Permissions / 14 primitives + composition

Permissions & RBAC primitives

Role-based access control surfaces — role badges, the full permission matrix, inheritance resolution, ACL rows, the forbidden state, role inspector, workspace switcher, request-access wizard, approvals inbox, JIT elevation, API scope chips, session table, audit trail, and a chip-based policy editor. Visual references — no real authorisation wired.

Production answer

Permissions & RBAC primitives is a reusable Oak Flats Muffler Men UI primitive with documented states, accessibility expectations, theme behavior, and implementation evidence.

Primary CTAReview Permissions & RBAC primitives states
Generative search brief

Permissions & RBAC primitives: Role-based access control surfaces — role badges, the full permission matrix, inheritance resolution, ACL rows, the forbidden state, role inspector, workspace switcher, request-access wizard, approvals inbox, JIT elevation, API scope chips, session table, audit trail, and a chip-based policy editor. Visual references — no real authorisation wired.

Visual reference only — no real authorisation wired
Primitive 01

Role badge

Pill badge for Owner / Admin / Workshop / Billing / Viewer / Guest with iconlet + tone.

StatelessOpen
Primitive 02

Permission matrix

Resources × actions grid with allow / deny / inherited cells and bulk row + column toggles.

Stateful · gridOpen
Primitive 03

Inheritance tree

Vertical resolution path showing how direct, role, group and workspace defaults combine.

StatelessOpen
Primitive 04

ACL row

Single access entry — principal, grants, source chip, expiry, remove button.

StatelessOpen
Primitive 05

Forbidden state

403 surface showing the missing permission, attempted action, request and switch options.

StatelessOpen
Primitive 06

Role inspector

Detailed role card — member count, scopes, expandable full permission set.

Stateful · expandOpen
Primitive 07

Workspace switcher

Top-bar dropdown with searchable list, role-in-workspace and plan chip.

Stateful · searchOpen
Primitive 08

Request access flow

Three-step wizard — explain why → choose role → submit, with reviewer + SLA chip.

Stateful · stepsOpen
Primitive 09

Approval request row

Pending approval row — requester avatar, role, reason snippet, approve / reject / snooze.

StatelessOpen
Primitive 10

JIT access banner

Just-in-time elevation banner with live countdown and revoke-now button.

Stateful · timerOpen
Primitive 11

API scope chip

Compact chip per scope (workshop.read, parts.write, billing.admin) with hover tooltip.

StatelessOpen
Primitive 12

Session table

Full DataTable of active sessions — device, IP, location, last active, current chip.

Stateful · sortOpen
Primitive 13

Audit trail

Filter chips + paginated table; expand any row for the full JSON payload.

Stateful · filtersOpen
Primitive 14

Policy rule editor

When [event] on [subject], if [condition], then [allow/deny] because [reason] — chip-selectable.

Stateful · slotsOpen
Composition

Full RBAC console

Workspace switcher + role inspector + matrix + ACL list + approvals inbox + audit aside.

CompositionOpen