Zenskar employs a mix of role-based access control (RBAC) and permission-based access control for authorization. People often get confused between authentication and authorization. It is important to remember that authorization is not the same as authentication:

Are you who you claim to be?Are you allowed to do what you are trying to do?
You are challenged to validate your credentials through mechanisms such as password verification, fingerprint matching, facial recognition.You are provided access to a resource through policies and rules created by an administrator.
Generally governed by the OpenID Connect (OIDC) protocol.Generally governed by the OAuth 2.0 framework.

In summary, access to a resource is protected by both authentication and authorization: you have to prove your identity and possess appropriate permissions to interact with resources

Important concepts are summarized in the table below:

Authorization objectDescription
PermissionsSets of permitted verbs (or actions) on a set of resources. In Zenskar, Read, Write, Delete, and Approve are the verbs available.
RolesCollections of permissions. You can bind (or assign) users to a role.
BindingsAssociations of a user with a role.

How to add a new role?

  1. Click on the drop-up menu on the left bottom corner, and click on Roles.
  2. Click on the + ADD NEW ROLE button.
  3. Enter the new role name.
  4. Grant required permissions to the role by selecting permissions from the AVAILABLE PERMISSIONS list and adding them to the GRANTED PERMISSIONS list.
  5. Click ADD ROLE.


Choose all permissions

The option to choose all permissions must be used with caution. The user attains unlimited power.

Available permissions

The permissions are of the form:

Can Read
Can Write
Can Delete


Can Approve permission

There is also a Can Approve permission applicable only to invoices.

Credit Notes
Data Sources
Payment Methods
Raw Metric

How to update a role?

  1. Click on the drop-up menu on the left bottom corner, and click on Roles.
  2. From the roles listed on the page, click on the role you wish to edit.
  3. Make the necessary edits and click the UPDATE ROLE button.

How to delete a role?

  1. Navigate to Administrator > Roles.
  2. Each row on the Roles page has a kebab menu. Clicking on the kebab menu will display the option to delete a role.



A user can be granted more permissions than allowed by a role. Deleting a role will revoke the permissions granted to user by the role. However, the user will retain the extra permissions.