LogoLogo
To the Oz WebsiteOz API ReferenceContact Us
  • General
    • Oz Liveness and Biometry Key Concepts
      • Solution Architecture
      • Liveness, Face Matching, Black List Checks
      • Passive and Active Liveness
      • Hybrid Liveness
      • Oz API Key Concepts
      • Oz API vs. Oz API Lite
      • SaaS, On-premise, On-device: What to Choose
      • Oz Licensing Options
    • Integration Quick Start Guides
      • Server-Based Liveness
        • How to Integrate Server-Based Liveness into Your Web Application
        • How to Integrate Server-Based Liveness into Your Mobile Application
        • How to Check Your Media for Liveness without Oz Front End
      • On-Device Liveness
        • How to Integrate On-Device Liveness into Your Mobile Application
      • Face Matching
        • How to Add Face Matching of Liveness Video with a Reference Photo From Your Database
        • How to Add Photo ID Capture and Face Matching to Your Web or Mobile Application
  • Guides
    • Developer Guide
      • API
        • Oz API
          • Working with Oz System: Basic Scenarios
            • Authentication
            • Uploading Media
            • Liveness
            • Biometry (Face Matching)
            • Best Shot
            • Blacklist Check
              • Blacklist (Collection) Management in Oz API
            • Quantitative Results
            • Using a Webhook to Get Results
            • Single Request
            • Instant API: Non-Persistent Mode
          • System Objects
          • User Roles
          • Types of Analyses and What They Check
          • Rules of Assigning Analyses
          • Statuses in API
          • Media Tags
          • Metadata
          • API Error Codes
          • Oz API Postman Collections
          • Changelog
        • Oz API Lite
          • API Lite Methods
          • Oz API Lite Postman Collection
          • Changelog
      • SDK
        • Oz Mobile SDK (iOS, Android, Flutter)
          • On-Device Mode
          • Android
            • Getting a License for Android SDK
              • Master License for Android
            • Adding SDK to a Project
            • Connecting SDK to API
            • Capturing Videos
            • Checking Liveness and Face Biometry
            • Customizing Android SDK
              • How to Restore the Previous Design after an Update
            • Android Localization: Adding a Custom or Updating an Existing Language Pack
            • Android SDK Methods and Properties
            • Changelog
          • iOS
            • Getting a License for iOS SDK
              • Master License for iOS
            • Adding SDK to a Client’s Mobile App
            • Connecting SDK to API
            • Capturing Videos
            • Checking Liveness and Face Biometry
            • Customizing iOS SDK Interface
              • How to Restore the Previous Design after an Update
            • iOS Localization: Adding a Custom or Updating an Existing Language Pack
            • iOS SDK Methods and Properties
            • Changelog
          • Flutter
            • How to Install and Use Oz Flutter Plugin
            • Flutter SDK Methods and Properties
            • Changelog
        • Oz Liveness Web SDK
          • Web Plugin
            • Adding the Plugin to Your Web Page
            • Launching the Plugin
              • Description of the on_complete Callback
              • Description of the on_result Callback
              • Capturing Video and Description of the on_capture_complete Callback
              • Description of the on_error Callback
            • Closing or Hiding the Plugin
            • Localization: Adding a Custom Language Pack
            • Look-and-Feel Customization
              • Customization Options for Older Versions (before 1.0.1)
            • Security Recommendations
            • Browser Compatibility
            • No-Server Licensing
          • Changelog
    • Administrator Guide
      • Deployment Architecture
      • Installation in Docker
      • Installation in Kubernetes
      • Performance and Scalability Guide
      • Publishing API Methods in the Internet: Security Recommendations
      • Monitoring
      • License Server
      • Web Adapter Configuration
        • Installation and Licensing
        • Configuration File Settings
        • Configuration Using Environment Variables
        • Server Configuration via Environment Variables
      • Oz API Configuration
    • User Guide
      • Oz Web UI
        • Requesting Analyses
        • Users and Companies
        • Blacklist
        • Statistics
        • Settings
        • Changelog
  • Other
    • Media Quality Requirements
    • Oz SDK Media Quality Checks
    • Media File Size Overview
    • Compatibility
    • FAQ
    • Tips and Tricks
      • Oz Liveness Gestures: Table of Correspondence
      • Sudo without Password
      • Android: Certificate Validation Error
    • Previous Documentation
      • Mobile SDK
        • Android
          • Interactions with the Oz API Server
          • Uploading and Analyzing Media
        • iOS
          • Uploading and Analyzing Media
      • User Guides
        • Oz Demo Kit
        • Web UI
      • Oz Modules Installation
        • Standalone Installer
        • Oz System Lite
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. Guides
  2. Developer Guide
  3. API
  4. Oz API

User Roles

PreviousSystem ObjectsNextTypes of Analyses and What They Check

Last updated 26 days ago

Was this helpful?

Each of the new API users should obtain a role to define access restrictions for direct API connections. Set the role in the user_type field when you create a new user.

  • ADMIN is a system administrator, who has unlimited access to all system objects, but can't change the analyses' statuses;

  • OPERATOR is a system operator, who can view all system objects and choose the analysis result via the Make Decision button (usually needed if the is OPERATOR_REQUIRED);

  • CLIENT is a regular consumer account, who can upload media files, process analyses, view results in personal folders, generate reports for analyses.

    • can_start_analysis_biometry – an additional flag to allow access to analyses (enabled by default);

    • can_start_analysis_quality – an additional flag to allow access to (QUALITY) analyses (enabled by default);

    • can_start_analysis_collection – an additional flag to allow access to analyses (enabled by default).

  • CLIENT ADMIN is a company administrator that can manage their company account and users within it. Additionally, CLIENT ADMIN can view and edit data of all users within their company, delete files in folders, add or delete report templates with or without attachments, the reports themselves and single analyses, check statistics, add new blacklist collections.

  • CLIENT OPERATOR is similar to OPERATOR within their company.

  • CLIENT SERVICE is a service user account for automatic connection purposes. Authentication with this user creates a long-live access token (5 years by default). The token lifetime for regular uses is 15 minutes by default (parameterized) and, also by default, the lifetime of a token is extended with each request (parameterized).

For API versions below 6.0

For API 5.3 and below, to create a CLIENT user with admin or service rights, you require to set the corresponding flags to true:

  • is_admin – if set, the user obtains access to other users' data within this admin's company.

  • is_service is a flag that marks the user account as a service accountfor automatic connection purposes. Authentication with this user creates a long-live access token (5 years by default). The token lifetime for regular uses is 15 minutes by default (parameterized) and, also by default, the lifetime of a token is extended with each request (parameterized).

Here's the detailed information on access levels.

Company

Create

Read

Update

Delete

ADMIN

+

+

+

+

OPERATOR

-

+

-

-

CLIENT

-

their company data

-

-

CLIENT SERVICE

-

their company data

-

-

CLIENT OPERATOR

-

their company data

-

-

CLIENT ADMIN

-

their company data

their company data

their company data

Folder

Create

Read

Update

Delete

ADMIN

+

+

+

+

OPERATOR

+

+

+

-

CLIENT

their folders

their folders

their folders

-

CLIENT SERVICE

within their company

within their company

within their company

-

CLIENT OPERATOR

within their company

within their company

within their company

-

CLIENT ADMIN

within their company

within their company

within their company

within their company

Report template

Create

Read

Update

Delete

ADMIN

+

+

+

+

OPERATOR

+

+

+

-

CLIENT

-

within their company

-

-

CLIENT SERVICE

-

within their company

-

-

CLIENT OPERATOR

within their company

within their company

within their company

-

CLIENT ADMIN

within their company

within their company

within their company

within their company

Report template attachments

Create

Read

Delete

ADMIN

+

+

+

OPERATOR

+

+

-

CLIENT

-

within their company

-

CLIENT SERVICE

-

within their company

-

CLIENT OPERATOR

within their company

within their company

-

CLIENT ADMIN

within their company

within their company

within their company

Report

Create

Read

Delete

ADMIN

+

+

+

OPERATOR

+

+

-

CLIENT

in their folders

in their folders

-

CLIENT SERVICE

within their company

within their company

-

CLIENT OPERATOR

within their company

within their company

-

CLIENT ADMIN

within their company

within their company

within their company

Analysis

Create

Read

Update

Delete

ADMIN

+

+

+

+

OPERATOR

+

+

+

-

CLIENT

in their folders

in their folders

-

-

CLIENT SERVICE

within their company

within their company

within their company

-

CLIENT OPERATOR

within their company

within their company

within their company

-

CLIENT ADMIN

within their company

within their company

within their company

within their company

Collection

Create

Read

Update

Delete

ADMIN

+

+

+

+

OPERATOR

-

+

-

-

CLIENT

-

within their company

-

-

CLIENT SERVICE

within their company

within their company

-

-

CLIENT OPERATOR

-

within their company

-

-

CLIENT ADMIN

within their company

within their company

within their company

within their company

Person

Create

Read

Delete

ADMIN

+

+

+

OPERATOR

-

+

-

CLIENT

-

within their company

-

CLIENT SERVICE

within their company

within their company

-

CLIENT OPERATOR

-

within their company

-

CLIENT ADMIN

within their company

within their company

within their company

Person image

Create

Read

Delete

ADMIN

+

+

+

OPERATOR

-

+

-

CLIENT

-

within their company

-

CLIENT SERVICE

-

within their company

-

CLIENT OPERATOR

-

within their company

-

CLIENT ADMIN

within their company

within their company

within their company

User

Create

Read

Update

Delete

ADMIN

+

+

+

+

OPERATOR

-

+

their data

-

CLIENT

-

their data

their data

-

CLIENT SERVICE

-

within their company

their data

-

CLIENT OPERATOR

-

within their company

their data

-

CLIENT ADMIN

within their company

within their company

within their company

within their company

status
BIOMETRY
LIVENESS
BLACK LIST