Security
Access control
Roles, permissions, and how authorization is enforced inside BonData.
BonData enforces authorization at the API tier on every request. Each request carries a Descope-issued JWT; the API validates the JWT, resolves it to a user record and the tenant the user belongs to, and then checks the user’s role against the action being requested.