The Commerce API uses role-based access control (RBAC) for regulating access to API resources.
This is swagger docs for managing role-based access to API resources:
This api might be incomplete for external usage. You can contact Aritma support if you need to update RBAC permissions.
A client or user can be assigned access to any of the following resources. Child resources inherit all permissions assigned to parent resources.
The flowchart below describes the resource hierarchy of Commerce and ERP resources:
Any child resources of the resources display will derive their access permission from their parents.
Roles describe what actions a client or user can execute on a resource.
If a client has
Read access to a Commerce Agreement, the client or user will be able to
GET requests to retrieve information about that agreement, or do
GET requests to retrieve any child resources of that agreement, such as
|Owner||Contributor permissions and access to manage RBAC of resource|
|Manage||Contributor permissions and access to manage RBAC of resource|
|Contributor||Read and write access to resource|
|Read||Read access to resource|
|Write||Write access to resource|