Roles

Roles are named sets of scope (access rights) that you can optionally assign to Portal users. You can assign one or multiple roles to SBS Portal users either when inviting a new user or when you update user permissions at any time later. Roles are particularly useful when you have many SBS Portal users and would like to set their permissions faster, by assigning a predefined role to the user, instead of manually setting all the required API access rights at each individual user level.

For example, you can define a role called “e-Factura User” that has all available read and write rights to the e-Factura Service. Likewise, you could create a role called “e-Factura Supervisor” that has the same rights as above, plus the right to authorize the organization with ANAF, or revoke existing authorizations.

You can create, modify, and delete roles from the Roles page of the SBS Console.

Create a new role

To create a new role:

  1. If you haven’t done that already, sign in to the SBS Console.

  2. If necessary, switch to the account where you would like to add the user. Remember that the current SBS account name is displayed at all times in the top application bar.

  3. Click Roles in the navigation menu on the left-hand side.

  4. Click the Add Button button in the top-right corner of the roles table.

  5. In the dialog box that appears, define the extent of permissions available to the role. In the example below, we are creating a role called “e-Factura User” that has read and write access to the RO e-Factura Service and read access to the RO ANAF OAuth Service.

    Add role

  6. Click Save.

GraphQL

You can also create roles through GraphQL, by running the createServiceAccessRole mutation of the Account API.

Update a role

To update a role, click the Edit Pencil button next to the role you would like to update, and change the role’s permissions as required. Note that updating a role will affect all users having that role with immediate effect.

GraphQL

You can also update roles through GraphQL, by running the updateServiceAccessRole mutation of the Account API.

Delete a role

To delete a role, click the Delete button next to the role you would like to delete, and confirm your decision when prompted. Note that, from design, it is not possible to delete a role if there are active users having that role. If you attempt to do that, a dialog box will warn you:

“Service access role is used in a permission and can not be deleted.”

GraphQL

You can also delete roles through GraphQL, by running the deleteServiceAccessRole mutation of the Account API.

Read more

Portal users Managing applications