The EvaluateResponseDto object

Example

{
  "allowed": false,
  "permission": "string",
  "scope_evaluated": "node",
  "effective_node_id": "string",
  "granting_roles": [
    "string"
  ],
  "denial_reason": "string"
}

Properties

allowedboolean*
permissionstring*
scope_evaluatedenum: "node" | "app_wide"*
Echo of the `scope` the caller asked for. `app_wide` answers are 'matched somewhere in the tree' — never treat them as scoped to a specific node.
effective_node_idstring
The hierarchy node the decision was anchored to. Always set for `scope_evaluated: "node"`; always null for `scope_evaluated: "app_wide"` because the answer is org-scoped, not node-scoped.
granting_rolesstring[]*
denial_reasonstring