Skip to main content
Directory grants are the permission records that control access to a directory. Each grant assigns a single permission level to a principal — an organization, user, or API key. When a request arrives, Orbit checks whether the caller’s principal matches any grant on the requested directory. You use the list, create, and delete grant endpoints to inspect and modify the grant list for any directory your credentials can manage.
Organization admins have implicit access to all directories within their organization and do not require explicit grants.For developer API key directory search, the key must be an organization API key (not a personal key) and must match an organization or api_key grant with search or manage permission on the target directory. Personal API keys are always rejected for directory search.

Permissions

Allows the principal to upload source data into this directory, including CSV files and connection imports.
Full administrative control. A principal with manage permission can update directory metadata, manage sources, create and delete grants, and run searches. Grants search and upload capabilities as well.

Grant principals

Principal typeWhat it grants access to
organizationAll users and API keys across the entire organization.
userOne specific organization member.
api_keyOne specific organization API key.