Roles & Permissions

warning

We have plans to make major updates to our permissions system as we migrate to our V2 API. Contact our support team for more information if needed.

Permissions in Harlyy follow an RBAC system.

Staff accounts can get their permissions from various sources. When the API calculates permissions for a given staff member, it will pick the permission will the highest access level.

For example, a staff account that has the owner role (which gives write permission accounts to all locations) and is a member of a team that gives read access to a specific location, the staff account will still have write access to all locations, including the team specific one.

Permissions

There are a set of permissions in Harlyy. Each permission will grant read/write access to their respective resource and access to individual resources is possible using the scope attribute. Certain permissions may also indirectly grant access to other permission types or other resources.

For example:

• Having read access to a specific location gives read access to all surveys.
• Having read access to a survey, gives read access to any customers that have a submission for that survey.

Each object documents what permissions can be used to access their resources.

Schema Permission not found in OpenAPI spec.

Roles

Roles are simply a set of permissions. Staff accounts can be assigned specific roles, which gives that staff account each permission under the given role. For example, the owner role has write access for every permission.

To get all available roles for a business, use the endpoint:

Retrieve all Roles

GET /v1/businesses/:businessId/roles

There is currently no way to create custom roles.

Teams

Teams are a useful feature to group staff accounts together. Like, staff accounts, teams can be given roles and permissions. Any staff account in the team, then gets the permissions with that team.

A common use-case for teams is grouping staff accounts by location.