Role Assignment
A role assignment has three components :
- Role to be assigned
- Profile the role is assigned to
- Scope of the assignment
A profile can have multiple role assignments, with different scopes for the same role as well to allow for access to multiple resource-instances of the same resource-kind.
Resource object has two components : resource-kind (which is the kind of the resource, eg : chat-room), and resource-key (unique "id" of the resource). This is useful is defining the scope of the role. A resource-instance is an instance of a particular resource-kind. It is a resource object with a unique id.
See Scopes for more info : examples
Role Assignment API : Create Role Assignments
Base Role
A Base Role defines a default set of permissions assigned to user profiles. It acts as the starting role for new users within an application.
While multiple Base Roles can exist, only those marked as active are considered for assignment. This ensures new profiles receive the appropriate baseline access upon creation.
Base Role Creation API: Create a Base Role
When does a Base Role apply?
Base roles are used to provide default permissions to profiles within an application.
When a base role is marked as active for an application, its permissions are automatically considered for any profile associated with that application. This means you do not need to manually assign a role to each new profile — as long as a base role is active, the associated permissions will be applied when access is evaluated.
This setup ensures a consistent baseline of access across all profiles in the application without requiring direct role assignments.
Role
A role is a collection of permissions that can be assigned to a profile. Roles determine the level of access a profile has within the LiveLike application. Roles have to be explicitly assigned to a profile.
Role Creation API : Create a Role
Permissions
Permissions represent specific actions that profiles can execute within the LiveLike application. These actions are predefined and managed by LiveLike. Permissions only indicate what a profile can do, without specifying restrictions.
Below is a sample list of permissions provided by LiveLike, formatted by permission key and its description:
delete-comment : Delete comment from a comment board
delete-comment-board-ban : Delete comment board ban
dismiss-reported-comment : Dismiss Reported Comment
view-comment-board-bans : View Comment Board Bans
view-reported-comments : View Reported Comments
create-comment-board-ban : Create comment board ban
create-alert : Create Alert
create-cheer-meter : Create Cheer Meter
create-emoji-poll : Create Emoji Poll
create-emoji-slider : Create Emoji Slider
create-image-number-prediction : Create Image Number Prediction
publish-text-ask : Publish Text Ask
publish-text-poll : Publish Text Poll
publish-text-prediction : Publish Text Prediction
publish-text-prediction-follow-up : Publish Text Prediction Follow Up
publish-text-quiz : Publish Text Quiz
publish-twitter-spotlight : Publish Twitter Spotlight
publish-video-alert : Publish Video Alert
This API can be used to fetch the list of all permissions supported by livelike : List Permissions
Resource
Resources define distinct components or functionalities within the LiveLike application, which RBAC is applicable to. These components are predefined and are managed by LiveLike.
Below is a sample list of applicable resource-kinds provided by LiveLike:
chat-room
profile
comment-board
twitter-spotlight
social-embed
rich-post
program
This API can be used to fetch all applicable resource-kinds : Get List of Resources
Scope
Scope refers to the application-specific range of a resource category and a resource instance. It helps integrators precisely define the context in which a permission is applicable.
It can be represented by a pair of resource-kind (type of resource), and resource-key (unique identifier of the resource, or "*" for all resources of that kind)
Example Scopes :
- kind = program, key = program_a -> denotes a program with a particular id
- kind = chat-room, key = "*" -> denotes all chatrooms
- kind = comment-board, key = board_a ; kind = comment-board, key = board_b -> denotes comment boards of id = a and b
Role Template
Role templates are predefined sets of permissions designed for common use-cases. These templates are integrated into the system and are managed by LiveLike. However clients can use them to create a role with permissions associated with the role template.
Here is an sample list of role templates and their respective permissions as provided by LiveLike:
create-alert
create-cheer-meter
create-emoji-poll
create-emoji-slider
create-image-number-prediction
create-image-number-prediction-follow-up
create-image-poll
create-image-prediction
create-image-prediction-follow-up
create-image-quiz
create-rich-post
create-social-embed
create-text-ask
create-text-poll
create-text-prediction
create-text-prediction-follow-up
create-text-quiz
create-twitter-spotlight
create-video-alert
publish-alert
publish-cheer-meter
publish-emoji-poll
publish-emoji-slider
publish-image-number-prediction
publish-image-number-prediction-follow-up
publish-image-poll
publish-image-prediction
publish-image-prediction-follow-up
publish-image-quiz
publish-rich-post
publish-social-embed
publish-text-ask
publish-text-poll
publish-text-prediction
publish-text-prediction-follow-up
publish-text-quiz
publish-twitter-spotlight
publish-video-alert
create-comment-board-ban
view-comment-board-bans
delete-comment
delete-comment-board-ban
This API can be used to get a list of all role templates offered by Livelike : Get Role Templates
Role Assignment Examples:
- Widget Creator role when assigned to a user A with scope of {kind, key = program, program_a}, would allow the user to create widgets in program_an only.
- Widget Creator role when assigned to a user B with scope of {kind, key = program, "*"}, would allow the user to create widgets in all programs.
- Another widget creator role assigned to user A with scope of {kind, key = program, program_b} would allow the user to create widgets in program_b along with program_a as well.