import * as z from "zod/v3";
import { Result as SafeParseResult } from "../../types/fp.js";
import { SDKValidationError } from "../errors/sdkvalidationerror.js";
import { GrantPermission, GrantPermission$Outbound } from "./grantpermission.js";
import { ReadPermission, ReadPermission$Outbound } from "./readpermission.js";
import { WritePermission, WritePermission$Outbound } from "./writepermission.js";
/**
 * Describes the permissions levels that a user has for permissioned features. When the client sends this, Permissions.read and Permissions.write are the additional permissions granted to a user on top of what they have via their roles.
 *
 * @remarks
 * When the server sends this, Permissions.read and Permissions.write are the complete (merged) set of permissions the user has, and Permissions.roles is just for display purposes.
 */
export type Permissions = {
    /**
     * TODO--deprecate in favor of the read and write properties. True if the user has access to /adminsearch
     */
    canAdminSearch?: boolean | undefined;
    /**
     * TODO--deprecate in favor of the read and write properties. True if the user can administrate client API tokens with global scope
     */
    canAdminClientApiGlobalTokens?: boolean | undefined;
    /**
     * TODO--deprecate in favor of the read and write properties. True if the user has access to data loss prevention (DLP) features
     */
    canDlp?: boolean | undefined;
    /**
     * Describes the read permission levels that a user has for permissioned features. Key must be PermissionedFeatureOrObject
     */
    read?: {
        [k: string]: Array<ReadPermission>;
    } | undefined;
    /**
     * Describes the write permissions levels that a user has for permissioned features. Key must be PermissionedFeatureOrObject
     */
    write?: {
        [k: string]: Array<WritePermission>;
    } | undefined;
    /**
     * Describes the grant permission levels that a user has for permissioned features. Key must be PermissionedFeatureOrObject
     */
    grant?: {
        [k: string]: Array<GrantPermission>;
    } | undefined;
    /**
     * The roleId of the canonical role a user has. The displayName is equal to the roleId.
     */
    role?: string | undefined;
    /**
     * The roleIds of the roles a user has.
     */
    roles?: Array<string> | undefined;
};
/** @internal */
export declare const Permissions$inboundSchema: z.ZodType<Permissions, z.ZodTypeDef, unknown>;
/** @internal */
export type Permissions$Outbound = {
    canAdminSearch?: boolean | undefined;
    canAdminClientApiGlobalTokens?: boolean | undefined;
    canDlp?: boolean | undefined;
    read?: {
        [k: string]: Array<ReadPermission$Outbound>;
    } | undefined;
    write?: {
        [k: string]: Array<WritePermission$Outbound>;
    } | undefined;
    grant?: {
        [k: string]: Array<GrantPermission$Outbound>;
    } | undefined;
    role?: string | undefined;
    roles?: Array<string> | undefined;
};
/** @internal */
export declare const Permissions$outboundSchema: z.ZodType<Permissions$Outbound, z.ZodTypeDef, Permissions>;
export declare function permissionsToJSON(permissions: Permissions): string;
export declare function permissionsFromJSON(jsonString: string): SafeParseResult<Permissions, SDKValidationError>;
//# sourceMappingURL=permissions.d.ts.map