V-Spark Online Help

V‑Spark Permissions and the /config/users API

The /config/users API enables you to set the read/write permissions (referred to as View and Create/Edit permissions, respectively, within the V‑Spark GUI) for each user within three different scopes:

  • System admin - a system administrator role that gives a user read/write permissions to any aspect of a V‑Spark installation that can be configured within the V‑Spark GUI. This enables them to create, delete, and modify V‑Spark users, companies, and organizations, as well as add system-wide announcements or put the system into read-only mode. Sample 1 shows a JSON which describes a user with system administrator permissions. Note that system administration permissions are in a special section that is labeled system.

    Note that there is no View (read) permission in the System admin group. That is because the read permission is inherently available at the system level when a user already has the privilege to Create/Edit (write) to any part of the V‑Spark configuration data.

    Figure 1. Sample 1: User JSON for a System Administrator
    "DocTestCo": {
        "test.user.01": {
            "name": "System Administrator",
            "email": "test.user.01@company.com",
            "company": "DocTestCo",
            "auth": {
                "verified": false,
                "disabled": false,
                "method": "standard"
                },
            "permissions": {
                "system": [
                    "write"
                ]
            }
        }...
    }...


  • company-level permissions - gives a user View and Create/Edit permissions within the specified company. Write permission enables the user to create and add users to that company, and set the permissions of those users. Write permissions at the company level also grant the ability to create and edit organizations, folders, and applications within the company. Read permission enables the user to view dashboards and transcripts for any existing or newly created organization within the specified company Sample 2 shows the JSON for a user with company-level permissions for the company DocTestCo.

    Figure 2. Sample 2: User JSON with Company-Level Permissions
    "manual.user.03": {
        "auth": {
            "disabled": false,
            "verified": true,
            "method": "standard"
            },
        "company": "DocTestCo",
        "email": "manual.user.03@company.com",
        "name": "Manual User 03",
        "permissions": {
            "DocTestCo": {
                "all": [
                    "read",
                    "write"
                ]
            }
        }...
    }...


  • organization-level permissions - gives a user View and Create/Edit permissions within the specified organization. Write permission enables the user to create and modify folders and applications that are associated with that organization. Read permission enables the user to view dashboards and transcripts for that organization. Sample 3 shows the JSON for a user with organization-level permissions for the organization DocTestCo-DocTesting.

    Figure 3. Sample 3: User JSON with Organization-Level Permissions
    "manual.user.03": {
       "auth": {
          "disabled": false,
          "verified": true,
          "method": "standard"
       },
       "company": "DocTestCo",
       "email": "manual.user.03@company.com",
       "name": "Manual User 03",
       "permissions": {
          "DocTestCo": {
             "orgs": {
                "DocTestCo-DocTesting": [
                   "read",
                   "write"
                ]...
             }
          }...
       }...
    }...


V‑Spark provides a sophisticated and easy-to-use API for creating companies, organizations, and users. The GUI also makes it very easy to set and modify user permissions. See the V‑Spark Management Guide for detailed information about using the GUI.

Important

When viewing or modifying user permissions via the API but verifying them in the GUI, you must be logged in to the GUI as a user who is authorized to see any changes that have been made. You will only be able to see changes that have been made at a level that is equal to or lower than your current authorization level.