Reserved User Roles
Zango has two built-in roles that exist in every app. They cannot be deleted and behave differently from roles you create.
AnonymousUsers
Grants access to unauthenticated (public) users.
- Attach a policy to
AnonymousUsersto make those views publicly accessible — no login required - Use this only for pages that should be genuinely public (e.g. a landing page or public API)
- Individual users cannot be assigned to this role — it applies automatically to all unauthenticated requests
{
"policies": [
{
"name": "PublicAccess",
"description": "Publicly accessible views",
"statement": {
"permissions": [
{ "type": "view", "name": "landing.views.LandingView" }
]
}
}
]
}
SystemUsers
An internal system role — do not use this role in your app.
- Cannot be referenced in
policies.json— adding a policy forSystemUserswill not work and may cause errors - Do not assign it to any view or permission
- It exists for internal Zango framework use only
danger
Never reference SystemUsers in your policies.json files. Only use roles you created (e.g. Admin, Manager) and AnonymousUsers for public views.
Summary
| Role | Used for | Can assign to views? | Can assign to users? |
|---|---|---|---|
AnonymousUsers | Public / unauthenticated access | Yes | No |
SystemUsers | Internal framework use | No | No |
Custom roles (e.g. Admin) | Your app's user types | Yes | Yes |