Quick-reference: available roles
| Role | Intended for | High-level capabilities |
|---|---|---|
| ORG_ADMIN | Client administrators | Manage users and businesses in their organization. |
| GROUP_MANAGER | Client group managers | Manage users and businesses inside their group. |
| BUSINESS_MANAGER | Client business managers | Manage businesses inside their group; limited user management. |
| PUBLISHER | External data consumers | Read-only access to businesses subscribed to Presence Management. |
Detailed permissions by role
- Org Admin
- Group Manager
- Business Manager
- Publisher
Read access
| Resource | Scope | Details |
|---|---|---|
| User | Organization | Read users in the same organization. |
| Organization | Organization | Read your own organization object. |
| Group | Organization | Read groups in the same organization. |
| Business | Organization | Read businesses in the same organization. |
| Category | Global | Read all categories. |
Write access
| Resource | Scope | Allowed actions |
|---|---|---|
| User | Organization | • Create users (inherit provider & org_id) • Update users in the organization • Assign roles GROUP_MANAGER or BUSINESS_MANAGER |
| Organization | Organization | • Update the organization itself • Cannot create new organizations |
| Group | Organization | • Create groups (inherit provider & org_id) • Update groups in the organization |
| Business | Organization | • Create businesses (inherit provider & org_id) • Update businesses in the organization |
| Category | — | Not writable |