vtex-io-rbac
Installation
SKILL.md
VTEX IO access control (RBAC)
When this skill applies
Use this skill when you need to control who can access your VTEX IO app's routes and resources:
- Deciding between role-based (
policies.json) and resource-based (service.jsonpolicies) access control - Securing REST endpoints so only specific apps, users, or API keys can call them
- Setting up GraphQL authorization with the
@authdirective - Understanding VRN (VTEX Resource Name) syntax for declaring principals
- Debugging 403 Forbidden errors caused by missing or misconfigured policies
Do not use this skill for:
- General service architecture (use
vtex-io-service-apps) - PCI compliance and payment security (use
payment-pci-security) - Route prefix and CDN behavior (use
vtex-io-service-paths-and-cdn)