User Roles
Each of the new API users obtains a role to define access restrictions for direct API connections.
Every role is combined with flags is_admin and is_service, which implies restrictions additionally.
is_service is a flag that marks the user account as a service account for automatic connection purposes. This user authentication creates a long-live access token (5 years by default). The token lifetime for regular uses is 15 minutes by default (parameterized) and, by default, the lifetime of a token is extended with each request (parameterized).
ADMINis a system administrator. Has unlimited access to all system objects, but can't change the analyses' statuses;OPERATORis a system operator. Can view all system objects and choose the analysis result via the Make Decision button (usually needed if the status isOPERATOR_REQUIRED);CLIENTis a regular consumer account. Can upload media files, process analyses, view results in personal folders, generate reports for analyses.is_admin– if set, the user obtains access to other users' data within this admin's companycan_start_analyse_biometry– an additional flag to allow access to BIOMETRY analyses (enabled by default);can_start_analyse_quality– an additional flag to allow access to LIVENESS (QUALITY) analyses (enabled by default);
CLIENT ADMINis a company administrator that can manage their company account and users within it. Additionally,CLIENT ADMINcan view and edit data of all users within their company, delete files in folders, add or delete report templates with or without attachments, the reports themselves and single analyses, check statistics, add new blacklist collections. The role is present in Web UI only. Outside Web UI,CLIENT ADMINis replaced by theCLIENTrole with theis_adminflag set totrue.CLIENT OPERATORis similar toOPERATORwithin their company.
Here's the detailed information on access levels.
Company
| Create | Read | Update | Delete |
ADMIN | + | + | + | + |
OPERATOR | - | + | - | - |
CLIENT | - | their company data | - | - |
CLIENT SERVICE | - | their company data | - | - |
CLIENT OPERATOR | - | their company data | - | - |
CLIENT ADMIN | - | their company data | their company data | their company data |
Folder
| Create | Read | Update | Delete |
ADMIN | + | + | + | + |
OPERATOR | + | + | + | - |
CLIENT | their folders | their folders | their folders | - |
CLIENT SERVICE | within their company | within their company | within their company | - |
CLIENT OPERATOR | within their company | within their company | within their company | - |
CLIENT ADMIN | within their company | within their company | within their company | within their company |
Report template
| Create | Read | Update | Delete |
ADMIN | + | + | + | + |
OPERATOR | + | + | + | - |
CLIENT | - | within their company | - | - |
CLIENT SERVICE | - | within their company | - | - |
CLIENT OPERATOR | within their company | within their company | within their company | - |
CLIENT ADMIN | within their company | within their company | within their company | within their company |
Report template attachments
| Create | Read | Delete |
ADMIN | + | + | + |
OPERATOR | + | + | - |
CLIENT | - | within their company | - |
CLIENT SERVICE | - | within their company | - |
CLIENT OPERATOR | within their company | within their company | - |
CLIENT ADMIN | within their company | within their company | within their company |
Report
| Create | Read | Delete |
ADMIN | + | + | + |
OPERATOR | + | + | - |
CLIENT | in their folders | in their folders | - |
CLIENT SERVICE | within their company | within their company | - |
CLIENT OPERATOR | within their company | within their company | - |
CLIENT ADMIN | within their company | within their company | within their company |
Analysis
| Create | Read | Update | Delete |
ADMIN | + | + | + | + |
OPERATOR | + | + | + | - |
CLIENT | in their folders | in their folders | - | - |
CLIENT SERVICE | within their company | within their company | within their company | - |
CLIENT OPERATOR | within their company | within their company | within their company | - |
CLIENT ADMIN | within their company | within their company | within their company | within their company |
Collection
| Create | Read | Update | Delete |
ADMIN | + | + | + | + |
OPERATOR | - | + | - | - |
CLIENT | - | within their company | - | - |
CLIENT SERVICE | within their company | within their company | - | - |
CLIENT OPERATOR | - | within their company | - | - |
CLIENT ADMIN | within their company | within their company | within their company | within their company |
Person
| Create | Read | Delete |
ADMIN | + | + | + |
OPERATOR | - | + | - |
CLIENT | - | within their company | - |
CLIENT SERVICE | within their company | within their company | - |
CLIENT OPERATOR | - | within their company | - |
CLIENT ADMIN | within their company | within their company | within their company |
Person image
| Create | Read | Delete |
ADMIN | + | + | + |
OPERATOR | - | + | - |
CLIENT | - | within their company | - |
CLIENT SERVICE | - | within their company | - |
CLIENT OPERATOR | - | within their company | - |
CLIENT ADMIN | within their company | within their company | within their company |
User
| Create | Read | Update | Delete |
ADMIN | + | + | + | + |
OPERATOR | - | + | their data | - |
CLIENT | - | their data | their data | - |
CLIENT SERVICE | - | within their company | their data | - |
CLIENT OPERATOR | - | within their company | their data | - |
CLIENT ADMIN | within their company | within their company | within their company | within their company |
Last updated