Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi,
It's the first time I am building an API with Laravel Jetstream.
In JetstreamServiceProvider I have defined the role as follows:
Jetstream::role('corporate', 'Corporate Member', [
'company:list',
'company:view',
])->description('Corporate Members can list and view all Companies.');
However, when I log in as a user with corporate role (and that's the only role the user has), and click on API Tokens, sure enough it shows me the two permissions above, but it also lists create, delete, read and update.
What can I do to ensure the above role only has the two permissions I listed above?
You can do like this in your model
$this->user->token()->revoke()
or you can check this also https://laracasts.com/discuss/channels/laravel/passport-how-can-i-manually-revoke-access-token?page=1#:~:text=Finally%20i%20found%20a%20method.%20I%20don%27t%20know%20if%20this%20is%20the%20correct%20method
Thanks Nihir,
My question wasn't about revoking a token from a user. It's about removing default permissions from a role, as in the example above, I am defining what permissions the 'corporate' role should have. It does grant the two permissions to the role, but it also adds the four more: create, delete, read and update which I would like to remove.
Hi Richard, that's interesting because I have the latest Jetstream installed and there is no such option to manage users or roles and permissions. Nothing mentioned in the documentation, either: https://jetstream.laravel.com/2.x/features/teams.html#roles-permissions
Except configuring permissions in JetstreamServiceProvider which I already have done
Please or to participate in this conversation.