SuitePortal

RBAC Model

Deep dive into SuitePortal's role-based access control implementation.

RBAC Model

This documentation is currently being developed. Check back soon for complete content.

Overview

SuitePortal implements a hierarchical RBAC model that provides fine-grained access control across the multi-tenant architecture.

Model Components

Subjects

Who is requesting access (Users, API Keys)

Resources

What is being accessed (Transactions, Entities, Settings)

Actions

What operation is being performed (Read, Write, Delete, Manage)

Context

Additional conditions (Organization membership, Time-based access)

Permission Resolution

Request → Authenticate → Get Memberships → Resolve Roles → Check Permissions → Allow/Deny

Inheritance

Permissions can be inherited through the organization hierarchy:

Tenant Admin
    ↓ inherits
Organization Admin
    ↓ inherits
Organization Member

Custom Roles

Tenants can create custom roles with specific permission combinations:

{
  "name": "Invoice Viewer",
  "permissions": [
    "read:invoices",
    "read:payments"
  ]
}

Users, Roles & Permissions

How user access and permissions work in SuitePortal.

Extensions System

Understanding SuitePortal's modular extension architecture.

On this page

RBAC ModelOverviewModel ComponentsSubjectsResourcesActionsContextPermission ResolutionInheritanceCustom RolesRelated Concepts