Insufficient access

Insufficient access errors and overriding default permissions.

Users with insufficient permission to perform actions on Skedulo objects will receive an error.

In the web application, this might be a generic Something went wrong error:

Something went wrong

Attempting to make changes remotely using the Skedulo REST API endpoints or GraphQL also results in an error if the user does not have sufficient permission to make the request.

For example, a resource attempting to add a region using a GraphQL mutation:

mutation {
  schema {
  	insertRegions(input: {
			Name: "Perth"
			Timezone: "Australia/Perth"
		})
	}
}

Receives a JSON-encoded 403 error indicating they do not have sufficient permission to make this change:

{
  "data": null,
  "errors": [
    {
      "message": "Insufficient access to object Regions",
      "path": [
        "schema"
      ],
      "locations": [
        {
          "line": 2,
          "column": 3
        }
      ],
      "statusCode": 403,
      "errorType": "skedulo_insufficient_access",
      "extensions": {
        "statusCode": 403,
        "errorType": "skedulo_insufficient_access"
      }
    }
  ]
}

Granting permission using overrides

An admin user can grant the resource with permission to make this change using the /standalone/permissions/role/<role> endpoint.

Method: POST

Endpoint: /standalone/permissions/role/<role>

Request body:

{
  "objects": {
    "Regions": {
      "permissions": {
        "read": true,
        "create": true,
        "update": true,
        "delete": true
      }
    }
  }
}

The resource now has full CRUD permission for the Regions object:

{
  "result": {
    "Regions": {
      "read": true,
      "create": true,
      "update": true,
      "delete": true,
      "fields": {
        "Radius": {
          "read": true,
          "create": false,
          "update": false
        },
        "Timezone": {
          "read": true,
          "create": true,
          "update": true
        },
        "Name": {
          "read": true,
          "create": true,
          "update": true
        },
        "CountryCode": {
          "read": true,
          "create": false,
          "update": false
        },
        "Description": {
          "read": true,
          "create": false,
          "update": false
        },
        "GeoLongitude": {
          "read": true,
          "create": true,
          "update": true
        },
        "UID": {
          "read": true,
          "create": false,
          "update": false
        },
        "GeoLatitude": {
          "read": true,
          "create": true,
          "update": true
        },
        "GeoLocation": {
          "read": true,
          "create": false,
          "update": false
        }
      }
    }
  }
}