You are reading the documentation for an outdated Corteza release. 2023.9 is the latest stable Corteza release.

Access Control

Corteza defines three particular role types which need to be registered in the .env file.

The role types:
  • Bypass: RBAC_BYPASS_ROLES; defaults to super-admin. Bypass roles may not appear in any of the other lists.

  • Authenticated: RBAC_AUTHENTICATED_ROLES; defaults to authenticated. Authenticated roles may not appear in any of the other lists.

  • Anonymous: RBAC_ANONYMOUS_ROLES; defaults to anonymous.

The .env variables accept a space-delimited list of role handles.

Corteza will refuse to start if the role type configuration is invalid or the roles don’t exist.