Permissions
Permissions
The Simetrik CLI operates against your workspace through the platform API, so what you can do is governed by your workspace role — not by the CLI itself. This applies equally to a person running commands and to a Claude agent acting on their behalf.
CLI access gate
Before any command runs, the CLI checks whether your workspace has CLI access enabled (cli.access). If it doesn't, every command fails with:
CLI access is not available for your workspace. Contact your administrator.If you see this (error code CLI_ACCESS_DENIED), your workspace administrator must enable CLI access for your account.
Workspace and role
simetrik login authenticates you into a specific workspace. If you belong to several, pick one during login or pass --workspace <id>. Your role in that workspace then determines which operations are allowed.
Permissions by operation
Each command maps to an entity + action permission. You need the matching grant in your role:
| What you want to do | Requires (entity · action) |
|---|---|
| Create or edit a source | resources · create_edit |
| Create or edit a reconciliation | reconciliations · create_edit_configure |
| View a reconciliation's data & configuration | reconciliations · view_data_configurations |
| Run a reconciliation | reconciliations · execute |
If a command returns a permission error, ask your administrator to grant the corresponding access for your role. Roles, permissions, and users are managed in app.simetrik.com — see What the CLI can't do.
:::note Permissions are evaluated server-side on every call. Granting or revoking access takes effect on your next command (a short local cache may apply). :::