Permissions

Subroutine features are protected with a permission system. Any viewer, whether a user or an API key, must pass a permission check for most operations. These permissions can be controlled via role-based access controls that can be configured on the Subroutine Admin's Role Page.

As part of setting up your organization account, ensure that both users and the API keys you are using are grouped into roles. These roles can represent any logical structure that makes sense for your organization, such as teams or functions.

Domains

Resources are grouped into "domains". Domains represent a logical grouping of resources. When you define permissions for particular roles, those permissions allow specific actions be performed on domains. For instance, a role called "Infra Team" could get permission to create, delete, or modify chatbot agents inside the "eng/infra" domain.

Domains support nesting. If you create a domain called "eng/infra" and put a resource into it, a viewer with access to the "eng" domain will be allowed to interact with that resource.

Superadmin Role

Upon creating the account, the user who created it will be added to the superadmin role. That role has the permissions to perform all actions across all domains.