Roles, Permissions, Schemas

Alongside the Roles and Permissions APIs, the Dashboard provides a visual method of managing access rights and resource visibility for account operators and application users alike.


Operator Roles

You can use the 'Team Settings' page to add more team members to the account to enable collaboration and sharing of access to account resources as required. You can also create and assign access roles, which are used to limit scope and access amongst the team members on the account.

782782

Application User Roles

Use the 'Application User Roles' page to manage Application User roles, which determine which resources Application users can see and modify.

791791

This section lists the currently available roles, and also allows creation of new ones. Click 'Add new βŠ•', fill in the appropriate name and description, then click 'Create'. The new role will be shown, including the empty list of permissions.

The default state is that a new role has only default permissions, so some can be added here using the 'Permissions' section of this screen. Do this by adding paths and checking the appropriate methods to be granted for the role.

812812

If required, uncheck the 'No other roles can view and assign this role' box to choose other roles that need access to this role. For example, a supervisor roles may need access from the account operator to a subordinate role in order to manage its permissions.

Finally, you can save and load a preset list of roles for reuse with newly created Application User roles. This also allows you to begin with the default set, and iterate from there.

242242

Read Roles and Permissions for more information on the types of role and their uses.


Schemas

πŸ“˜

Enterprise Feature

The Dashboard also allows creation and application of schema resources to limit the visibility and access of certain types of Thngs, products, and actions for Application User roles. The schema defines which fields of the target resource can be seen or updated. Schemas are created and managed via the 'Schemas' section of the Dashboard navigation panel.

πŸ“˜

Note

You must have the Schemas Enterprise module enabled to access the Schemas section and use schema resources.

863863

New schema resources can be added by clicking 'Add new βŠ•'. The next page allows you to specify the name of the schema resource (useful for providing human-readable context about its purpose), the type of Platform resource it will be applied to (once associated with an Application User role), and the body of the schema itself.

The schema may be any compatible Schema object describing the permitted shape of a resource of the specified type. At the moment, only Thng properties and action type fields are checked.

864864

See the Schemas page for more information about the creation and application of schemas.


Role Policies

Once a schema resource has been created, it will not be applied until associated with an Application User role. This means that all Application Users with the specified role will have the schema applied to their read/write requests that they make.

A role policy can be created through the Dashboard by choosing an Application User Role from that section of the left-hand navigation and selecting the 'Schemas' tab under 'Role access'. Choose a schema to apply, and optionally add another with the 'Add new' button. With this in place, requests by Application Users with that role will have these schemas applied.

765765