Arxi Decision Gate Asset Core
Docs
Asset Core Docs

Deterministic world-state engine documentation and API references.

Decision Gate docs

Set up RBAC for a tenant

This guide walks through a practical RBAC setup using ACCTL as the primary operator interface. The steps focus on verification and least-privilege access so you can confirm the system behaves exactly as intended.

The exact token provisioning workflow depends on your deployment, but the verification steps and access checks remain the same across environments.

Step 1: Confirm the daemon is reachable

Use ACCTL to verify connectivity to the write daemon before you configure permissions:

acctl auth whoami

This should return the current principal context. If it fails, fix connectivity or token configuration before proceeding.

Step 2: Inspect effective permissions

Use the permissions endpoint to see which operations the current principal can perform:

acctl auth permissions --namespace-id 5001

This output is the ground truth of what the token can do for the selected namespace. If a required operation is missing, adjust roles or namespace ACLs before continuing.

If you plan to allow reverse commits, verify that the reverse-commit operation is explicitly granted in this list.

Step 3: Validate least-privilege with a test operation

Choose a low-risk operation that should succeed for the role you are testing (for example, list namespaces or query container metadata). Use ACCTL or curl to verify the outcome.

acctl namespaces list --limit 5

If the operation fails with 403, the role mapping is too restrictive. If it succeeds when it should not, tighten the role or ACL bindings.

Step 4: Rotate or revoke access

RBAC is only safe when you can revoke or rotate tokens quickly. Use your deployment’s token management workflow, then immediately re-run the verification steps above to confirm revocation.

Common role profiles

Below are practical role profiles you can use for least-privilege setups. The exact role names depend on your deployment catalog, but the intent is consistent.

  • Reader: Read-only access to projections and freshness.
  • Writer: Commit access plus read visibility.
  • Operator: Namespace lifecycle and operational state access.
  • Admin: Full tenant-level access (use sparingly).

Next steps