Role-based permissions (deprecated)
Deprecated
Please note that this page relates to functionality that has been deprecated and should not be used. Please see Functional permissions and custom roles for information on user roles and permissions.Permissions apply to the three roles in Skedulo – administrator, scheduler, and resource.
These roles are defined by the User Type field on the user record, which is a standard field in Skedulo, but a custom field in Skedulo for Salesforce.
Schedulers and resources require specific permissions to create, read, edit, and delete Skedulo objects and custom objects.
Skedulo permission sets
Permission sets grant a range of object and field level permissions to users at the role level.
Standard permission sets in Skedulo include the same permissions for user roles as our managed package permission sets for Salesforce (see Skedulo for Salesforce Permission Sets for more information).
For example, resources are not permitted to create regions, and schedulers are not permitted to create or delete users.
The following permission sets apply to Skedulo schedulers and resources:
| Set name | Included permissions (not complete) | Purpose |
|---|---|---|
| Skedulo Scheduler |
|
Schedulers can access the Skedulo web application to perform these tasks. |
| Skedulo Resource |
|
Resources, such as field-based employees, can access Skedulo using the Skedulo v2 mobile app. |
Override create, read, and update role permissions on objects and fields
You can use the /standalone/permissions/role endpoint to query role permissions and override default permissions on standard Skedulo objects and custom objects for users with administrator, resource, or scheduler roles.
Method: GET
Endpoint: /standalone/permissions/role
This returns permissions for admins, schedulers, and resources.
The following is an example response where no permissions are enforced for any roles:
{
"result": {
"administrator": {
"defaults": {
"type": "all"
},
"overrides": null
},
"scheduler": {
"defaults": {
"type": "all"
},
"overrides": null
},
"resource": {
"defaults": {
"type": "all"
},
"overrides": null
}
}
}
Set some overrides using a POST request to the same endpoint with the role you want to set permissions for appended.
The following example overrides default permissions on the Jobs object for users with the resource role:
Method: POST
Endpoint: /standalone/permissions/role/resource
Request body:
{
"objects": {
"Jobs": {
"permissions": {
"read": true,
"create": true,
"update": true,
"delete": true
},
"fields": {
"Name": {
"read": true,
"create": false,
"update": false
},
"RegionId": {
"read": true,
"create": true,
"update": false
}
}
}
}
}
Checking permissions using the above cURL command now shows that users with the resource role now have specific permissions that override the default permissions on the Jobs object:
{
"result": {
"administrator": {
"defaults": {
"type": "all"
},
"overrides": null
},
"scheduler": {
"defaults": {
"type": "all"
},
"overrides": null
},
"resource": {
"defaults": {
"type": "all"
},
"overrides": {
"objects": {
"Jobs": {
"permissions": {
"read": true,
"create": true,
"update": true,
"delete": true
},
"fields": {
"Name": {
"read": true,
"create": false,
"update": false
},
"RegionId": {
"read": true,
"create": true,
"update": false
}
}
}
},
"type": "custom"
}
}
}
}
Remove object permission overrides for roles
You can remove some permissions overrides on objects and fields for a role type by setting the field value to null.
Remove permission overrides for a field on an object
The following example removes the permissions overrides we gave to resources for the RegionId field on the Jobs object.
Method: POST
Endpoint: /standalone/permissions/role/resource
Request body:
{
"objects": {
"Jobs": {
"permissions": {
"read": true,
"create": true,
"update": true,
"delete": true
},
"fields": {
"RegionId": null
}
}
}
}
The RegionId field no longer appears in the list of permissions overrides for resources:
{
"result": {
...
"resource": {
"defaults": {
"type": "all"
},
"overrides": {
"objects": {
"Jobs": {
"permissions": {
"read": true,
"create": true,
"update": true,
"delete": true
},
"fields": {
"Name": {
"read": true,
"create": false,
"update": false
}
}
}
},
"type": "custom"
}
}
}
}
Remove permission overrides for an entire object
Using the same /standalone/permissions/role/resource endpoint as above, you can remove permissions overrides on an entire object for a role by setting the object permissions to null.
Use the following payload to remove all object permissions overrides on the Jobs object for all resource users:
{
"objects": {
"Jobs": null
}
}
Remove all permissions overrides for a role
You can use the DELETE method to remove all overrides on default permissions for a role group.
Send a DELETE request to the same endpoint for resources to reset the permissions demonstrated previously in this section:
curl -s -X DELETE -H "Authorization: Bearer $AUTH_TOKEN" https://api.skedulo.com/standalone/permissions/role/resource
Feedback
Was this page helpful?