OSS-first docs
These docs teach the open system first: contracts, generated surfaces, runtimes, governance, and incremental adoption. Studio shows up as the operating layer on top, not as the source of truth.
Revoke a role from a user or organization.
Goal
Remove permissions via role revocation.
Context
User/org permission management.
Emitted Events
•
`role.revoked` (v1.0.0)
Source Definition
import { defineCommand, defineQuery } from '@lssm-tech/lib.contracts-spec';
import { ScalarTypeEnum, SchemaModel } from '@lssm-tech/lib.schema';
import { SuccessResultModel } from './user';
export const RevokeRoleContract = defineCommand({
meta: {
key: 'identity.rbac.revoke',
version: '1.0.0',
stability: 'stable',
owners: ['@platform.identity-rbac'],
tags: ['identity', 'rbac', 'revoke'],
description: 'Revoke a role from a user or organization.',
goal: 'Remove permissions via role revocation.',
context: 'User/org permission management.',
},
io: {
input: RevokeRoleInputModel,
output: SuccessResultModel,
errors: {
BINDING_NOT_FOUND: {
description: 'The policy binding does not exist',
http: 404,
gqlCode: 'BINDING_NOT_FOUND',
when: 'Binding ID is invalid',
},
},
},
policy: {
auth: 'admin',
},
sideEffects: {
emits: [
{
key: 'role.revoked',
version: '1.0.0',
when: 'Role is revoked',
payload: BindingIdPayloadModel,
},
],
audit: ['role.revoked'],
},
});