Portal users
SBS Portal users are people in your organization that need to interact with Socrate Business Services at tenant or application level. This includes, for example, the support personnel, who may need to view, monitor, or occasionally modify SBS data for a particular application and tenant.
The interface where tasks such as the ones above are performed is provided by the SBS Portal website (https://portal.socrate.io). For an introduction to the portal, see SBS Portal.
From the SBS Console, you can invite SBS Portal users to your organization’s SBS account, configure their permissions, or remove existing portal user from the SBS account. The permissions you define for each portal user dictate what services that user will be able to interact with after they sign in to the portal.
Invite portal users
You can invite other users (for example, people in your organization) to interact with SBS APIs from the SBS Portal. This works as follows:
- First, you define the permissions of the new portal user (including the application and tenant where access is granted) and send an invitation email.
- The invited user accepts the invitation from their inbox by clicking a link.
- The link redirects the user to the SBS Portal, where the user can sign in (or sign up if they haven’t used the SBS Portal before).
- After signing in or signing up, the invited user is able to view and work with the SBS APIs where they have been invited.
To invite an user to the current SBS Account:
-
If you haven’t done that already, sign in to the SBS Console.
-
If necessary, switch to the account where you would like to add the user. Remember that the current SBS account (name and ID) is displayed at all times in the top application bar.
-
Click Portal Users in the navigation menu on the left-hand side.
-
Click Invite Portal User.
-
Enter the user’s email address.
-
Optionally, enter a text for the invitation message.
-
Click the Add
button and define the user’s permissions with respect to the current application and tenant.
In this example, we are creating only one permission set, for the application App1 and tenant Tenant1. The permissions we are granting are as follows:
- Read and write rights to the Romanian e-Factura Service
- Read and write rights to the Romanian ANAF Authorizations Service.
-
Click Save to save the current permission set. Optionally, to add other permission sets (for other applications and tenants), click the Add
button and repeat step 7.
-
Click Send invitation.
GraphQL
You can also invite portal users through a call to the invitePortalUser
mutation of the Account API, for example:
mutation invitePortalUser($input: InvitePortalUserInput!) {
invitePortalUser(input: $input) {
id
provider
email
permissions {
appId
tenantId
scope
}
}
}
{
"input": {
"email": "{{INVITED_PORTAL_USER_EMAIL}}",
"permissions": [
{
"appId": "{{YOUR_APP_ID}}",
"tenantId": "{{YOUR_TENANT_ID}}",
"scope": "ro-efactura-api:query:* ro-efactura-api:mutation:* ro-anaf-oauth-api:query:* ro-anaf-oauth-api:mutation:*"
}
],
}
}
Update portal user permissions
You can add or update the permissions (scope) of an existing portal user as follows:
-
If you haven’t done that already, sign in to the SBS Console.
-
If necessary, switch to the account where you would like to add the user. Remember that the current SBS account (name and ID) is displayed at all times in the top application bar.
-
Click Portal Users in the navigation menu on the left-hand side.
-
Click the portal user whose permissions you would like to set.
-
Do one of the following:
- To add a new permission, click
in the top-right corner of the Permissions grid. A dialog box opens.
- To update an existing permission, click Edit
next to the relevant permission record on the grid.
- To add a new permission, click
-
In the Scope field, enter the extent of permissions (scope) that should be available to the portal user, and then click Save. For details, see Scope editor.
In the example above, the portal user is assigned the following permissions:
- read rights to the organizations-api
- read and write rights to the ro-efactura-api
- read and write rights to the ro-anaf-oauth-api
If there are permissions already set for this application and tenant combination, a warning message appears on the dialog box, for example:
In this case, you can do one of the following:
- Close the dialog box without taking any action. This will leave the existing portal users permissions intact.
- If you would like to overwrite the existing permissions with the ones defined on the dialog box, click Save.
GraphQL
You can also set portal user permissions through a call to the setPortalUserPermission
mutation of the Account API, for example:
mutation setPortalUserPermission($userId: ID!, $permission: PermissionInput!) {
setPortalUserPermission(userId: $userId, permission: $permission) {
userId
provider
email
name
picture
createdAt
permissions {
appId
app { name }
tenantId
tenant { name }
scope
createdAt
}
}
}
In the Variables section, make sure to replace the arguments as required:
{
"userId": "PORTAL_USER_ID",
"permission": {
"appId": "APPLICATION_ID",
"tenantId": "TENANT_ID",
"scope": "email-api:query:* email-api:mutation:* file-management-api:query:* file-management-api:mutation:*"
}
}
In the mutation above, the scope parameter is set to email-api:query:* email-api:mutation:* file-management-api:query:* file-management-api:mutation:*
, which means that the portal user will have permissions to all queries and all mutations of the Email Service and File Management Service.
Remove portal user permissions
To remove existing permissions of a portal user for a particular application, or tenant, do the following:
- Click the portal user.
- In the Permissions grid, click Remove
next to the permission that is to be removed.
GraphQL
Run the removePortalUserPermission
mutation from the GraphQL tab, for example:
mutation removePortalUserPermission($userId: ID!, $permissionKey: PermissionKeyInput!) {
removePortalUserPermission(userId: $userId, permissionKey: $permissionKey) {
userId
provider
email
name
picture
createdAt
permissions {
appId
app { name }
tenantId
tenant { name }
scope
createdAt
}
}
}
In the Variables section, make sure to replace the arguments as required:
{
"userId": "PORTAL_USER_ID",
"permission": {
"appId": "APPLICATION_ID",
"tenantId": "TENANT_ID"
}
}
Remove portal users
You can delete portal users as follows:
- If you haven’t done that already, sign in to the SBS Console.
- If necessary, switch to the account where you would like to add the user. Remember that the current SBS account (name and ID) is displayed at all times in the top application bar.
- Click Portal Users in the navigation menu on the left-hand side.
- Click Remove
next to the portal user you would like to delete, and confirm your action when prompted.
GraphQL
You can also delete portal users by running the removePortalUser
mutation of the Account API, for example:
mutation removePortalUser($userId: ID!) {
removePortalUser(userId: $userId) {
userId
provider
email
name
createdAt
}
}
In the Variables section, make sure to replace the ID of the portal user as required:
{
"userId": "YOUR_PORTAL_USER_ID"
}