Multi-level access control mechanisms

Restrict access to protected APIs and microservices using multi-level access control by utilizing permissions, roles, organizations, feature flags.

Learn more Sign up

Alternative Text

Role-based access control (RBAC)

Using OAuth 2.0 and OpenID Connect claims, Axioms can embed various permissions
or roles in issued authorization tokens.

Alternative Text


Create permissions for each resource describing allowed access and description to display on the consent screen. Permissions can be created around CRUD operations on data models or API verbs.

Alternative Text


Map permissions to roles so that users are assigned a selected few roles and not a large number of low-level permissions. Roles are hierarchical so a role can inherit permissions from other roles.

Alternative Text


If the tenant is organization enabled, this feature provides additional container and layer to group users and roles which is highly desirable if your SaaS product or digital platform is business-to-business (B2B).

RBAC in Action

Using RBAC, group your resource permissions into roles.
Assign those roles to users. Users and roles can be mapped to an organization.