Access Control

API Reference: Authentication | Roles | Permissions | API Keys

FoxNose offers a robust role-based access control system to manage user permissions at various levels across the organization, project, and environment. This approach helps secure content while providing team members with the specific permissions needed to perform their roles effectively.

Authentication Methods

FoxNose uses two primary authentication methods that align with its role-based access structure:

JWT Authentication

User-based authentication available only for email-verified accounts
Suited for user interactions, especially in administrative tasks within the Management API
Supports access tokens and refresh tokens for user-specific, session-based interactions
Can hold any role within an organization, project, or environment, enabling high-level and environment-specific control

API Key Authentication

Service-based authentication ideal for automated interactions
Enables API keys to securely access both the Management API and Flux API
Each API type has dedicated API keys and roles
API keys are restricted to the Granular Role, limiting access based on designated entities and actions

Available Roles

Access control in FoxNose is organized by roles that assign specific permissions across the organization's hierarchy. These roles define access within organizational, project, and environment contexts.

Role	API Access	Included Permissions
Organization Owner	Organizations, projects, environments	Full access to organization management, all projects and environments
Organization Administrator	Specific organization and all its projects/environments	Project management and project-level data access, without ability to manage other organization administrators
Project Administrator	Full access to specific project and its environments	Project settings, full environment management, including role assignment to users in environments
Granular Role	Only specific environment	Configurable access to entities and actions. Can set full access, but without environment deletion rights

Granular Permissions

The Granular Role offers fine-tuned access to specific entities within an environment. It is available to both users and Management API keys, making it ideal for scenarios where restricted, focused access is needed.

Environment Management

Permission	Description	Available Actions
Environment Settings	View and modify environment configurations, including enabling or disabling environments. Does not permit environment deletion.	Read, Update

Content Management

Permission	Description	Available Actions
Collection Schemas	Create and manage schemas for collection folders	Create, Read, Update, Delete
Components	Manage reusable data schemas (components)	Create, Read, Update, Delete
Folder Contents	View the list of resources and subfolders within folders without accessing their contents. Enables precise control through object-level permissions for folders	Read
Folder Structure	View and manage the hierarchy of folders	Create, Read, Update, Delete
Resources	Create, view, and manage resources within folders, including opening and editing their contents	Create, Read, Update, Delete

Access Control Management

Permission	Description	Available Actions
Management API Roles	Create, view, and manage roles for accessing the system via web application or Management API keys	Create, Read, Update, Delete
Management API Keys	Create, view, and manage API keys for accessing the Management API	Create, Read, Update, Delete
User Role Assignments	Assign and manage roles for users interacting with the environment through the web application	Create, Read, Update, Delete

Flux API Management

Permission	Description	Available Actions
Flux APIs	Create and manage Flux APIs	Create, Read, Update, Delete
Flux API Roles	Manage access to the Flux API through associated API keys and role assignments	Create, Read, Update, Delete
Flux API Keys	Create, view, and manage API keys for accessing the Flux API	Create, Read, Update, Delete