Skip to content

Permissions⚓︎

Permissions describe which resources users and clients are allowed to access within your OneAPI fleet.

Basics⚓︎

Permissions can be assigned to users and clients. In order to access a set of resources, the corresponding permission is required.

Use permissions to control and limit access to your fleet.

Example

If one of your fleet’s users has the permission vehicle-commands, they are allowed to send vehicle commands to all of your fleet’s vehicles.

If one of your fleet’s users has the permission vehicles, they are allowed to view and edit data (such as master data) of all of your fleet’s vehicles.

Read-only⚓︎

Some permissions have a corresponding read-only permission. While the original permission allows you to modify a resource, the read-only permission allows you to only view the resource. If you have the original permission, you automatically have the corresponding read-only permission. All read-only permissions’ names end with .ro.

Example

The permission vehicles.ro is a read-only permission and allows you to view vehicles in your fleet. Its corresponding original permission vehicles allows you to view and edit vehicles in your fleet. Having permission vehicles means also having vehicles.ro.

Permissions and scopes⚓︎

Permissions are part of the INVERS OneAPI’s domain model. However, the OAuth 2.0 standard uses the concept of ‘scopes’.

Tip

You can normally ignore scopes and only work with the permissions.

Scopes are automatically computed and assigned by the INVERS OneAPI based on the permissions.

Both scopes and permissions are documented for each path in the API:

  • The required ‘OAuth scope’ is documented in the security/Oauth2 property.
  • The required ‘OneAPI permission’ is documented in the x-invers-permission OpenAPI specification extension of the path.

Example

The required permission is shown as “invers-permission” at each path.

List of permissions⚓︎

Permission Description
vehicle-commands Send commands to vehicles
vehicle-lifecycle Add vehicles to fleet and remove vehicles from fleet
telematics-creds Full access to credentials of third-party telematics brands
vehicles Full access to vehicles
  ⤷ vehicles.ro Read-only access to vehicles
users:fleet Full access to your fleet’s users
  ⤷ users:fleet.ro Read-only access to your fleet’s users
auth-clients:fleet Full access to your fleet’s clients
  ⤷ auth-clients:fleet.ro Read-only access to your fleet’s clients
msg-subs Full access to message subscription configuration
  ⤷ msg-subs.ro Read-only access to message subscription configuration
Back to top