🙍Roles & Permissions

The Guardian Project's roles and permissions system provides a structured way to manage user access and actions within the platform. Here's an overview of the key components:

1. Roles and Groups: Roles define a set of permissions, and groups can be created to aggregate these roles. This allows for efficient management of permissions across different users by assigning them to specific roles or groups.

2. Role Management: Users with the appropriate permissions can create, update, and delete roles using the Policy Configurator UI. This includes setting specific permissions for each role.

3. Delegation and Transfer: Users can delegate their roles to others while retaining their own permissions. This feature is particularly useful in collaborative environments where responsibilities may shift temporarily.

4. Policy-Based Permissions: Permissions are often tied to specific policies within the Guardian ecosystem. This includes importing/exporting policies, executing dry runs, and managing policy steps and documents.

5. Advanced Operations: For users with higher-level permissions, there are capabilities to manage tokens, perform automation testing, and handle policy execution record/replay functionalities.