Application memberships
The application memebership object and the allowed CRUD operations on the related resource endpoint
Application memberships connect the membership of a user of an organization to a specific Dashboard app, via the related API credential with determined permissions granted by the associated role.
Please note that only Admins (i.e. users with an admin role) can perform all the CRUD actions on the application memberships of an organization, while Members (i.e. users with a read_only or custom role) are allowed only to retrieve a specific application membership and/or to fetch a list of application memberships.
When you send a GET request to the application_memberships endpoint, all your application memberships plus all the organization memberships of the organizations of which you are admin will be returned.
Permissions
Since each Dashboard app comes with its own set of permissions in terms of CRUD actions on the single Core API resources, to get the real permissions of the user on the specific app the permissions associated with the role used to create an application membership must be crossed with the app's ones. For example:
adminroles will get the Full access permissions of the related appread_onlyroles will get the Read-only permissions of the related appcustomroles will get their custom permissions as long as they are a subset of the Full access list of permissions of the related app
Adding restrictions
You can add some restrictions to the default rules above and narrow the scope of an application membership (e.g. allowing a user to manage only the shipments identified by an ID included in a specific array, allowing a user to update only the orders belonging to a specific market, etc.) by leveraging the filters attribute:
Last updated