Docs / Permissions and trust /
PermissionScopeMap
Visual map of the permissions an agent holds, organized by scope category.
Preview
database/postgres/prodproject Production Postgres cluster. Write access is gated and audited.
readwritedeleteschemaemail/sendgridworkspace Outbound email via SendGrid. Bulk sends require explicit approval.
readsenddeletegit/github/kansho-uirun Repository access. Auto-approved for read; push requires human sign-off.
readwritepushbranch- readmatches repo allowlist
Variants
Minimal — two groups, no caption
filesystem/localrun readwritedelete- readmatches project directory
network/externalworkspace fetchpost
Props
| Prop | Type | Description |
|---|---|---|
| groups* | ScopeGroup[] | One entry per resource group. Each group has a scope path, optional tier, description, and permission actions. |
| caption | string | Optional heading rendered above the group list. |
| className | string | Additional CSS classes for the section root. |
* required.
Usage
import { PermissionScopeMap } from "@/components/control-plane/permission-scope-map";
<PermissionScopeMap
caption="Agent permission map · dataops-v2"
groups={[
{
id: "db-prod",
scope: "database/postgres/prod",
tier: "project",
permissions: [
{ action: "read", mode: "granted" },
{ action: "write", mode: "ask" },
{ action: "delete", mode: "denied" },
],
},
]}
/>