Object and field permissions (deprecated)
Deprecated
Please note that this page relates to functionality that has been deprecated and should not be used. Please see Functional permissions and custom roles for information on user roles and permissions.Object and field level permissions for Skedulo user roles
Skedulo enforces object and field level permissions for all standard and custom objects.
Standard Skedulo objects include default permission settings that can be modified using the /standalone/permissions/role endpoint.
This provides a layer of security by storing data for object and field permissions, which are enforced when accessing backend data.
Administrators can assign permissions to a role using the Skedulo API.
Permissions access
Only users with theAdmin role can make changes to object or field level permissions.
Role permission defaults
-
Users with the
Administratorin Skedulo have full CRUD permissions on all objects and fields. -
Schedulers have the same permission in Skedulo and Skedulo for Salesforce for for all objects provided by Skedulo. They also have full access to
AccountsandContacts.Because
AccountsandContactsare Skedulo for Salesforce objects, permissions for these are determined by their permission settings in Salesforce. -
Resource permissions for all Skedulo defined objects are the same for both Skedulo and Skedulo for Salesforce.
Object level permissions
Fields inherit permissions from their object unless they have permissions explicitly defined.
This means that if "create" is false at the object level, all fields on that object will have the same "create": false permission restriction.
If a single field on the object needs to be creatable, then the entire object must also be creatable.
For example, resources have read-only permission on the Regions object, which means that all fields on Regions are also read-only for resource users:
{
"result": {
"Regions": {
"read": true,
"create": false,
"update": false,
"delete": false,
"fields": {
"Radius": {
"read": true,
"create": false,
"update": false
},
"Timezone": {
"read": true,
"create": false,
"update": false
},
"Name": {
"read": true,
"create": false,
"update": false
},
"CountryCode": {
"read": true,
"create": false,
"update": false
},
"Description": {
"read": true,
"create": false,
"update": false
},
"GeoLongitude": {
"read": true,
"create": false,
"update": false
},
"UID": {
"read": true,
"create": false,
"update": false
},
"GeoLatitude": {
"read": true,
"create": false,
"update": false
},
"GeoLocation": {
"read": true,
"create": false,
"update": false
}
}
}
}
}
Custom object permissions
Custom objects must be assigned role permissions if they need to be accessible by schedulers and resources.
Field permissions can be modified on custom objects in Skedulo using the Skedulo web application or remotely using the Skedulo API.
Custom object permissions are defined on creation and can also be modified in the Skedulo web UI or from the Skedulo API endpoint at any time.
Querying role permissions
You can fetch a list of calculated permissions for the current user by querying the /custom/permissions REST endpoint.
The following example queries permissions for the Shifts object for the current user with the administrator role (all true):
Method: GET
Endpoint: /custom/permissions?names=Shifts
This returns a JSON encoded list of all read, create, and update field permissions for the object:
{
"result": {
"Shifts": {
"read": true,
"create": true,
"update": true,
"delete": true,
"fields": {
"Duration": {
"read": true,
"create": true,
"update": true
},
"LocationId": {
"read": true,
"create": true,
"update": true
},
"Start": {
"read": true,
"create": true,
"update": true
},
"RegionId": {
"read": true,
"create": true,
"update": true
},
"UID": {
"read": true,
"create": true,
"update": true
},
"IsDraft": {
"read": true,
"create": true,
"update": true
},
"End": {
"read": true,
"create": true,
"update": true
},
"DisplayName": {
"read": true,
"create": true,
"update": true
}
}
}
}
}
Feedback
Was this page helpful?