Every enterprise system needs a way to determine who can do what. In the Web2 world, this is handled by access control tools like Google Admin, Okta, or Rippling. These platforms manage Identity and Access Management (IAM) through role-based access control (RBAC), ensuring the right people have the right permissions at the right time.
Mezzanine takes this concept one step further: we use public keys and smart contracts to enforce access control directly onchain. If you can prove control of a wallet with the correct credential, then you can take actions—whether that’s viewing documents, changing records, proposing transactions, or approving onchain transfers. There are no passwords to reset, no centralized systems to compromise, and no risk of rogue admins changing permissions behind closed doors.
At Mezzanine, roles and credentials are one of only two things stored onchain (the other being assets). This decision is deliberate: it guarantees that only the organization itself can modify its access settings. The result is a level of access control that exceeds Web2 standards, ensuring organizational integrity through mechanical enforcement, not just policy.
Mezzanine organizations start with a predefined hierarchy:
Permissions are configured as a tree structure. This top-down hierarchy creates clear and auditable pathways of authority, while still allowing for flexibility and rapid delegation.
In the next version, organizations will be able to define custom roles and arbitrary groups that match their operating structure.
Permissions can grant access to both:
Each application added from the Mezzanine App Store can define its own permission set. Common permission types include: