Roles contain a set of permissions which can be assigned to an account.
If this account is associated with a user, the permissions associated with the account are granted to the user.
- An account can be in multiple roles
- The permissions in each role are considered when authenticating
Roles API documentation
Permissions API documentation
Permissions
A permission is a key to lock. Permission provide access to a specific set of end-points. Each end-points is associated with a resource and action.
For example:
A support agent may have the ability to create accounts but not delete them.
Thus their account may require the following permission -
Resource = Account
Action = Create
It is possible to list the available resources via the following API end-point:
List Resources API documentation
Each resource has a well defined list of Actions that can be performed, it is possible to find these actions using the following API end-point:
For example:
The accounts resource has the following actions -
All
Create
Delete
Edit
Read
Top tip: A role with without permissions does not grant access to any resource
Resource Groups
Certain resources are logically grouped together, in particular Coupon, UserResources and ProductResources. This simplifies assignment of related resources.
- Resource Name: Coupon
- Logical Group: Perform actions on coupons
Grouped resources –
Coupon
CouponBook
CouponBookDefinition
CouponDefinition
CouponInstance
CouponModifier
CouponRuleResource Name: UserResources
- Logical Group: Perform actions for users, i.e. Accounts who can access the BillForwad API / UI.
Grouped resources –
Account
Address
Permission
Password
Profile
User
Username
- Resource Name: ProductResources
- Logical Group: Perform actions for product and plan, i.e. creation of rate-plans.
- Grouped resources –
FixedTerm
PricingComponent
PricingComponentTier
ProductRatePlan
Product
UnitOfMeasure
Tax
Grouped Actions
There is only a single role up action, All which grants all permissions.
Structure
