Manage user permissions
Manage users
Manage user roles
Roles allow you to group permissions into buckets. A role in Kinde could represent a collection of permissions available to an owner, an administrator, a member or whatever role structure is relevant to your business.
This topic covers how to manage roles in the Kinde platform and via the Kinde Management API.
Important things to know about Kinde roles
Link to this section- User roles are defined at the business level, but applied to users at an organization level
- A user can have multiple roles per organization
- The same user can have different roles in different organizations. They could have the
adminandownerrole in Org A and amemberrole in Org B - We recommend you use permissions for controlling access to features within your application, then use roles to group the permissions.
- Roles (and permissions) cannot be assigned to a user unless they belong to an organization.
Add user roles in Kinde
Link to this section- In Kinde, go to Settings > User Management > Roles. The User roles page opens showing any user roles already defined.
- Select Add role. The Add role window opens.
- Give the role a Name. Keep it short and descriptive, so you can easily understand what it is for. For example, ‘Accounts management’.
- Enter a Description. Describe what a user with this role can do. For example ‘Allows users to perform all basic accounts functions.’
- Enter a Key. The key is how your code references the role in Kinde. It should be a word that is easy to reference in code and match in your product. You should also follow a naming convention for all roles to help maintain your code.
- Select if the role should be assigned to all new users by default when they sign up.
- Select the permissions that are included in the role by switching them on. See also Define user permissions.
- Select Save.
Edit user roles
Link to this sectionYou can update user roles via the Kinde Management API or using the procedure below.
User roles are dynamic and refreshed via the issued token. This means that any changes you make will be applied to all users assigned that role, the next time they sign in.
We don’t recommend editing role keys, once a role is in use. It will break the code link between your product and the defined role.
- Go to Settings > User Management > Roles. If you already have roles, you’ll see a list of them.
- Select the three dots next to the role you want to edit and choose Edit.
- Make the changes you want and select Save.
Delete user roles
Link to this sectionYou can delete user roles via the Kinde Management API or using the procedure below.
When you delete a user role, you will remove the role as well as all the associated permissions from all users who are assigned that role. This can’t be reversed.
- Go to Settings > User Management > Roles. Your list of roles is shown.
- Select the three dots next to the role and choose Delete. A confirmation / warning message appears.
- Select Delete role. The role is deleted permanently.
Add user roles via API
Link to this sectionYou can add user roles via the Kinde API.
Use the Add Organization User Role end point to assign a role to a user, and get the role IDs from the Roles endpoint.
Add roles to the access token
Link to this sectionWhen a user authorizes against an organization in Kinde, you can enable their roles to be returned as an array of IDs in the roles claim of the access_token. This is part of an additional claim.
To add roles to tokens
Link to this section- Go to Settings > Applications > [Your application] > Tokens.
- Scroll to the Token Customization section.
- Select Customize on the Access tokens card.
- Switch on Roles (array) in the Additional claims section.
Our SDKs commonly ship with a getClaim method to help with this. For example in React you could use something like:
getClaim("roles");// {name: "roles", value: ["admin", "owner"]}