RBAC and Membership
Auth Service manages user context, organization membership, project membership, roles, and permissions used by Governance Studio and Governance Service.
Membership Scopes
Section titled “Membership Scopes”- Organization membership controls access to organization-wide resources.
- Project membership controls access to project-specific governance work.
- Platform service accounts may receive platform-wide claims for automated workflows.
Role Assignment
Section titled “Role Assignment”Administrators should assign the minimum role needed for each user. Organization owner and project owner roles should be limited to users responsible for administration.
API Behavior
Section titled “API Behavior”Protected APIs validate bearer credentials and use Auth Service responses to enforce role and permission checks. Integrations should be tested with the same role scope they will use in production.