Role-based permissions (deprecated)

Setting permissions for users and objects based on their role.

Permissions apply to the three roles in Skedulo – administrator, scheduler, and resource.

These roles are defined by the User Type field on the user record, which is a standard field in Skedulo, but a custom field in Skedulo for Salesforce.

Schedulers and resources require specific permissions to create, read, edit, and delete Skedulo objects and custom objects.

Skedulo permission sets

Permission sets grant a range of object and field level permissions to users at the role level.

Standard permission sets in Skedulo include the same permissions for user roles as our managed package permission sets for Salesforce (see Skedulo for Salesforce Permission Sets for more information).

For example, resources are not permitted to create regions, and schedulers are not permitted to create or delete users.

The following permission sets apply to Skedulo schedulers and resources:

Set name Included permissions (not complete) Purpose
Skedulo Scheduler
  • Create new jobs.
  • Allocate resources to jobs.
  • Delete job allocations.
  • Notify resources of new job allocations or job modifications.
  • View job travel and routing information.
  • Create activities.
  • Create and approve unavailability requests.
  • Manage resource information.
  • View/manage job exceptions.
Schedulers can access the Skedulo web application to perform these tasks.
Skedulo Resource
  • Confirm or decline new job allocations.
  • View job details.
  • Start travel, check in, start and complete jobs.
  • Retrospectively update job time-stamps.
  • Create follow-up jobs.
  • View previous and future jobs at the same location.
  • Create unavailability requests.
  • Create activities.
Resources, such as field-based employees, can access Skedulo using the Skedulo v2 mobile app.

Override create, read, and update role permissions on objects and fields

You can use the /standalone/permissions/role endpoint to query role permissions and override default permissions on standard Skedulo objects and custom objects for users with administrator, resource, or scheduler roles.

Method: GET

Endpoint: /standalone/permissions/role

This returns permissions for admins, schedulers, and resources.

The following is an example response where no permissions are enforced for any roles:

{
  "result": {
    "administrator": {
      "defaults": {
        "type": "all"
      },
      "overrides": null
    },
    "scheduler": {
      "defaults": {
        "type": "all"
      },
      "overrides": null
    },
    "resource": {
      "defaults": {
        "type": "all"
      },
      "overrides": null
    }
  }
}

Set some overrides using a POST request to the same endpoint with the role you want to set permissions for appended.

The following example overrides default permissions on the Jobs object for users with the resource role:

Method: POST

Endpoint: /standalone/permissions/role/resource

Request body:

{
  "objects": {
    "Jobs": {
      "permissions": {
        "read": true,
        "create": true,
        "update": true,
        "delete": true
      },
      "fields": {
        "Name": {
          "read": true,
          "create": false,
          "update": false
        },
        "RegionId": {
          "read": true,
          "create": true,
          "update": false
        }
      }
    }
  }
}

Checking permissions using the above cURL command now shows that users with the resource role now have specific permissions that override the default permissions on the Jobs object:

{
  "result": {
    "administrator": {
      "defaults": {
        "type": "all"
      },
      "overrides": null
    },
    "scheduler": {
      "defaults": {
        "type": "all"
      },
      "overrides": null
    },
    "resource": {
      "defaults": {
        "type": "all"
      },
      "overrides": {
        "objects": {
          "Jobs": {
            "permissions": {
              "read": true,
              "create": true,
              "update": true,
              "delete": true
            },
            "fields": {
              "Name": {
                "read": true,
                "create": false,
                "update": false
              },
              "RegionId": {
                "read": true,
                "create": true,
                "update": false
              }
            }
          }
        },
        "type": "custom"
      }
    }
  }
}

Remove object permission overrides for roles

You can remove some permissions overrides on objects and fields for a role type by setting the field value to null.

Remove permission overrides for a field on an object

The following example removes the permissions overrides we gave to resources for the RegionId field on the Jobs object.

Method: POST

Endpoint: /standalone/permissions/role/resource

Request body:

{
  "objects": {
    "Jobs": {
      "permissions": {
        "read": true,
        "create": true,
        "update": true,
        "delete": true
      },
      "fields": {
        "RegionId": null
      }
    }
  }
}

The RegionId field no longer appears in the list of permissions overrides for resources:

{
  "result": {
    ...
    "resource": {
      "defaults": {
        "type": "all"
      },
      "overrides": {
        "objects": {
          "Jobs": {
            "permissions": {
              "read": true,
              "create": true,
              "update": true,
              "delete": true
            },
            "fields": {
              "Name": {
                "read": true,
                "create": false,
                "update": false
              }
            }
          }
        },
        "type": "custom"
      }
    }
  }
}

Remove permission overrides for an entire object

Using the same /standalone/permissions/role/resource endpoint as above, you can remove permissions overrides on an entire object for a role by setting the object permissions to null.

Use the following payload to remove all object permissions overrides on the Jobs object for all resource users:

{
  "objects": {
    "Jobs": null
  }
}

Remove all permissions overrides for a role

You can use the DELETE method to remove all overrides on default permissions for a role group.

Send a DELETE request to the same endpoint for resources to reset the permissions demonstrated previously in this section:

curl -s -X DELETE -H "Authorization: Bearer $AUTH_TOKEN" https://api.skedulo.com/standalone/permissions/role/resource