Custom Roles
- Miguel Correa Calvo
Custom roles allow configuring roles with custom rights, for example, a role that only has rights to retrieve the delivery promise. A custom role is configured by creating a role entity through API and granting API access rights in the ACL configuration.
For security resons, at the moment, only an internal OneStock user can make this actions. Please get in touch with your point in contact so we can help you out.
Supported Scopes
Application | Supported |
|---|---|
Store App | - To creat a user and assign it a custom role, the creation must be done from the SA and the role must be listed in the SA configuration. The BO does not yet support custom SA roles. |
Back Office |
|
API |
|
Building a custom role
For Store App roles, the role must also be configured in user_management_options.available_roles.
1. Create the Role
Roles are created using an API call to POST /roles. You can find the full API reference here.
When creating a role, you must specify a parent role. This parent-child relationship affects API rate limits. A child role cannot have more permissive rate limits than its parent. However, this does not automatically grant access rights to the child. The permissions need to be configured separately in the ACL.
2. Configuring Access with ACL
Once a role is created, it does not have access to any API routes by default. Permissions must be explicitly granted through the ACL configuration, which can be found in Backoffice under Security > Advanced > ACL.
To simplify permissions management, it is possible to inherit access rights from another role. This inheritance is configured separately from the parent-child relationship in the role creation step. To set it up, add a JSON structure like the one below at the root of the ACL configuration:
"hierarchy": {
"child": [
"father",
"mother"
],
"child2": [
"father2"
]
}
Explanation:
The role
childinherits rights from bothfatherandmother.The role
child2inherits rights fromfather2.