Learn about inabit's role system and its permissions per each role
inabit Roles Hierarchy
The following page describes inabit roles system by order "highest" to "lowest".
Owner
The owner is the one that approves signing devices and new users and is granted with all of the permissions in the entire system (account).
There's only one owner to an inabit account
Reminder -> there can be multiple organizations in an inabit account, but there cannot be multiple inabit accounts under the same owner.
Admin
An admin has access to everything in the system except being able to open new organizations, viewing the account settings & remove the owner.
An inabit account can have multiple admins per organization and an admin can be a set as a different user per each and every organization.
Signer
Signers are users similar to admins but their sole purpose is to approve or reject transactions. The signer can't perform administrative operations like add/remove new users to/from an organization.
Editor
Editors can access everything in the system but creating new wallets, approving/rejecting transactions and editing organization settings and its users.
They are still capable of creating transaction requests.
Viewer
A viewer only has viewing permissions in an inabit organization and he/she cannot initiate transactions or edit any of the settings but their own. (User photo, email, password, etc.)
API User Roles
In order to access our API capabilities and authenticate queries and mutations,
you must create an API Admin/Viewer.
API Admin
The API admin role is internally generated by inabit when an organization desires to utilize inabit's API infrastructure. Upon receiving such a request, we establish an "API user" devoid of access credentials to the platform's UI. This user's sole function is to issue an access token for inabit's API.
By utilizing the access token provided through this user's credentials, you gain access to inabit's queries and mutations within our GraphQL schema. A significant distinction between this role and other API user roles is that this API user possesses equivalent permissions to a standard Admin within the system.
With this role, you can execute various actions such as creating transactions, adjusting organization settings, inviting new users to your organizations, establishing wallets, and much more - all through the API.
How to create an API Admin?
- Contact inabit's support at support@inabit.com
to retrieve login access credentials and fetch a JWT access token when you authenticate. - Use the token as a bearer across all of your queries and mutations.
Note - You can also decide to create an API Viewer. The same role permissions are applied to the Viewer role in the platform, doing so you will only receive API capabilities of a viewer.
API Signer
API signer is a unique user created by inabit that is separated from an API admin/viewer.
This API user is created for the sole purpose of serving as the "API approver" to sign transactions using inabit's developed tool we call the "Docker Signer".
In a nutshell, this role's purpose is to serve as a "remote approval" application to simulate/replace the standard inabit mobile approvals app for services that develop and build their infrastructure with inabit.
- You can learn all about this in our Remote Infrastructure section.
- If you still find it hard to understand, feel free to contact us for tailored support: support@inabit.com
API Viewer
The API viewer is another role generated (currently) by inabit internally when an organization wishes to operate and utilize inabit's API infrastructure.
The sole difference between an API admin and API viewer is the permission access to the capabilities of the API.
- The API viewer isn't capable of calling mutations such as createTransferRequest or createApiWalletAddress.
0 comments
Please sign in to leave a comment.