API’s for Roles Management
Set of APIs designed to manage roles and permissions within the SDK.finance platform. These APIs enable the creation, modification, and retrieval of role-related data, ensuring a secure and flexible permission management system. Read detailed description for each endpoint in Swagger.
This technical API was developed to replace the use of environment variables for updating permissions and creation methods for all existing roles. It allows modifying the user creation method for a specific role but does not permit changes to system roles. To modify the user creation type, a list of new values must be provided. No validations are applied, so full responsibility is delegated to the caller of API. For system roles, you can use only ATTACH_MULTIPLE
creation_methods: How the role can be created.
CREATE_NEW_ORGANIZATION – A new user can be registered within a new organization
ATTACH_SINGLE – User can be added to an existing organization, but only 1 member with such role group can be present within organization
ATTACH_MULTIPLE – User can be added to an existing organization and there can be several members with such role group in that organization
This API permits modifying permissions for the administrator role but does not allow the removal of the USER_MANAGER permission.
To use the API, you need to specify the organization associated with the role, the role itself, and provide a list of permissions to add or remove, additionally pass creationMethods. This API can be called by anyone who has ORGANIZATION_SETTINGS_MANAGER permission. Following any role-related changes, all users assigned to that role will have their tokens revoked and will need to log in again.
The primary differences between this API and the one for modifying system roles are that it does not verify if a role is under management by the caller’s role, and it allows permission changes for all roles in the system.
Update Service Role Permissions
The API is designed to modify system role permissions by adding or removing them, adjusting which roles can edit a specific role, and defining which roles can be managed under that role. The URL must include the system role to be modified. The caller must have permission to update the specified role, meaning their role must act as a supervising role that has update role management operations included and user management enabled. This API restricts changes to the role itself and prohibits altering the administrator role. Additionally, it is not allowed to designate the modified role as either a supervising or a managed role. Currently, only system roles can be assigned as supervising or managed roles. Following any role-related changes, all users assigned to that role will have their tokens revoked and will need to log in again.
View Existing Roles with Details