Scope Permission Designer Skill
Overview
This skill designs and implements OAuth scopes and permission models for APIs, enabling fine-grained access control that maps to business requirements.
Capabilities
- •Design scope hierarchies and inheritance
- •Implement permission validation in SDK/API
- •Generate comprehensive scope documentation
- •Support scope-based access control (SBAC)
- •Configure scope consent flows
- •Implement resource-level permissions
- •Design scope grouping and bundles
- •Generate scope matrices for documentation
Target Processes
- •Authentication and Authorization Patterns
- •Developer Portal Implementation
- •API Design Specification
Integration Points
- •OAuth authorization servers
- •Policy engines (OPA, Cedar)
- •RBAC/ABAC systems
- •API gateway authorization
- •Consent management UIs
Input Requirements
- •Business requirements for access control
- •Resource and action mapping
- •Scope naming conventions
- •Hierarchy requirements
- •Consent flow needs
Output Artifacts
- •Scope taxonomy documentation
- •Permission validation middleware
- •Scope documentation for developers
- •Consent UI components
- •Scope matrices and mappings
- •Admin permission management API
Usage Example
yaml
skill:
name: scope-permission-designer
context:
scopeFormat: "resource:action"
hierarchy:
admin: ["read", "write", "delete"]
write: ["read"]
scopes:
- users:read
- users:write
- users:delete
- projects:read
- projects:write
bundles:
- name: basic
scopes: ["users:read", "projects:read"]
- name: full
scopes: ["users:*", "projects:*"]
Best Practices
- •Use consistent naming conventions
- •Design scopes around resources and actions
- •Implement scope hierarchies to reduce complexity
- •Document all scopes clearly
- •Provide sensible default scope bundles
- •Support both fine-grained and coarse permissions