Skip to main content
Tesouro uses role-based access control (RBAC) to manage what actions organization users can perform. When you create a role, you specify a set of permissions that define which actions are allowed on which objects.

Permission types

The following permission types are available:
  • not_allowed (default) - the specified action is not allowed.
  • allowed - the specified action is always allowed.
  • allowed_for_own - the specified action is allowed to be performed only on the objects created by this organization user.

List of permissions

Below is the list of all permissions available in the Tesouro RBAC system: