DocsPlatform managementAccess control

Access control

Overview

MATTR VII uses Role-Based Access Control (RBAC) to manage permissions and access within a tenant. Each role grants access to specific capabilities, ensuring that users or clients only have access to the functionalities they need. Below is a list of available roles and their descriptions:

  • Tenant admin (admin): Has full access to all tenant capabilities. This role is assigned to the default client when a new tenant is created.
  • Issuer (issuer): Has access to capabilities required for issuing and managing credentials of different formats across different channels.
  • Verifier (verifier): Has access to capabilities required for verifying credentials of different formats across different channels.
  • DTS provider (dts-provider): Has access to capabilities required for managing a Digital Trust Service (DTS).
  • DTS consumer (dts-consumer): Has access to capabilities required to consume DTS information from a tenant.
  • Auditor (auditor): Has read-only access to analytics data.

Role permissions

The following sections detail the capabilities available for different roles. For an inclusive list of the endpoints and operations each role can access, please refer to the roles and permissions list.

Furthermore, the MATTR VII API reference details, for each endpoint, what roles can access it.

Tenant admin permissions

The following list details the MATTR VII capabilities available to users and clients assigned with the Tenant admin role. This includes all tenant capabilities:

Platform management

Digital Trust Service

Credential issuance

Credential management

Credential verification


Issuer permissions

The following list details the MATTR VII capabilities available to users and clients assigned with the Issuer role:

Platform management

Digital Trust Service

Credential issuance

Credential management


Verifier permissions

The following list details the MATTR VII capabilities available to users and clients assigned with the Admin role:

Platform management

Digital Trust Service

Credential verification


DTS provider permissions

The following list details the MATTR VII capabilities available to users and clients assigned with the DTS provider role:

Platform management

Digital Trust Service


DTS consumer permissions

The following list details the MATTR VII capabilities available to users and clients assigned with the DTS consumer role:

Digital Trust Service


Auditor permissions

The following list details the MATTR VII capabilities available to users and clients assigned with the Auditor role:

Platform management


* Partial support or not available for users using MATTR Portal; users or clients using MATTR VII API are not affected.

Additional resources

Tutorials