Skip to content

Permissions⚓︎

Permissions describe which resources users and clients are allowed to access within your OneAPI fleet.

Basics⚓︎

Permissions can be assigned to users and clients. In order to access a set of resources, the corresponding permission is required.

Use permissions to control and limit access to your fleet.

Example

If one of your fleet’s users has the permission vehicle-commands, they are allowed to send vehicle commands to all of your fleet’s vehicles.

If one of your fleet’s users has the permission vehicles, they are allowed to view and edit data (such as master data) of all of your fleet’s vehicles.

Read-only⚓︎

Some permissions have a corresponding read-only permission. While the original permission allows you to modify a resource, the read-only permission allows you to only view the resource. If you have the original permission, you automatically have the corresponding read-only permission. All read-only permissions’ names end with .ro.

Example

The permission vehicles.ro is a read-only permission and allows you to view vehicles in your fleet. Its corresponding original permission vehicles allows you to view and edit vehicles in your fleet. Having permission vehicles means also having vehicles.ro.

Permissions and scopes⚓︎

Permissions are part of the INVERS OneAPI’s domain model. The OAuth 2.0 standard uses the concept of ‘scopes’ to grant access to a particular resource to a user and/or application. When inviting users to your fleet or creating clients for your applications, you only need to think about the permissions. We make sure that your users and clients receive the corresponding OAuth scopes automatically.

Both, scopes and permissions, are documented for each path in the API:

  • The required ‘OAuth scope’ is documented in the security/OAuth2 property.
  • The required ‘OneAPI permission’ is documented as OpenAPI specification extension x-invers-permission.

Example

The required permission is shown as “invers-permission” at each path.

List of permissions⚓︎

Permission Name Description
vehicles Vehicles Manage vehicle information (e.g., license plate, tags). View most recent vehicle state data (Inspect). View archived vehicles.
  ⤷ vehicles.ro Vehicles Read-Only View vehicle information (e.g., license plate, tags). View most recent vehicle state data (Inspect). View archived vehicles. 1
vehicle-history Extended Vehicle History View historical data and events of vehicles, including driving analysis events and trips.
vehicle-commands Vehicle Commands Send commands to vehicles, such as lock/unlock central lock.
connectivity-commands Connectivity Commands Send commands to control the connectivity, such as SIM suspension/activation or SIM network detach. (CloudBoxx only)
vehicle-offline-access Vehicle Offline Access Grant offline access to vehicles (e.g., by creating CloudBoxx Bluetooth tokens).
vehicle-lifecycle Vehicle Lifecycle Add vehicles to fleet. Configure existing vehicles and telematics units (e.g., CloudBoxx). Archive vehicles.
vehicle-config Vehicle Configuration Manage configuration of vehicles and installed telematics units (e.g., tracking, driving events, thresholds).
vehicle-archive Vehicle Archive Permanently remove archived vehicles.
vehicle-protection Vehicle Protection View and manage list of potential theft, fraud, and vandalism cases. 2
fleet-sharing FleetShare Share your vehicles with other fleets. Manage vehicles shared with you from other fleets. 3
  ⤷ fleet-sharing:share Share Vehicles Share your vehicles with other fleets. Revoke your vehicles that are shared with other fleets.
  ⤷ fleet-sharing:return Return Vehicles Return vehicles shared to you to their origin fleet.
fleet-settings Fleet Settings Manage fleet-related settings, such as speeding threshold, imperial vs. metric unit display.
  ⤷ fleet-settings.ro Fleet Settings Read-Only View fleet-related settings, such as speeding threshold, imperial vs. metric unit display.
users:fleet Fleet Users Manage your fleet’s users and their permissions. Invite new users to fleet. Remove users from fleet.
  ⤷ users:fleet.ro Fleet Users Read-Only View your fleet’s users and their permissions.
auth-clients:fleet Fleet Clients Manage your fleet’s clients and their permissions. Clients are required to integrate against the INVERS OneAPI via REST.
  ⤷ auth-clients:fleet.ro Fleet Clients Read-Only View your fleet’s clients and their permissions. Clients are required to integrate against the INVERS OneAPI via REST.
event-subs Event Subscription Manage event consumers and their credentials, and decide which event topics to subscribe to. Event consumers are required to consume events from INVERS AMQP queues.
  ⤷ event-subs.ro Event Subscription Read-Only View event consumers and their credentials, as well as subscribed event topics. Event consumers are required to consume events from INVERS AMQP queues.
telematics-creds Telematics Credentials Manage credentials to OEM Integrations (third-party telematics).
  ⤷ telematics-creds.ro Telematics Credentials Read-Only View credentials to OEM Integrations (third-party telematics).

  1. All users need the ‘Vehicles Read-Only’ permission to be able to use FleetControl. 

  2. The Vehicle Protection feature needs to be activated for your fleet for this permission to work. 

  3. The FleetShare feature needs to be activated for your fleet for this permission to work. The same applies to the fleet-sharing:share and fleet-sharing:return permissions.