Custom roles allow to configure roles with custom rights, for example, a role that only has rights to retrive the delivery promise. A custom role is configured by creating a role entity through API and granting API access rights in the ACL configuration.
1. Creating the Role
Roles are created using an API call to POST /roles. You can find the full API reference here.
When creating a role, you must specify a parent role. This parent-child relationship affects API rate limits. A child role cannot have more permissive rate limits than its parent. However, this does not automatically grant access rights to the child. The permissions need to be configured separately in the ACL.
2. Configuring Access with ACL
Once a role is created, it does not have access to any API routes by default. Permissions must be explicitly granted through the ACL configuration, which can be found in Backoffice under Security > Advanced > ACL.
To simplify permissions management, it is possible to inherit access rights from another role. This inheritance is configured separately from the parent-child relationship in the role creation step. To set it up, add a JSON structure like the one below at the root of the ACL configuration:
"hierarchy": {
"child": [
"father",
"mother"
],
"child2": [
"father2"
]
}
Explanation:
The role
childinherits rights from bothfatherandmother.The role
child2inherits rights fromfather2.