Authorization

In the API v2, almost all endpoints are protected with permission-based checks that ensure that the request is only processed if the authenticated user is authorized to execute this operation.
Below you will find an overview of how these user identity permissions (in short, permissions) are currently configured in our platform.

Scope

Scope
Explanation
Not connected companies
All entities of not connected companies.
Connected companies
All entities of connected companies.
Your company
All entities within your own company.
Your buyer company
All entities within your own buyer company.
Your supplier company
All entities within your own supplier company.
Not connected users
All entities of not connected users.
Connected users
All entities of users linked to a connected company.
Your user
All entities within the user's account.
Your admin
All admin entities within your own company.
Scopes with both read and write permissions n/a are not shown in the permission tables below

User Permissions

Dashboard

Supply Chain Activity

Scope
Read Permission
Write Permission
Not connected companies
Not allowed
n/a
Connected companies
Not allowed
n/a
Your company
See all supply chain activity wherein your company is involved
n/a
A company is in the lead during an event that's why users are n/a relating to reading permissions.

Order performance metrics

Scope
Read Permission
Write Permission
Not connected companies
Not allowed
n/a
Connected companies
Not allowed
n/a
Your company
See all supply chain activity wherein your company is involved
n/a

Orders

Order (line)

Scope
Read Permission
Write Permission
Not connected companies
Not allowed
n/a
Connected companies
Not allowed
n/a
Your supplier company
See all order (line) fields + download attach documents
Execute all "BySupplier" actions (aka commands) + communication , attach documents & add/change item details
Your buyer company
See all order (line) fields + download attach documents
Execute all "ByBuyer" action (aka commands) + communication & attach documents

Order (line) activity

Scope
Read Permission
Write Permission
Not connected companies
Not allowed
n/a
Connected companies
See all activities wherein your company is involved
n/a
Your company
See all order (line) activities
n/a
Your user
See all order (line) activities
n/a

Tasks

Scope
Read Permission
Write Permission
Not connected companies
Not allowed
n/a
Connected companies
Not allowed
n/a
Your company
See all conversation & order tasks
Perform all conversation & order tasks
Your user
See al conversation & order tasks
Perform all conversation & order tasks

My Company

Network

Scope
Read Permission
Write Permission
Not connected companies
Not allowed
n/a
Connected companies
Not allowed
n/a
Your company
See all connection details
n/a
Your admin
See all connection details
Add or update a supplier/buyer account code (update not yet implemented)

Invite a new connection

Scope
Read Permission
Write Permission
Connected companies
Not allowed
n/a
Your company
Not allowed
n/a
Not connected users
Not allowed
n/a
Connected users
Not allowed
n/a
Your user
Find all not connected sellers NAMES + company name(when you are a buyer)
Find all not connected purchases NAMES (when you are a supplier)
send invite

Validate a new connection

Scope
Read Permission
Write Permission
Connected companies
Not allowed
n/a
Your company
Received connection request in the portal
Accept/ Reject offer
Not connected users
not Allowed
n/a
Connected users
Not allowed
n/a
Your user
Received e-mail
Accept / Reject offer

Team

Scope
Read Permission
Write Permission
Not connected companies
Not allowed
Not allowed
Connected companies
Not allowed
Not allowed
Your company
See all team members and positions (if filled)
Not allowed

Invite a new user

Scope
Read Permission
Write Permission
Your admin
n/a
Send invitation to anybody
Only admins and super users are allowed to invite new users

Validate a new user

Scope
Read Permission
Write Permission
Not connected users
Not allowed
Not allowed
Connected users
Not allowed
Not allowed
Your company
Not allowed
Not allowed
Your user
Received e-mail
Create password

Company settings

Scope
Read Permission
Write Permission
Not connected companies
Public profile
Not allowed
Connected companies
Public profile
Not allowed
Your company
See all settings
Not allowed
Your admin
See all settings
Update all settings
Public profile is not yet developed, till then Public profile = Not allowed

Company activity

Scope
Read Permission
Write Permission
Not connected companies
Not allowed
n/a
Connected companies
Not allowed
n/a
Your company
See all activity
n/a

My profile

User settings

Scope
Read Permission
Write Permission
Not connected users
Public profile
Not allowed
Connected users
Public profile
Not allowed
Your company
All settings except password recovery
Not allowed
Your user
All settings
allowed for all settings
Public profile is not yet developed, till then Public profile = Not allowed

User activity

Scope
Read Permission
Write Permission
Not connected users
Not allowed
n/a
Connected users
Not allowed
n/a
Your company
See all activity
n/a
Your user
See all activity
n/a