Roles

Roles contain a set of permissions which can be assigned to an account. If this account is associated with a user, the permissions associated with the account are granted to the user.

  1. An account can be in multiple roles
  2. The permissions in each role are considered when authenticating
Roles API documentation 
Permissions API documentation 

Permissions

A permission is a key to lock. Permission provide access to a specific set of end-points. Each end-points is associated with a resource and action.

For example:
A support agent may have the ability to create accounts but not delete them.
Thus their account may require the following permission -

Resource = Account
Action   = Create

It is possible to list the available resources via the following API end-point:

List Resources API documentation 

Each resource has a well defined list of Actions that can be performed, it is possible to find these actions using the following API end-point:

List Actions for Resource documentation 

For example:
The accounts resource has the following actions -

All
Create
Delete
Edit
Read

Top tip: A role with without permissions does not grant access to any resource


Resource Groups

Certain resources are logically grouped together, in particular Coupon, UserResources and ProductResources. This simplifies assignment of related resources.

  • Resource Name: Coupon
  • Logical Group: Perform actions on coupons
  • Grouped resources -

      Coupon
      CouponBook
      CouponBookDefinition
      CouponDefinition
      CouponInstance
      CouponModifier
      CouponRule
    
  • Resource Name: UserResources

  • Logical Group: Perform actions for users, i.e. Accounts who can access the BillForwad API / UI.
  • Grouped resources -

      Account
      Address
      Permission
      Password
      Profile
      User
      Username
    
  • Resource Name: ProductResources
  • Logical Group: Perform actions for product and plan, i.e. creation of rate-plans.
  • Grouped resources -
      FixedTerm
      PricingComponent
      PricingComponentTier
      ProductRatePlan
      Product
      UnitOfMeasure
      Tax
    

Grouped Actions

There is only a single role up action, All which grants all permissions.


Structure

Structure and composition of Roles & Permissions