Custom Permissioning

Privileges, Roles, Members, Teams: Access Control API allows users to create privileges and roles, associate them with teams and members, and grant access to resources.

This conversation provides an overview of the Access Control List (ACL) API and how it can be used to manage access control in a web application. The API allows users to create privileges and roles, associate them with teams and members, and grant access to resources. The conversation covers the implementation steps for integrating the ACL API, including creating teams and members, granting access, and checking access at runtime. The video also discusses licensing and integration options for using the ACL API.


  • The ACL API provides a comprehensive solution for managing access control in web applications.
  • Users can create privileges and roles, associate them with teams and members, and grant access to resources.
  • Integrating the ACL API can save time and effort in implementing access control functionality.
  • The API supports a range of integration options, including SaaS model and licensing for on-premises deployment.


00:00 Introduction to the Access Control List API

01:18 Overview of the Project Management App

02:13 Using the Access Control List API for Web App Implementation

03:09 Creating Privileges and Roles

04:01 Understanding Roles and Privileges

05:12 Associating Privileges with Roles

06:19 Implementing Access Control in the Web App

09:25 Integration Steps for Access Control API

10:35 Creating Teams and Members

12:21 Granting Access to Teams and Members

14:25 Creating Resources and Granting Access

16:41 Fetching Privileges and Roles for Resources

18:48 Checking Access at Runtime

21:34 Licensing and Integration Options

23:17 Conclusion and Next Steps


Introduction and Overview

  • Krish introduces the video and discusses the focus on the Access Control List (ACL) API.
  • Mention of saving time, effort, and money by integrating the API.
  • Emphasis on allowing web, mobile, or service teams to work on core customer problems.

Demonstration of Existing App

  • Krish briefly shows an existing web application related to project management.
  • Explains the hierarchy of content and demonstrates sharing with different access levels.
  • Mentions the ACL model in the context of the project management app.

Access Control API Overview

  • Provides the URL for the Access Control List (ACL) API.
  • Encourages using the Postman collection for a better understanding.
  • Highlights the importance of having APIs available for developers to start coding quickly.

Roles and Privileges Explanation

  • Krish explains the concept of roles and privileges in the context of the ACL API.
  • Discusses creating privileges, custom privileges, and their association with roles.
  • Mentions the absence of roles in the current implementation but presents a theoretical role structure.

Implementation Steps for Access Control

  • Krish details the steps involved in integrating the Access Control API.
  • Steps include creating privileges, roles, teams, and members.
  • Explains the simplicity of the implementation for UI teams.

Members and Teams Explanation

  • Differentiates between members (users) and teams.
  • Describes how teams can be created and associated with roles or privileges.
  • Emphasizes the flexibility of the implementation.

Granting Access to Resources

  • Discusses the process of granting access to resources using privileges or roles.
  • Explains the hierarchy and complexity in assigning access levels.
  • Highlights the importance of leaving backend complexities to the provided APIs.

Integration Steps and Use Cases

  • Krish summarizes the integration steps for UI teams.
  • Emphasizes the flexibility of the API for different use cases.
  • Encourages teams to focus on solving specific business problems rather than backend complexities.

Closing and Call to Action

  • Krish concludes the video, inviting questions and expressing willingness to help.
  • Promotes the use of Snowpal's Access Control API through different models (SaaS or licensing).
  • Stresses the goal of providing more time to focus on core business problems.