Skip to main content

RoleScopeCatalog

The authoritative vocabulary an admin picks from when defining a custom role. Derived server-side from the Go authorization source of truth (authz group / workspace scope sets, via the scope registry) rather than hard-coded on the client, so the role editor's pickers can never drift from what the platform actually authorizes (ADR-0066).

type RoleScopeCatalog {
scopesByLevel: [RoleScopeLevel!]!
entityTypes: [String!]!
tenancyLevels: [String!]!
}

Fields

RoleScopeCatalog.scopesByLevel ● [RoleScopeLevel!]! non-null object

Scopes grouped by the tenancy level they apply at (a role's scopes).

RoleScopeCatalog.entityTypes ● [String!]! non-null scalar

Entity types a role's appliesTo may name (bot, strategy, exchange, runner).

RoleScopeCatalog.tenancyLevels ● [String!]! non-null scalar

Tenancy levels a role's grantsAt may name (organization, workspace).

Returned By

roleScopeCatalog query