Team, roles & RBAC
Invite teammates, assign roles, and define custom roles with a deny-list permission model and production-scoped permissions.
Nolixan uses a deny-list RBAC model: a role starts from a base and is denied specific permissions. Production-sensitive actions (writes, secret reads, deletes) are gated by dedicated permissions, so you can let people work in development while locking down production.
Built-in roles
| Role | Access |
|---|---|
administrator | Full access (no denials) |
development_full_access | Everything except production access |
production_support | Read-only production; no admin, no secret reads |
Manage the team
Routes under /api/v1/team (JWT auth).
| Method | Path | Purpose |
|---|---|---|
GET | /team/ | Account + members (id, name, email, role, active) |
PATCH | /team/users/{user_id} | Change a member's role — body { "role": "…" } |
DELETE | /team/users/{user_id} | Remove a member |
Changing roles requires canUpdateTeamMember; removal requires canRemoveTeamMember.
Custom roles
Define your own roles by starting from a base role and denying specific permissions (and, optionally, attribute conditions). Routes under /api/v1/roles (canManageTeam).
| Method | Path | Purpose |
|---|---|---|
GET | /roles/ | List custom roles |
POST | /roles/ | Create — { name, base_role, denied_permissions[], attribute_conditions{} } |
PATCH | /roles/{role_id} | Update |
DELETE | /roles/{role_id} | Delete |
Key permissions
- Admin:
canManageTeam,canInviteMember,canManageBilling,canManagePolicies,canManageAgents,canCreateEnvironment. - Production writes:
canWriteProdConnections,canWriteProdIntegrations,canWriteProdWebhooks,canDeleteProd*. - Production secrets:
canReadProdSecretKey,canReadProdConnectionCredentials.
These permissions are enforced on every route — combined with separation of duties, the person who requests a sensitive action can't be the one who approves it.