Authorization Roles on the Platform

Some operations can be performed even if a user is not logged in to the platform, such as viewing certain types of content. Other operations, such as adding an app, require login.

In other cases, activities are further restricted so that certain operations can only be performed by a member of a certain user group or group. For details about these scenarios, see Access to Private Resources and Content below.

Certain roles, such as the business administrator, have a senior level of access to multiple resources.

The authorization roles used by the Akana OAuth API are listed and explained below. If an API call doesn't meet the necessary authorization role criteria it fails. If a user doesn't have the required access to a private resource, the operation runs successfully, returning an HTTP code 200, but information relating to the private resource is not returned. Depending on the scenario, the response might include a subset of information or might not contain any information at all.

The documentation for each operation includes information on the authorization roles that are required to run the operation.

Authorization role specification is prefaced by AuthorizationRole; for example, AuthorizationRole.USER.

Role Description
Administrator The Admin role is general to any type of resource, such as an API administrator, app team member, or group administrator. You'll see this role designation in operations that apply to multiple resource types.
Authorized User A user who is authorized to have access to the specific resource. For resources designated as Private, access is restricted to team members or administrators. For resources designed as Public, some require login and others do not.
Self For sensitive activities relating to the user's own resources, such as changing the password, this role validates that the individual performing the activity is the resource owner.
Site Admin The administrator of the tenant on which a resource exists. The Site Admin can see resources such as apps and APIs, but cannot modify them. The Site Admin also has access to additional parts of the user interface for configuration and monitoring purposes.
User

A user who is logged in. Most operations relating to users, such as changing user preferences and settings, can be performed only by the user or a site admin. Certain operations, such as changing the password, can be performed only by the authorized user (see self). Login is required for all operations relating to users except the operations relating to initial signup.

Private resources are available to a user only if the user has been granted specific access to those resources (see Authorized User).

Login not required Indicates that an operation can be called by an anonymous user; signing up for the platform and logging in is not required. These operations have no authentication. For example, an anonymous user can view public APIs or site documentation.

Access to Private Resources and Content

Some operations can be performed even if a user is not logged in to the platform, such as viewing certain types of content. However, when resources are marked as Private, a user doesn't see those resources even if an operation doesn't require login. For any resources or content with additional access restrictions applied to it, a user must meet additional requirements before seeing the resource or content. The operation will still run successfully, but the private results will not be returned.

Private API Access

If an API version is private, it can be seen only by a user who has one of the following roles:

  • API Administrator
  • Business Administrator
  • Sie Administrator
  • Invited users (includes API Context Group members and members of additional groups invited by the Private API Administrator)

Private App Access

If an app version is private, it can be seen only by a user who has one of the following roles:

  • App team member
  • Business Administrator
  • Sie Administrator

Private Group Access

To view information relating to a group that's designated as Private, a user must have one of the following roles:

  • Group Administrator (for an API Context Group, the API Administrator)
  • Group member
  • Group leader
  • Site Administrator
  • Business Administrator