Portal users


SBS Portal users are people in your organization that need to interact with Socrate Business Services at tenant or application level. This includes, for example, the support personnel, who may need to view, monitor, or occasionally modify SBS data for a particular application and tenant.

The interface where tasks such as the ones above are performed is provided by the SBS Portal website (https://portal.socrate.io). For an introduction to the portal, see SBS Portal.

From the SBS Console, you can invite SBS Portal users to your organization’s SBS account, configure their permissions, or remove existing portal user from the SBS account. The permissions you define for each portal user dictate what services that user will be able to interact with after they sign in to the portal.

Invite portal users

You can invite other users (for example, people in your organization) to interact with SBS APIs from the SBS Portal. This works as follows:

  • First, you define the permissions of the new portal user (including the application and tenant where access is granted) and send an invitation email.
  • The invited user accepts the invitation from their inbox by clicking a link.
  • The link redirects the user to the SBS Portal, where the user can sign in (or sign up if they haven’t used the SBS Portal before).
  • After signing in or signing up, the invited user is able to view and work with the SBS APIs where they have been invited.

To invite an user to the current SBS Account:

  1. If you haven’t done that already, sign in to the SBS Console.

  2. If necessary, switch to the account where you would like to add the user. Remember that the current SBS account (name and ID) is displayed at all times in the top application bar.

  3. Click Portal Users in the navigation menu on the left-hand side.

  4. Click Invite Portal User.

  5. Enter the user’s email address.

  6. Optionally, enter a text for the invitation message.

    SBS Portal and users

  7. Click the Add Add button button and define the user’s permissions with respect to the current application and tenant.

    SBS Portal and users

  8. Click Save to save the current permission set. Optionally, to add other permission sets (for other applications and tenants), click the Add Add button button and repeat step 7.

  9. Click Send invitation.

GraphQL

You can also invite portal users through a call to the invitePortalUser mutation of the Account API, for example:

mutation invitePortalUser($input: InvitePortalUserInput!) {
  invitePortalUser(input: $input) {
    id
    provider
    email
    permissions {
      appId
      tenantId      
      scope
    }
  }
}
{
  "input": {
    "email": "{{INVITED_PORTAL_USER_EMAIL}}",
    "permissions": [
        {            
            "appId": "{{YOUR_APP_ID}}",
            "tenantId": "{{YOUR_TENANT_ID}}",
            "scope": "ro-efactura-api:query:* ro-efactura-api:mutation:* ro-anaf-oauth-api:query:* ro-anaf-oauth-api:mutation:*"
        }
    ],
  }
}

Update portal user permissions

You can add or update the permissions (scope) of an existing portal user as follows:

  1. If you haven’t done that already, sign in to the SBS Console.

  2. If necessary, switch to the account where you would like to add the user. Remember that the current SBS account (name and ID) is displayed at all times in the top application bar.

  3. Click Portal Users in the navigation menu on the left-hand side.

  4. Click the portal user whose permissions you would like to set.

  5. Do one of the following:

    • To add a new permission, click Add icon in the top-right corner of the Permissions grid. A dialog box opens.
    • To update an existing permission, click Edit Edit icon next to the relevant permission record on the grid.
  6. In the Scope field, enter the extent of permissions (scope) that should be available to the portal user, and then click Save. For details, see Scope editor.

    Set portal user permission

In the example above, the portal user is assigned the following permissions:

  • read rights to the organizations-api
  • read and write rights to the ro-efactura-api
  • read and write rights to the ro-anaf-oauth-api

If there are permissions already set for this application and tenant combination, a warning message appears on the dialog box, for example:

Override portal user permission

In this case, you can do one of the following:

  • Close the dialog box without taking any action. This will leave the existing portal users permissions intact.
  • If you would like to overwrite the existing permissions with the ones defined on the dialog box, click Save.

GraphQL

You can also set portal user permissions through a call to the setPortalUserPermission mutation of the Account API, for example:

mutation setPortalUserPermission($userId: ID!, $permission: PermissionInput!) {
  setPortalUserPermission(userId: $userId, permission: $permission) {
    userId
    provider
    email
    name
    picture
    createdAt
    permissions {
      appId
      app { name }
      tenantId
      tenant { name }
      scope
      createdAt
    }
  }
}

In the Variables section, make sure to replace the arguments as required:

{
    "userId": "PORTAL_USER_ID",
    "permission": {
        "appId": "APPLICATION_ID",
        "tenantId": "TENANT_ID",
        "scope": "email-api:query:* email-api:mutation:* file-management-api:query:* file-management-api:mutation:*"
     }
}

In the mutation above, the scope parameter is set to email-api:query:* email-api:mutation:* file-management-api:query:* file-management-api:mutation:*, which means that the portal user will have permissions to all queries and all mutations of the Email Service and File Management Service.

Remove portal user permissions

To remove existing permissions of a portal user for a particular application, or tenant, do the following:

  1. Click the portal user.
  2. In the Permissions grid, click Remove Remove icon next to the permission that is to be removed.

GraphQL

Run the removePortalUserPermission mutation from the GraphQL tab, for example:

mutation removePortalUserPermission($userId: ID!, $permissionKey: PermissionKeyInput!) {
  removePortalUserPermission(userId: $userId, permissionKey: $permissionKey) {
    userId
    provider
    email
    name
    picture
    createdAt
    permissions {
      appId
      app { name }
      tenantId
      tenant { name }
      scope
      createdAt
    }
  }
}

In the Variables section, make sure to replace the arguments as required:

{
    "userId": "PORTAL_USER_ID",
    "permission": {
        "appId": "APPLICATION_ID",
        "tenantId": "TENANT_ID"
     }
}

Remove portal users

You can delete portal users as follows:

  1. If you haven’t done that already, sign in to the SBS Console.
  2. If necessary, switch to the account where you would like to add the user. Remember that the current SBS account (name and ID) is displayed at all times in the top application bar.
  3. Click Portal Users in the navigation menu on the left-hand side.
  4. Click Remove Delete button next to the portal user you would like to delete, and confirm your action when prompted.

GraphQL

You can also delete portal users by running the removePortalUser mutation of the Account API, for example:

mutation removePortalUser($userId: ID!) {
  removePortalUser(userId: $userId) {
    userId
    provider
    email
    name
    createdAt
  }
}

In the Variables section, make sure to replace the ID of the portal user as required:

{
    "userId": "YOUR_PORTAL_USER_ID"
}