Roles

Roles can be defined for various job functions. Permissions to perform certain tasks can be assigned to specific roles, and roles can then be assigned to users or user groups.

Please be aware that this object is currently "Uncertified", signifying that it has not undergone the complete review process and the design may change during ongoing refinement. Users are advised to exercise discretion in using this object and are encouraged to provide feedback.

List roles

get/objects/company-config/role

Returns a collection with a key, ID, and link for each role. This operation is mostly for use in testing; use the query service to find roles that meet certain criteria and specify the properties that are returned.

SecurityOAuth2
Responses
200

OK

400

Bad Request

Request samples 
Response samples 
application/json
{
  • "ia::result": [
    • {
      • "key": "470",
      • "id": "::SYS::Multi Entity Shared-ROLE-FOR - Admin",
      • "href": "/objects/company-config/role/470"
      },
    • {
      • "key": "471",
      • "id": "::SYS::Multi Entity Shared-ROLE-FOR - BTI",
      • "href": "/objects/company-config/role/471"
      }
    ],
  • "ia::meta": {
    • "totalCount": 2,
    • "start": 1,
    • "pageSize": 100,
    • "next": 101,
    • "previous": null
    }
}
Create a role
post/objects/company-config/role
Creates a new role.


SecurityOAuth2 
Request 
Request Body schema: application/json
Role to create


id
required
string
Role Id


 
 Example:  "Employee"
description
string
Description


 
 Example:  "Full employee permissions including approvals"
roleType
string
 Default:  "enterprise"
Role type


 Enum: "eConsole" "enterprise" "multiEntityDistributed" "multiEntityShared"  
 Example:  "enterprise"
applyTo
string
 Default:  "loginAndSlideIn"
Role is applicable to users with specified access method.


 Enum: "loginAndSlideIn" "loginOnly" "slideInOnly"  
 Example:  "loginAndSlideIn"
Array of objects
List of permission assignments for a specific role


 
 Array 
object
Permission object


 
accessRights
Array of strings
Permission access rights.


Items Enum: "ach" "achSetup" "add" "addExpense" "apiProxy" "approvalLevel1" "approvalLevel2" "approvalLevel3" "approvalLevel4" "approvalLevel5" "approvalLevel6" "authorize" "calendar" "cancel" "clone" "close" "config" "confirm" "delete" "deleteExpense" "edit" "editExpense" "enable" "export" "final" "financial" "group" "ignore" "impersonate" "import" "level1" "level2" "level3" "level4" "level5" "level6" "list" "listExpenses" "manualMatch" "mapAccount" "menu" "modify" "offsetAccount" "open" "overrideException" "permission" "post" "print" "readonly" "readonlyExpense" "receipts" "reclass" "reclassExpense" "reconcile" "refresh" "release" "reopen" "report" "resend" "reversalEdit" "reverse" "reverseExpense" "run" "statutoryReportingPeriod" "submit" "subscribe" "template" "uncancel" "unmask" "upload" "view" "viewAll" "void"  
 Example:  ["list","readonly","add","modify","delete"]
Responses 
201
Created


400
Bad Request


Request samples 
application/json
{
  • "id": "::SYS::Multi Entity Shared-ROLE-FOR - Admin",
  • "description": "Administrator role with permissions",
  • "roleType": "enterprise",
  • "applyTo": "loginAndSlideIn",
  • "rolePermissionAssignments": [
    • {
      • "permission": {
        },
      • "accessRights": [
        ]
      },
    • {
      • "permission": {
        },
      • "accessRights": [
        ]
      }
    ]
}
Response samples 
application/json
{
  • "ia::result": {
    • "key": "470",
    • "id": "::SYS::Multi Entity Shared-ROLE-FOR - Admin",
    • "href": "/objects/company-config/role/470"
    },
  • "ia::meta": {
    • "totalCount": 1,
    • "totalSuccess": 1,
    • "totalError": 0
    }
}
Get a role
get/objects/company-config/role/{key}
Returns detailed information for a specified role.


SecurityOAuth2 
Request 
path Parameters
key
required
string
System-assigned unique key for the role.


 
Responses 
200
OK


400
Bad Request


Request samples 
Response samples 
application/json
{
  • "ia::result": {
    • "key": "470",
    • "id": "::SYS::Multi Entity Shared-ROLE-FOR - Admin",
    • "description": "Administrator role with permissions",
    • "roleType": "enterprise",
    • "applyTo": "loginAndSlideIn",
    • "audit": {
      • "createdDateTime": "2020-11-16T14:27:51Z",
      • "modifiedDateTime": "2020-11-16T14:28:11Z",
      • "createdBy": "1",
      • "modifiedBy": "1"
      },
    • "rolePermissionAssignments": [
      • {
        }
      ],
    • "roleUsers": [
      • {
        }
      ],
    • "roleGroups": [
      • {
        }
      ],
    • "href": "/objects/company-config/role/470"
    },
  • "ia::meta": {
    • "totalCount": 1,
    • "totalSuccess": 1,
    • "totalError": 0
    }
}
Update a role
patch/objects/company-config/role/{key}
Updates an existing role by setting field values. Any fields not provided remain unchanged.


SecurityOAuth2 
Request 
path Parameters
key
required
string
System-assigned unique key for the role.


 
Request Body schema: application/json
description
string
Description


 
 Example:  "Full employee permissions including approvals"
roleType
string
 Default:  "enterprise"
Role type


 Enum: "eConsole" "enterprise" "multiEntityDistributed" "multiEntityShared"  
 Example:  "enterprise"
applyTo
string
 Default:  "loginAndSlideIn"
Role is applicable to users with specified access method.


 Enum: "loginAndSlideIn" "loginOnly" "slideInOnly"  
 Example:  "loginAndSlideIn"
Array of objects
List of permission assignments for a specific role


 
 Array 
object
Permission object


 
accessRights
Array of strings
Permission access rights.


Items Enum: "ach" "achSetup" "add" "addExpense" "apiProxy" "approvalLevel1" "approvalLevel2" "approvalLevel3" "approvalLevel4" "approvalLevel5" "approvalLevel6" "authorize" "calendar" "cancel" "clone" "close" "config" "confirm" "delete" "deleteExpense" "edit" "editExpense" "enable" "export" "final" "financial" "group" "ignore" "impersonate" "import" "level1" "level2" "level3" "level4" "level5" "level6" "list" "listExpenses" "manualMatch" "mapAccount" "menu" "modify" "offsetAccount" "open" "overrideException" "permission" "post" "print" "readonly" "readonlyExpense" "receipts" "reclass" "reclassExpense" "reconcile" "refresh" "release" "reopen" "report" "resend" "reversalEdit" "reverse" "reverseExpense" "run" "statutoryReportingPeriod" "submit" "subscribe" "template" "uncancel" "unmask" "upload" "view" "viewAll" "void"  
 Example:  ["list","readonly","add","modify","delete"]
Responses 
200
OK


400
Bad Request


Request samples 
application/json
{
  • "description": "Administrator role with permissions",
  • "rolePermissionAssignments": [
    • {
      • "key": "30",
      • "accessRights": [
        ]
      },
    • {
      • "permission": {
        },
      • "accessRights": [
        ]
      }
    ]
}
Response samples 
application/json
{
  • "ia::result": {
    • "key": "470",
    • "id": "::SYS::Multi Entity Shared-ROLE-FOR - Admin",
    • "href": "/objects/company-config/role/470"
    },
  • "ia::meta": {
    • "totalCount": 1,
    • "totalSuccess": 1,
    • "totalError": 0
    }
}
Delete a role
delete/objects/company-config/role/{key}
Deletes a role.


SecurityOAuth2 
Request 
path Parameters
key
required
string
System-assigned unique key for the role.


 
Responses 
204
No Content


400
Bad Request


Request samples 
Response samples 
application/json
{
  • "ia::result": {
    • "ia::error": {
      • "code": "invalidRequest",
      • "message": "A POST request requires a payload",
      • "errorId": "REST-1028",
      • "additionalInfo": {
        },
      • "supportId": "Kxi78%7EZuyXBDEGVHD2UmO1phYXDQAAAAo"
      }
    },
  • "ia::meta": {
    • "totalCount": 1,
    • "totalSuccess": 0,
    • "totalError": 1
    }
}
Query roles
post/services/core/query
Queries an object for filtered data.


SecurityOAuth2 
Request 
Request Body schema: application/json
object
string
Object type to query, in the form <application-name>/<object name>. For custom objects use platform-apps/nsp::<object-name>.


 
 Example:  "company-config/role"
fields
Array of strings
List of fields to include in the response. Can be any combination of these:


    

  • The name of a field in the object that you are querying, such as id.
    

    • 

  • The name of a field in a related object, using the form relatedObjectName.fieldName, such as vendor.id.
    

    • 

  • The result of an aggregate function run against the values in the returned objects. Use the form function:fieldName, such as min:startDate to return the earliest starting date. Valid function names are:
    

      

    • count
      • 

    • avg
      • 

    • sum
      • 

    • min
      • 

    • max
      • 

    

    • 

  • The result of an aggregate function run against the values in related objects, using the form function:relatedObjectName.fieldName, such as max:vendor.creditLimit. The same functions are supported as for object fields.
    

    • 



 
 Example:  ["key","id","max:vendor.creditLimit"]
Array of equal (object) or not equal (object) or less than (object) or (less than or equal (object)) or greater than (object) or (greater than or equal (object)) or in (object) or not in (object) or between (object) or not between (object) or contains (object) or does not contain (object) or starts with (object) or does not start with (object) or ends with (object) or does not end with (object)
Filter conditions to select the objects to return based on their field values. You use operators and conditions to build your filter, such as {"$eq":{"status":"active"}} to select objects in which status is equal to "active".


 
 Example:  [{"$eq":{"status":"active"}},{"$gt":{"totalDue":"1000"}},{"$contains":{"name":"Acme"}}]
 Array 
Any of:
Field value must be equal to this specified value.


For date fields, you can use these macro values that are relative to the current date or the asOfDate in filterParameters, if set:







    

  • today

  • currentWeek

  • currentMonth

  • currentQuarter

  • currentYear





    

  • yesterday

  • lastWeek

  • priorMonth

  • priorQuarter

  • priorYear









These are most useful for queries that you want to save and use repeatedly, such as for views or reports. Just change the asOfDate each time to retrieve the same data set for different time periods.


For example, {"eq":{"postingDate":"priorYear"}}.


object
The field name and value to be compared with object values.


 
 Example:  {"status":"active"}
filterExpression
string
 Default:  "and"
Logical operators to apply when there are multiple filter conditions. The conditions in the filters array are implicitly numbered starting at 1. Supports and, or, and grouping with parentheses.


Shortcuts:


    

  • and by itself means that all conditions must be true.
    • 

  • or by itself means that at least one condition must be true.
    • 



 
 Example:  "(1 and 2) or 3"
object

Pre-defined filter options.


 
asOfDate
string <date> 
The "as of" date to use with any relative date comparisons in filters. For example, if asOfDate is set to "2022-04-01" then priorMonth will be "03".


The current date is used if asOfDate is not set.


 
 Example:  "2022-04-01"
includeHierarchyFields
boolean
 Default:  false
Set to true to include hierarchical structure information with each object in the response.


 
 Example:  false
caseSensitiveComparison
boolean
 Default:  true
Queries are case-sensitive by default. Set to false to ignore case in a query.


 
 Example:  true
includePrivate
boolean
 Default:  false
By default, in a multi-entity company, queries from the top-level entity do not access data in private entities. Set includePrivate to true if you want to query data in private entities.


 
 Example:  false
Array of objects
Set the order of the results by specifying field names to sort by and whether they should be in ascending or descending order.


 
 Example:  [{"totalDue":"asc"},{"lastPaymentMadeDate":"desc"}]
 Array 
property name*
additional property
string
 Enum: "asc" "desc"  
start
integer
First record of the result set to include in the response.


 
 Example:  1
size
integer
Number of records to include in the response.


 
 Example:  100
Responses 
200
OK


400
Bad Request


Request samples 
application/json
{
  • "object": "accounts-payable/vendor",
  • "fields": [
    • "id",
    • "name",
    • "status",
    • "href"
    ],
  • "filters": [
    • {
      • "$eq": {
        }
      },
    • {
      • "$eq": {
        }
      }
    ],
  • "filterExpression": "1 and 2",
  • "orderBy": [
    • {
      • "id": "asc"
      }
    ]
}
Response samples 
application/json
{
  • "ia::result": [
    • {
      • "id": "Vend-00002",
      • "name": "Test vendor",
      • "status": "active",
      • "href": "/objects/accounts-payable/vendor/85"
      },
    • {
      • "id": "VEND-00010",
      • "name": "Design Works",
      • "status": "active",
      • "href": "/objects/accounts-payable/vendor/111"
      }
    ],
  • "ia::meta": {
    • "totalCount": 2,
    • "start": 1,
    • "pageSize": 100,
    • "next": null,
    • "previous": null
    }
}