Roles and permissions

The SAS Portal API has several roles, defined below, each of which gives a user permission to make certain API calls. Roles are assigned to the user's Google Account.

The first user of a SAS customer's organization is the Admin, who's automatically added during the sign-up process. The Admin can then add other users and assign them roles, including the Admin role.

User roles

There are two roles that can be assigned to users:

role_admin

This role has full administrative privileges for all of the child resources under the parent resource to which it has been granted access. They set up the organization's structure within the SAS Portal and manage user access.

role_cpi

This role is for users that are Certified Professional Installers (CPIs). To claim this role, users need to prove that they have an active CPI certification. They do so with the ValidateInstaller() method. Only users with a validated role_cpi role can use the SignDevice() method to submit the installation parameters of CBSDs that require CPI installation.

Methods

The following table shows which roles can use each type of method:

Methods Roles
GetCustomer()

role_admin
role_cpi

ListCustomers()

role_admin
role_cpi

CreateDevice()

role_admin
role_cpi

GetDevice()

role_admin
role_cpi

ListDevices()

role_admin
role_cpi

UpdateDevice()

role_admin
role_cpi

CreateSignedDevice()

role_admin
role_cpi

UpdateSignedDevice()

role_admin
role_cpi

GenerateSecret()

role_admin
role_cpi

ValidateInstaller()

role_admin
role_cpi

SignDevice() role_cpi (validated)