Permissions / RBAC

Define roles with specific permissions that your app checks at runtime. Useful for admin panels, moderator tools, and premium features.

How it works

Admin creates roles with arrays of permission strings
Roles are assigned to users
The client SDK checks if the current user has a specific permission
Your app uses these permissions to show/hide features

MCP tools

Tool	Description
`amba_create_role`	Create a role with permissions
`amba_list_roles`	List all roles
`amba_assign_role`	Assign a role to a user

Example

Agent: "Set up admin and moderator roles"

amba_create_role({
  project_id: "proj_xxx",
  name: "admin",
  description: "Full app administration",
  permissions: ["content:write", "users:manage", "moderation:manage", "config:write"]
})

amba_create_role({
  project_id: "proj_xxx",
  name: "moderator",
  description: "Content moderation",
  permissions: ["content:read", "moderation:manage", "users:read"]
})

amba_assign_role({
  project_id: "proj_xxx",
  app_user_id: "user_xxx",
  role_id: "role_admin_xxx"
})

Client API reference

Method	Path	Description
`GET`	`/client/roles/me`	Get current user's roles and permissions

Database tables

Table	Purpose
`roles`	Role definitions with name and permissions array
`user_roles`	User-to-role assignments

Permissions / RBAC

How it works

MCP tools

Example

Client API reference

Database tables

On this page