Extra Horizon
GitHub
  • Extra Horizon Documentation
  • Getting Started
    • Start familiarizing yourself
  • Tutorials
    • Medical Device Tutorial
      • Preparation
      • Build your first prototype
        • Define a data model
        • Configure your workflows
          • Workflow 1: Analyze a measurement
          • Workflow 2: Create & store a PDF report
          • Workflow 3: Send an e-mail
        • Define your permissions
          • Update your schema with user permissions
          • Update your schema with group permissions
        • Build the Front-End
          • Set up oAuth in your backend
          • Demo login page
      • Summary & Wrap up
    • Polysomnography (PSG) Tutorial
    • Retool - Building dashboards Tutorial
  • FAQ
    • General
  • Services
    • Identity and Access Management
      • User service
        • Users
        • Groups
        • Global roles
        • Configuration
      • Auth Service
        • Applications
        • OAuth2
        • OAuth1
        • MFA
        • OpenID Connect
          • Google Cloud
          • Azure ADFS
    • Data Management
      • File Service
      • Data Service
        • Schemas
        • Documents
        • FAQ Data Service
    • Automation
      • Task Service
        • Functions
        • Tasks
        • API Functions
        • Examples
          • Hello world (JS)
          • Hello world (Py)
          • Hello world (Docker)
        • FAQ
      • Dispatchers Service
      • Event Service
        • System Events
    • Communication
      • Notification Service
        • Notifications
        • Settings
      • Mail Service
    • Other
      • Localization Service
        • Language Codes
      • Template Service
        • Localizations
      • Payments Service
        • Subscriptions
        • Stripe
        • iOS App Store
      • Configurations Service
  • API Reference
    • OpenAPI Specifications
    • 📦Changelog
      • Per-service Changelog
    • Postman Reference Collection
  • Tools
    • SDK
    • CLI
    • Control Center
  • Additional Resources
    • Resource Query Language (RQL)
    • Handling Errors
    • GitHub
    • API interaction (Python)
    • Migration guide: Enabling verification request limiting
  • ExH Platform
    • 🙋Support
    • ⏱️Usage and Performance
    • 🔓Security
    • 🗺️Regions
    • ⚖️Cloud Subscription Agreement
    • 🇺🇸CFR 21 Part 11
Powered by GitBook
On this page
  • Create a role
  • Attach permissions to a role
  • Attach a role to a user
  • Remove a role from a user
  • Permissions

Was this helpful?

  1. Services
  2. Identity and Access Management
  3. User service

Global roles

Create a role

Creating a system-wide role requires the CREATE_ROLE permission on a system level. The following example shows how you can do this using the Extra Horizon SDK:

const myNewRole = await exh.users.globalRoles.create({
  name: 'myRole',
  description: 'myNewRoleDescription',
});

Attach permissions to a role

const rql = rqlBuilder().eq('id', myNewRole.id).build();
await exh.users.globalRoles.addPermissions(rql, {
  permissions: [GlobalPermissionName.ADD_PATIENT],
});

Attach a role to a user

const rql = rqlBuilder().eq('email', 'john.doe@example.com').build();
await exh.users.globalRoles.addToUsers(rql, {
  roles: [myNewRole.id],
});

Remove a role from a user

const rql = rqlBuilder().eq('email', 'john.doe@example.com').build();
await exh.users.globalRoles.removeFromUser(rql, {
  roles: [myNewRole.id],
});

Permissions

name
Description

VIEW_USER

View all users

UPDATE_USER

Update a user

UPDATE_USER_EMAIL

Update users email

DELETE_USER

Delete users

CREATE_ROLE

Create a new role

VIEW_ROLE

View roles

UPDATE_ROLE

update a role

DELETE_ROLE

delete a role

ADD_ROLE_PERMISSION

Add permissions to a role

REMOVE_ROLE_PERMISSION

Remove permissions from a role

ADD_ROLE_TO_USER

add a role to a user

REMOVE_ROLE_FROM_USER

remove a role from a user

CREATE_GROUP_ROLE

add roles to a group

UPDATE_GROUP_ROLE

update roles from a group

DELETE_GROUP_ROLE

delete roles from group

ADD_GROUP_ROLE_PERMISSION

Add a permission to group roles

REMOVE_GROUP_ROLE_PERMISSION

Remove a permission from group roles

VIEW_STAFF

View the staff members of groups

ADD_STAFF

Add staff to a group

REMOVE_STAFF

Remove staff from a group

ADD_GROUP_ROLE_TO_STAFF

Add a group role to a staff member

REMOVE_GROUP_ROLE_FROM_STAFF

Remove a group role from a staff member

VIEW_PATIENTS

View the patients of groups

ADD_PATIENT

Add patients to a group

REMOVE_PATIENT

Remove patients from a group

There are more permissions that you can attach to system roles that affect the allowed actions in other services. An overview of those permissions can be found in the designated service documentation.

PreviousGroupsNextConfiguration

Last updated 1 year ago

Was this helpful?