Define user permissions

You can manage and control user access with permissions. Once you set up permissions, they can be grouped into roles, to make assigning them managing access easier.

First time creating permissions?

Link to this section

For each permission you create on Kinde, you need to assign a unique ‘key’ that your product code will reference to apply the permission. We suggest you create permissions first, and then if you want, create roles to group sets of permissions to apply to users.

Add a new user permission

Link to this section

1. Go to Settings > User Management > Permissions. If you already have permissions added, you’ll see a list of them.

2. Select Add permission.

3. Give the permission a Name. Keep it short and descriptive, so you can easily understand what it is for. For example, ‘View financial reports’.

4. Enter a Description. Provide additional context to help users understand this permission and the effect it will have. For example ‘Allows users to view, but not update, financial reports for the business.’

5. Enter a Key. The key is how your code references the permission in Kinde. It should be a word that is easy to reference in code and match in your product. For example read-reports. It’s a good idea to follow a naming convention pattern to help maintain your code. Here’s what it might look like:

   [action_type]:[functional_area] e.g read:reports

6. Select if you want this permission to be automatically added when a new role is created. You might do this for example, if the permission is something all users need to be allowed to do.

7. Select Save.

Edit permission

Link to this section

User permissions are dynamic and refreshed via the issued token. This means that any changes you make will be applied to users, the next time they sign in.

We don’t recommend editing permission keys, once a permission is in use. It will break the code link between your product and the defined permission.

1. Go to Settings > User Management > Permissions. If you already have permissions, you’ll see a list of them.
2. Select the three dots next to the permission you want to edit and choose Edit permission.
3. Make the changes you want and select Save.

Delete user permissions

Link to this section

When you delete a permission, you remove the permission access from all users who are assigned that permission, and from all users who have that permission as part of a role. This can’t be reversed.

1. Go to Settings > User Management > Permissions. Your list of permissions is shown.
2. Select the three dots next to the permission and choose Delete. A confirmation / warning message appears.
3. Select Delete permission. The permission is permanently deleted.

Are Kinde permissions shared across environments?

Link to this section

Yes. Permissions are defined at the business level, not per environment. A permission created in your development environment is the same permission in staging and production — there is no per-environment isolation. If your team needs to test permission changes without affecting production, manage each environment in a separate Kinde business. Permissions can also be grouped into roles to make assigning access easier.

Are permissions included in access tokens?

Link to this section

Yes. Permissions assigned to a user are automatically included in their access token as the permissions claim. If you want to keep them out of the token, you can use the user token generation workflow to strip the claim before the token is issued. For details on the token structure and retrieval options, see Access tokens.