1/seed-roles
Members
POST /v1/membersPOST /v1/members/bulkGET /v1/membersDELETE /v1/members/{userID}
Role Lineage Introspection
GET /v1/roles/{roleID}?include_lineage=true
Resource Policies
POST /v1/resource-policiesGET /v1/resource-policies(cursor pagination)DELETE /v1/resource-policies/{policyID}
Tag Policies
POST /v1/tag-policiesGET /v1/tag-policies(cursor pagination)DELETE /v1/tag-policies/{policyID}
Permission Resolution Order
For user actors,requirePermission() resolves access in this order:
- Role/inherited role permissions
- Resource policy permissions for
(resource_type, resource_id, user_id) - Tag policy permissions for matching resource tags
Notes
- RBAC mutations are rate-limited with stricter control-plane limits.
- Permission cache is auto-invalidated when memberships/policies change.
- Audit events are emitted for RBAC control-plane mutations.