Noxus authorization is scope-driven and split between:
- workspace-level permissions
- organization/global permissions
Workspace-Level Scopes
These scopes are specific to a workspace and govern what users can do inside that workspace.
| Category | Scope Name | Label | Description |
|---|
| Flows | workspace.flows.create | Create | Create workflows/flows |
| Flows | workspace.flows.edit | Edit | Edit workflows/flows |
| Flows | workspace.flows.delete | Delete | Delete workflows/flows |
| Flows | workspace.flows.run | Run | Execute workflows/flows |
| Flows | workspace.flows.advanced | Advanced | Advanced workflow operations |
| Agents | workspace.agents.create | Create | Create agents |
| Agents | workspace.agents.edit | Edit | Edit agents |
| Agents | workspace.agents.delete | Delete | Delete agents |
| Agents | workspace.agents.run | Run | Execute agents |
| Agents | workspace.agents.advanced | Advanced | Advanced agent operations |
| Knowledge Bases | workspace.kbs.create | Create | Create knowledge bases |
| Knowledge Bases | workspace.kbs.edit | Edit | Edit knowledge bases |
| Knowledge Bases | workspace.kbs.delete | Delete | Delete knowledge bases |
| Knowledge Bases | workspace.kbs.run | Run | Query knowledge bases |
| Knowledge Bases | workspace.kbs.advanced | Advanced | Advanced KB operations |
| Administration | workspace.integrations.edit | Edit Integrations | Manage workspace integrations |
| Administration | workspace.users.edit | Edit Users | Manage workspace users |
| Administration | workspace.users.delete | Delete Users | Remove users from workspace |
| Administration | workspace.settings.edit | Edit Settings | Modify workspace settings |
Global / Organization-Level Scopes
These scopes control cross-workspace and organization-level operations.
| Category | Scope Name | Label | Description |
|---|
| Users | users.read | Read | View user information |
| Users | users.write | Write | Create users |
| Users | users.edit | Edit | Modify user information |
| Users | users.delete | Delete | Remove users |
| Workspaces | workspace.read | Read | View workspace information |
| Workspaces | workspace.write | Write | Create workspaces |
| Workspaces | workspace.edit | Edit | Modify workspaces |
| Workspaces | workspace.delete | Delete | Remove workspaces |
| Organization | org.read | Read | View organization information |
| Organization | org.edit | Edit | Modify organization settings |
| Organization | org.billing | Billing | Manage billing and subscriptions |
| Global Settings | settings.read | Read | View global settings |
| Global Settings | settings.edit | Edit | Modify global settings |
| Global Settings | settings.admin | Admin | Full administrative access |
Admin Configuration Tie-In
Authorization policy, role-to-scope mapping, and global controls should be managed from Noxus admin settings by users with global admin permissions.
Keep role definitions small and composable. Use scopes as the stable contract.
