Skip to main content

Permissions

The Haute Chai SDK uses a granular permissions system to control access to different methods and resources. Permissions are defined through the MethodsPermissions interface, which specifies what actions an account can perform.

Permission Structure

Permissions are organized by resource type and their associated actions. Each permission is a boolean value that determines whether the action is allowed.

Access Control

  • access.add: Add access permissions to resources
  • access.remove: Remove access permissions from resources

Account Management

  • accounts.create: Create new accounts
  • accounts.read: Read account information

Balance Management

  • balances.read: View balance information
  • balances.update: Modify balance values

Collection Management

  • collections.create: Create new collections
  • collections.read: View collection information
  • collections.update: Modify collection metadata
  • Collection relationships:
    • collections.children: Manage child collections
      • add: Add child collections
      • read: View child collections
      • remove: Remove child collections
    • collections.parents: Manage parent collections
      • add: Add parent collections
      • read: View parent collections
      • remove: Remove parent collections
    • collections.stacks: Manage stack associations
      • add: Add stacks to collections
      • remove: Remove stacks from collections

Group Management

  • groups.create: Create new groups
  • groups.delete: Delete existing groups
  • Group membership:
    • groups.accounts.add: Add accounts to groups
    • groups.accounts.remove: Remove accounts from groups

Image Management

  • images.create: Create/upload new images
  • images.read: View image information and URLs

Operation Management

  • operations.create: Create new operations
  • operations.read: View operation information
  • operations.update: Modify operation metadata

Stack Management

  • stacks.create: Create new stacks
  • stacks.read: View stack information
  • stacks.update: Modify stack metadata
  • Stack operations:
    • stacks.operations.add: Add operations to stacks
    • stacks.operations.remove: Remove operations from stacks

Storage Management

  • storage.create: Create storage records
  • storage.read: Read storage records
  • storage.update: Update storage records
  • storage.delete: Delete storage records

Access Roles

When granting access to resources (collections or stacks), three roles are available:

  • reader: Can view the resource
  • writer: Can view and modify the resource
  • maintainer: Full control over the resource, including managing access

Default Permissions

Root Accounts

By default all root accounts have full access to all resources and actions.

Regular Accounts

For regular accounts we grant all permissions except for the following:

  • accounts.create
  • accounts.read
  • balances.update

However, you can always override these defaults when creating a token in the Server SDK.