Authorization
The Commerce API uses role-based access control (RBAC) for regulating access to API resources.
This is swagger docs for managing role-based access to API resources:
https://zam.zdata.io/docs/index.html
Warning:
This api might be incomplete for external usage. You can contact Aritma support if you need to update RBAC permissions.
RBAC
A client or user can be assigned access to any of the following resources. Child resources inherit all permissions assigned to parent resources.
The flowchart below describes the resource hierarchy of Commerce and ERP resources:
Note:
Any child resources of the resources display will derive their access permission from their parents.
Roles
Roles describe what actions a client or user can execute on a resource.
Example:
If a client has Read
access to a Commerce Agreement, the client or user will be able to GET
requests to retrieve information about that agreement, or do GET
requests to retrieve any child resources of that agreement, such as Companies
or Transactions
.
Role | Description |
---|---|
Owner | Contributor permissions and access to manage RBAC of resource |
Manage | Contributor permissions and access to manage RBAC of resource |
Contributor | Read and write access to resource |
Read | Read access to resource |
Write | Write access to resource |