Integration Guide for Banks
[ENG] Integration Guide for Bank
[ENG] Integration Guide for Bank
  • General
    • 💰Overview
      • Transfers between digitized entities
        • Option 1. Fast transfer
        • Option 2. Standard transfer (optional)
      • Version history
      • API change log
      • Glossary
    • 🌐Common requirements
    • 👉Basic use case
    • 📅Integration Plan
      • Integration Plan - Business
      • Integration Plan - Technical Team
      • Multisignature
    • ❗Error messages
  • 🛠️API methods
    • Authentification
      • Authorization via JWT
      • Bank authorization
      • JWT format
    • Emlpoyee
      • How to add a user to a role
      • Role management
    • Customer
      • Segments
    • Digital entity
    • Identifiers
    • Transfer
      • Multisignature for transfers
      • [optional] Callbacks
      • Category
    • Limits
    • Reconciliation
    • [optional] Branch
      • Branch access
      • How to add employee to branch
      • Filter by branch
      • Transfers (branches)
      • Branch digital entity
Powered by GitBook
On this page
  1. API methods
  2. Emlpoyee

Role management

PreviousHow to add a user to a roleNextCustomer

Last updated 1 year ago

it is necessary to add to the different users roles and to give them an available permissions.

Working with roles and permissions via DCM API you have the following opportunities:

Get available permissions

Add permission to role

Remove role permission

Get roles with permissions for table

Get roles list

Create role

Delete role

Good to know: You can't delete the role "Administrator".

Get scopes

Get users list

Add user to role

Remove user from role

Get all available permission titles

To get the list of all available permissions for the roles you should use this endpoint.

Good to know: Permission titles are used to handle permissions and roles, converting them into a readable format. This endpoint is designed to simplify the understanding and management of permissions by providing a clear understanding of each permission and role. They help translate complex permission structures into user-friendly terms, making it easier for users to comprehend and assign appropriate access levels.

Create permissions

🛠️

Get available permission

get

Get available permission

Path parameters
counterparty_guidstringRequired

Counterparty GUID

Responses
200
OK
application/json
400
json with error msg
application/json
get
GET /api/v1/counterparty/{counterparty_guid}/rbac/permission HTTP/1.1
Host: [url_host]
Accept: */*

{
  "permissions": [
    "text"
  ]
}

create keto permissions

post

create keto permissions

Body
default_group_namestringOptional

if group_lang_key not found in translation, use it as default

default_namestringOptional

if name_lang_key not found in translation, use it as default

group_lang_keystringOptional

key for translation table, where find name of group for permissions

group_sort_numberintegerOptional

sorting order for group among all groups

guidstringOptional

if empty its generate random guid

keto_kindall ofOptional

the kind of keto looking for permissions

string · enumOptionalPossible values:
keto_permission_namestringOptional

name of keto permission, for now it POST, GET, PUT etc; Its may be anything in future

keto_scope_namestringOptional

the name of scope for permission, for now it endpoint group, ex: accounts, customers, payments; No longer than 64 characters

name_lang_keystringOptional

key for translation table, where find name of permission

name_sort_numberintegerOptional

sorting order for permission under the group

Responses
200
OK
application/json
400
json with error msg
application/json
post
POST /api/v1/permissions/keto HTTP/1.1
Host: [url_host]
Content-Type: application/json
Accept: */*
Content-Length: 231

{
  "default_group_name": "text",
  "default_name": "text",
  "group_lang_key": "text",
  "group_sort_number": 1,
  "guid": "text",
  "keto_kind": "branch",
  "keto_permission_name": "text",
  "keto_scope_name": "text",
  "name_lang_key": "text",
  "name_sort_number": 1
}
{
  "guid": "text"
}
  • Get available permissions
  • GETGet available permission
  • Add permission to role
  • POSTAdd role permission
  • Remove role permission
  • DELETERemove role permission
  • Get roles with permissions for table
  • GETGet roles with permissions for table
  • Get roles list
  • GETGet roles list
  • Create role
  • POSTCreate Role
  • Delete role
  • DELETEDelete Role
  • Get scopes
  • GETGet scopes
  • Get users list
  • GETGet users list
  • Add user to role
  • POSTAdd user to role
  • Remove user from role
  • DELETERemove user from role
  • Get all available permission titles
  • GETGet permissions
  • Create permissions
  • POSTcreate keto permissions

Get roles with permissions for table

get

Get roles with permissions for table

Path parameters
counterparty_guidstringRequired

Counterparty GUID

Responses
200
OK
application/json
400
json with error msg
application/json
get

Get roles list

get

Get roles list

Path parameters
counterparty_guidstringRequired

Counterparty GUID

Responses
200
OK
application/json
400
json with error msg
application/json
get

Get scopes

get

Get scopes

Path parameters
counterparty_guidstringRequired

Counterparty GUID

Responses
200
OK
application/json
400
json with error msg
application/json
get

Get users list

get

Get users list

Path parameters
counterparty_guidstringRequired

Counterparty GUID

Query parameters
role_namestringOptional

role name (string)

limitstringOptional

limit (int64)

page_tokenstringOptional

page token (int64)

Responses
200
OK
application/json
400
json with error msg
application/json
get

Get permissions

get

Get permissions

Query parameters
guidsstring[]Optional

permissions GUIDs (uuid)

keto_kindsstring[]Optional

keto kinds (string)

keto_permission_namesstring[]Optional

keto permissions (string)

keto_scope_namesstring[]Optional

scope names (string)

offsetintegerOptional

Offset

limitintegerOptional

Limit

orderingstring · enumOptional

Ordering

Possible values:
Responses
200
OK
application/json
400
json with error msg
application/json
get
GET /api/v1/counterparty/{counterparty_guid}/rbac/permission/table HTTP/1.1
Host: [url_host]
Accept: */*

{
  "roles": [
    "text"
  ],
  "rows": [
    {
      "group_lang_key": "text",
      "group_name": "text",
      "permissions": [
        {
          "guid": "text",
          "name": "text",
          "name_lang_key": "text",
          "roles": [
            {
              "allowed": true,
              "name": "text"
            }
          ],
          "sort_number": 1
        }
      ],
      "sort_number": 1
    }
  ]
}
GET /api/v1/counterparty/{counterparty_guid}/rbac/role HTTP/1.1
Host: [url_host]
Accept: */*

[
  {
    "roles": [
      "text"
    ]
  }
]

Create Role

post

Create Role

Path parameters
counterparty_guidstringRequired

Counterparty GUID

Body
role_namestringOptional

role's name

Responses
200
OK
application/json
Responseobject
400
json with error msg
application/json
post
POST /api/v1/counterparty/{counterparty_guid}/rbac/role HTTP/1.1
Host: [url_host]
Content-Type: application/json
Accept: */*
Content-Length: 20

{
  "role_name": "text"
}
{}

Delete Role

delete

Delete Role

Path parameters
counterparty_guidstringRequired

Counterparty GUID

Body
role_namestringOptional

the name of the role that need to remove

Responses
200
OK
application/json
Responseobject
400
json with error msg
application/json
delete
DELETE /api/v1/counterparty/{counterparty_guid}/rbac/role HTTP/1.1
Host: [url_host]
Content-Type: application/json
Accept: */*
Content-Length: 20

{
  "role_name": "text"
}
{}
GET /api/v1/counterparty/{counterparty_guid}/rbac/scope HTTP/1.1
Host: [url_host]
Accept: */*

{
  "scopes": [
    "text"
  ]
}
GET /api/v1/counterparty/{counterparty_guid}/rbac/user HTTP/1.1
Host: [url_host]
Accept: */*

[
  {
    "page_token": "text",
    "users": [
      {
        "guid": "text",
        "role_name": "text"
      }
    ]
  }
]

Add user to role

post

Add user to role

Path parameters
counterparty_guidstringRequired

Counterparty GUID

Body
role_namestringOptional

role name for the user

user_guidstringOptional

id of the user you add role to

Responses
200
OK
application/json
Responseobject
400
json with error msg
application/json
post
POST /api/v1/counterparty/{counterparty_guid}/rbac/user HTTP/1.1
Host: [url_host]
Content-Type: application/json
Accept: */*
Content-Length: 39

{
  "role_name": "text",
  "user_guid": "text"
}
{}

Remove user from role

delete

Remove user from role

Path parameters
counterparty_guidstringRequired

Counterparty GUID

Body
role_namestringOptional

role's name

user_guidstringOptional

a user you remove the role from

Responses
200
OK
application/json
Responseobject
400
json with error msg
application/json
delete
DELETE /api/v1/counterparty/{counterparty_guid}/rbac/user HTTP/1.1
Host: [url_host]
Content-Type: application/json
Accept: */*
Content-Length: 39

{
  "role_name": "text",
  "user_guid": "text"
}
{}

Add role permission

post

Add role permission

Path parameters
counterparty_guidstringRequired

Counterparty GUID

Body
permission_guidstringOptional

permission_guid that you get as a response to endpoint Permissions titles/Get permissions

role_namestringOptional

role name

Responses
200
OK
application/json
Responseobject
400
json with error msg
application/json
post
POST /api/v1/counterparty/{counterparty_guid}/rbac/permission HTTP/1.1
Host: [url_host]
Content-Type: application/json
Accept: */*
Content-Length: 45

{
  "permission_guid": "text",
  "role_name": "text"
}
{}

Remove role permission

delete

Remove role permission

Path parameters
counterparty_guidstringRequired

Counterparty GUID

Body
permission_guidstringOptional

guid of permission that you need to remove from an employee

role_namestringOptional

role's name

Responses
200
OK
application/json
Responseobject
400
json with error msg
application/json
delete
DELETE /api/v1/counterparty/{counterparty_guid}/rbac/permission HTTP/1.1
Host: [url_host]
Content-Type: application/json
Accept: */*
Content-Length: 45

{
  "permission_guid": "text",
  "role_name": "text"
}
{}
GET /api/v1/permissions/keto HTTP/1.1
Host: [url_host]
Accept: */*

[
  {
    "created_at": "text",
    "default_group_name": "text",
    "default_name": "text",
    "group_lang_key": "text",
    "group_sort_number": 1,
    "guid": "text",
    "keto_kind": "branch",
    "keto_permission_name": "text",
    "keto_scope_name": "text",
    "name_lang_key": "text",
    "name_sort_number": 1,
    "updated_at": "text"
  }
]