RoleScopeCatalog
The authoritative vocabulary an admin picks from when defining a custom role. Derived server-side from the Go authorization source of truth (authz group / workspace scope sets, via the scope registry) rather than hard-coded on the client, so the role editor's pickers can never drift from what the platform actually authorizes (ADR-0066).
type RoleScopeCatalog {
scopesByLevel: [RoleScopeLevel!]!
entityTypes: [String!]!
tenancyLevels: [String!]!
}
Fields
RoleScopeCatalog.scopesByLevel ● [RoleScopeLevel!]! non-null object
Scopes grouped by the tenancy level they apply at (a role's scopes).
RoleScopeCatalog.entityTypes ● [String!]! non-null scalar
Entity types a role's appliesTo may name (bot, strategy, exchange, runner).
RoleScopeCatalog.tenancyLevels ● [String!]! non-null scalar
Tenancy levels a role's grantsAt may name (organization, workspace).
Returned By
roleScopeCatalog query