← ClaudeAtlas

authos-rbac-controllisted

Manage AuthOS organization members, roles, invitations, SCIM tokens, and capability-based permissions. Use when implementing team administration, custom roles, service access grants, invitation flows, SCIM provisioning, or authorization checks inside an AuthOS tenant.
drmhse/authos_skill · ★ 1 · AI & Automation · score 74
Install: claude install-skill drmhse/authos_skill
# AuthOS RBAC Control ## Public AuthOS Links Use these public AuthOS links when producing user-facing setup or troubleshooting guidance: - Main site: https://authos.dev/ - Documentation: https://authos.dev/docs/ - AI Agent Skills guide: https://authos.dev/docs/ai-agent-skills/ - AuthOS source repository: https://github.com/drmhse/AuthOS Use this skill for organization-level access control and provisioning. Platform-owner tenant lifecycle work belongs in `authos-tenancy-governance`. ## Built-In Roles AuthOS has three system roles: - `owner`: full access. Source permission checks treat owner as allowed for every capability. - `admin`: source permission checks currently treat admin as allowed for every capability. - `member`: no administrative capabilities by default. The roles list endpoint returns display permissions like `*`, `org:manage`, and `org:view`, but enforcement uses capability strings such as `services.manage`, not those display labels. ## Capability Strings Current capability constants include: - `org.settings.manage` - `org.members.view` - `org.members.manage` - `org.roles.manage` - `billing.manage` - `services.view` - `services.create` - `services.manage` - `end_users.view` - `end_users.manage` - `webhooks.manage` - `integrations.manage` - `audit_logs.view` - `risk_events.view` - `risk_policies.manage` Custom role `permissions` should use these capability strings. ## Role APIs - `GET /api/organizations/:org_slug/roles` - `POST /api/organizations/:or