Roles

Explanation

When you are performing an action on the API you are authenticated thanks to the api key. This api key authenticates you as a given user.

A user has a role that gives different rights on API’s resources.

There are for now 3 roles:
  • PROVIDER
  • ORG_ADMIN
  • BUSINESS_MANAGER

The roles hierarchy is: PROVIDER > ORG_ADMIN > BUSINESS_MANAGER.

In the API a provider owns several org and an org owns several business and users.

PROVIDER

This role is meant for Partoo partners.

READ access:

Resource Scope Details
User Provider Can access the users that shares its provider
Org Provider Can access the orgs that shares its provider
Business Provider Can access the businesses that share its provider
Category All Can access all categories

WRITE access:

Resource Scope Details
User Provider
  • Can create users, they will share its provider (and its org_id if no org_id given)
  • Can update users that shares its provider
  • Can only gives the role ORG_ADMIN and BUSINESS_MANAGER to its user
Org Provider
  • Can create orgs, they will share its provider
  • Can update orgs that shares its provider
Business Provider
  • Can create business, they will share its provider (and its org_id if no org_id given)
  • Can update businesses that shares its provider
Category No access  

ORG_ADMIN

This role is meant for Partoo clients.

READ access:

Resource Scope Details
User Org Can access the users that shares its org_id
Org Org Can access only its own org
Business Org Can access the businesses that shares its org_id
Category All Can access all categories

WRITE access:

Resource Scope Details
User Org
  • Can create users, they will share its provider and its org_id.
  • Can update users that shares its org_id
  • Can only gives the role BUSINESS_MANAGER to its user
Org Org
  • Can update itself
  • Cannot create new org.
Business Org
  • Can create business, they will share its provider and its org_id
  • Can update businesses that shares its org_id
Category No access  

BUSINESS_MANAGER

This role is meant for local manager.

READ access:

Resource Scope Details
User User Can access only its own user
Org Org Can access only its own org
Business Org Can access the businesses that shares its org_id
Category All Can access all categories

WRITE access:

Resource Scope Details
User Org
  • Can only update its own user
  • Cannot create new user
  • Cannot change its user role
Org No access
  • Cannot update/create org
Business Org
  • Can update its businesses
  • Cannot create business
Category No access