The permission object and the allowed CRUD operations on the related resource endpoint

To allow a seamless collaborative workflow, Enterprise users can define custom roles and assign permissions to each role created. This allows different members to have different privileges or different integration API credentials to be granted different permissions on CRUD operations at the single resource level.

Each permission is role and subject-specific, meaning that to create a new permission you need to associate it with a role and specify the single resource involved. For that resource you can define the allowed actions by setting the 4 CRUD boolean attributes (which can be changed at any time):

  • can_read

  • can_create

  • can_update

  • can_delete

If you want to create a set of permissions involving different resources, you need to create a permission for each resource, associated with the same role.

When fetching a permission, you can check if additional restrictions have been applied by inspecting the restrictions object.

Existing permissions cannot be deleted using the Provisioning API.

Last updated