Skip to content

RBAC and Membership

Auth Service manages user context, organization membership, project membership, roles, and permissions used by Governance Studio and Governance Service.

  • Organization membership controls access to organization-wide resources.
  • Project membership controls access to project-specific governance work.
  • Platform service accounts may receive platform-wide claims for automated workflows.

Administrators should assign the minimum role needed for each user. Organization owner and project owner roles should be limited to users responsible for administration.

Protected APIs validate bearer credentials and use Auth Service responses to enforce role and permission checks. Integrations should be tested with the same role scope they will use in production.