Roles
The role object and the allowed CRUD operations on the related resource endpoint
Roles are organization-specific and can be assigned to a membership (to grant a specific user a set of permissions) or to an integration API credential.
Roles can be of three types (identified by the kind
attribute):
read_only
— to performGET
requests on any Core API single resource or list of resources).admin
— to perform any available CRUD operation on any Core API resource.custom
— to grant a different set of permissions on multiple resources (available for Enterprise plans only).
Custom roles
While the permission for the read_only
and admin
roles are set by default and assigned at runtime by the Core API, Enterprise customers can define custom
roles specifying custom permissions on CRUD actions at the single resource level so as to leverage a granular control, tailored to their needs.
Existing roles cannot be deleted using the Provisioning API. A read_only
and an admin
roles are automatically created for your organization, so the POST
method on the /api/roles
endpoint will be successful only for Enterprise customers: in that case, all you need to do to create a custom role is to give it a name, the related kind
will be automatically set to custom
.
Last updated