Docs

Every permission id FastYoke ships, grouped by domain. The single source of truth lives in the canonical permission catalog.

Permission catalog

Every permission FastYoke ships is listed below, grouped by domain. Custom roles select any subset of these; the four system roles each hold a fixed subset defined in code.

Users & roles

IdLabelDescription
users.readView usersList and view tenant users.
users.inviteInvite usersSend invitations to new users.
users.updateUpdate usersEdit user profile and role assignment.
users.deleteRemove usersRemove users from the tenant.
roles.readView rolesList and view roles and their permissions.
roles.manageManage rolesCreate, edit, and delete custom roles.

FSM schemas

IdLabelDescription
fsm.readView FSMsList and view FSM schemas.
fsm.createCreate FSMsAuthor new FSM schemas.
fsm.updateEdit FSMsEdit FSM drafts (incl. annotations).
fsm.deleteDelete FSMsRemove FSM schemas.
fsm.publishPublish FSMsPromote a draft FSM to live.

Jobs

IdLabelDescription
jobs.readView jobsList and view job records.
jobs.createCreate jobsSpawn new jobs against an FSM.
jobs.transitionTransition jobsDrive a job through state transitions.
jobs.cancelOverride / cancelForce-cancel a job (admin override; bypasses guards).

Entities

IdLabelDescription
entities.readView entitiesList and view entity records.
entities.createCreate entitiesInsert new entity records.
entities.updateUpdate entitiesEdit existing entity records.
entities.deleteDelete entitiesRemove entity records.
entities.exportExport entitiesBulk export entity data.

Forms

IdLabelDescription
forms.readView formsList and view form definitions.
forms.createCreate formsAuthor new forms.
forms.updateEdit formsEdit form drafts.
forms.publishPublish formsPromote a draft form to live.
forms.deleteDelete formsRemove form definitions.
forms.submissions.readView submissionsView data submitted through forms.
forms.submissions.exportExport submissionsBulk export form submission data.

Files

IdLabelDescription
files.readView filesView attachments and files.
files.uploadUpload filesAttach new files to entities and forms.
files.deleteDelete filesRemove attachments.

Apps

IdLabelDescription
apps.readView appsList installed apps and extensions.
apps.installInstall appsInstall new app extensions.
apps.uninstallUninstall appsRemove app extensions.

PDF templates

IdLabelDescription
pdf.readView PDF templatesView overlay and auto-typeset PDF templates.
pdf.updateEdit PDF templatesEdit overlay region maps and PDF settings.
pdf.publishPublish PDF templatesPromote PDF template drafts to live.

Tenant config

IdLabelDescription
tenant.settings.viewView settingsOpen the tenant Settings area (branding, themes, connections, plan, etc.).
tenant.branding.updateEdit brandingEdit tenant branding (logo, colors, names).
tenant.theme.updateEdit themesEdit shared themes.
tenant.billing.readView billingView invoices and current commercial tier.
tenant.billing.manageManage billingOpen Checkout, change tier, manage Stripe portal.
tenant.sso.manageManage SSOConfigure WorkOS / SAML / OIDC connections.
tenant.workspace.updateRename workspaceChange the tenant's display name.
tenant.connections.manageManage connectionsConfigure LLM and integration credentials.
tenant.auth.manageManage auth proofRotate JWKS keys and configure auth-proof signing.

Audit & logs

IdLabelDescription
audit.readView audit logView role-change and admin-override logs.

API tokens

IdLabelDescription
tokens.manageManage API tokensMint, list, revoke per-tenant fy_pat_* tokens.

Pages

IdLabelDescription
pages.manageManage pagesAuthor and publish standalone custom pages.

Projects

IdLabelDescription
projects.manageManage projectsCreate and organize project containers for forms / pages / extensions.

Wasm

IdLabelDescription
wasm.executeExecute WasmInvoke admin-only Wasm execution endpoints.

Encryption

IdLabelDescription
tenant.encryption.manageManage encryption add-onActivate, rotate, backfill, and offboard the PII / SPI encryption add-on.
tenant.encryption.readstatusView encryption statusView encryption health: active version, row counts, last rotation.

Identity

IdLabelDescription
identity.sources.readView identity sourcesList identity-bearing entity types declared by tenant admins.
identity.sources.writeManage identity sourcesCreate, edit, and disable identity-bearing entity types.
identity.readView identityView the tenant's WorkOS Organization summary.
identity.updateManage identityEdit WorkOS Organization name + MFA policy, launch Admin Portal for SSO / SCIM setup.

Inventory

IdLabelDescription
inventory.readView inventoryList and view inventory items, stock levels, and movements.
inventory.writeManage inventoryPost stock movements and advance inventory workflows.

Auto Dealer

IdLabelDescription
dealer.readView dealershipView repair orders, counter tickets, special orders, and payments.
dealer.writeManage dealershipCreate and advance repair orders, counter tickets, and special orders.
dealer.paymentsTake paymentsCharge, void, and refund card-present payments at the counter and cashier.

Auto Tech

IdLabelDescription
tech.paymentsTake paymentsCharge, void, and refund card-present payments against a repair order.

Compliance

IdLabelDescription
compliance.readView complianceView frameworks, controls, findings, and corrective actions.
compliance.writeManage complianceCreate and advance findings, controls, and corrective actions.
compliance.verifyVerify corrective actionsSign off that a corrective action's evidence is sufficient (privileged).
compliance.auditAudit accessRead-only, engagement-scoped access to controls, evidence, and the immutable result history for an external auditor.

Yoke

IdLabelDescription
yoke.readView Yoke briefsView the Yoke inbox and brief details.
yoke.decideDecide on Yoke briefsApply, snooze, or dismiss Yoke briefs. Apply writes a schema_commit; dismiss-with-reason feeds template authoring.

Messaging

IdLabelDescription
messaging.useUse messagingSend and read direct messages and channels. Granted by default to members, managers, and admins; revoke it on a role to disable messaging for those users.