Permissions⚓︎
Permissions describe which resources users and API clients are allowed to access within your OneAPI fleet.
Basics⚓︎
Permissions can be assigned to users and API clients. In order to access a set of resources, the corresponding permission is required.
Use permissions to control and limit access to your fleet.
Example
If one of your fleet’s users has the permission vehicle-commands
, they are allowed to send vehicle commands to all of your fleet’s vehicles.
If one of your fleet’s users has the permission vehicles
, they are allowed to view and edit data (such as master data) of all of your fleet’s vehicles.
Read-only⚓︎
Some permissions have a corresponding read-only permission. While the original permission allows you to modify a resource, the read-only permission allows you to only view the resource. If you have the original permission, you automatically have the corresponding read-only permission. All read-only permissions’ names end with .ro
.
Example
The permission vehicles.ro
is a read-only permission and allows you to view vehicles in your fleet. Its corresponding original permission vehicles
allows you to view and edit vehicles in your fleet. Having permission vehicles
means also having vehicles.ro
.
Permissions and scopes⚓︎
Permissions are part of the INVERS OneAPI’s domain model. The OAuth 2.0 standard uses the concept of ‘scopes’ to grant access to a particular resource to a user and/or application. When inviting users to your fleet or creating API clients for your applications, you only need to think about the permissions. We make sure that your users and API clients receive the corresponding OAuth scopes automatically.
Both, scopes and permissions, are documented for each path in the API:
- The required ‘OAuth scope’ is documented in the
security/OAuth2
property. - The required ‘OneAPI permission’ is documented as OpenAPI specification extension
x-invers-permission
.
Example
List of permissions⚓︎
Permission | Name | Description |
---|---|---|
vehicles |
Vehicles | Manage vehicle information (e.g., license plate, tags). View most recent vehicle state data (Inspect). View archived vehicles. |
⤷ vehicles.ro |
Vehicles Read-Only | View vehicle information (e.g., license plate, tags). View most recent vehicle state data (Inspect). View archived vehicles. 1 |
vehicle-history |
Extended Vehicle History | View historical data and events of vehicles, including driving analysis events and trips. |
vehicle-commands |
Vehicle Commands | Send commands to vehicles, such as lock/unlock central lock. |
connectivity-commands |
Connectivity Commands | Send commands to control the connectivity, such as SIM suspension/activation or SIM network detach. (CloudBoxx only) |
vehicle-offline-access |
Vehicle Offline Access | Grant offline access to vehicles (e.g., by creating CloudBoxx Bluetooth tokens). |
vehicle-lifecycle |
Vehicle Lifecycle | Add vehicles to fleet. Configure existing vehicles and telematics units (e.g., CloudBoxx). Archive vehicles. |
vehicle-config |
Vehicle Configuration | Manage configuration of vehicles and installed telematics units (e.g., tracking, driving events, thresholds). |
vehicle-archive |
Vehicle Archive | Permanently remove archived vehicles. |
vehicle-protection |
Vehicle Protection | View and manage list of potential theft, fraud, and vandalism cases. 2 |
fleet-sharing |
FleetShare | Share your vehicles with other fleets. Manage vehicles shared with you from other fleets. 3 |
⤷ fleet-sharing:share |
Share Vehicles | Share your vehicles with other fleets. Revoke your vehicles that are shared with other fleets. |
⤷ fleet-sharing:return |
Return Vehicles | Return vehicles shared to you to their origin fleet. |
fleet-settings |
Fleet Settings | Manage fleet-related settings, such as speeding threshold, imperial vs. metric unit display. |
⤷ fleet-settings.ro |
Fleet Settings Read-Only | View fleet-related settings, such as speeding threshold, imperial vs. metric unit display. |
users:fleet |
Fleet Users | Manage your fleet’s users and their permissions. Invite new users to fleet. Remove users from fleet. |
⤷ users:fleet.ro |
Fleet Users Read-Only | View your fleet’s users and their permissions. |
auth-clients:fleet |
API Clients | Manage your fleet’s API clients and their permissions. API Clients are required to integrate against the INVERS OneAPI via REST. |
⤷ auth-clients:fleet.ro |
API Clients Read-Only | View your fleet’s API clients and their permissions. API Clients are required to integrate against the INVERS OneAPI via REST. |
event-subs |
Event Consumers | Manage event consumers and their credentials, and decide which event topics to subscribe to. Event consumers are required to consume events from INVERS RabbitMQ queues. |
⤷ event-subs.ro |
Event Consumers Read-Only | View event consumers and their credentials, as well as subscribed event topics. Event consumers are required to consume events from INVERS RabbitMQ queues. |
telematics-creds |
Telematics Credentials | Manage credentials to OEM Integrations (third-party telematics). |
⤷ telematics-creds.ro |
Telematics Credentials Read-Only | View credentials to OEM Integrations (third-party telematics). |
-
All users need the ‘Vehicles Read-Only’ permission to be able to use FleetControl. ↩
-
The Vehicle Protection feature needs to be activated for your fleet for this permission to work. ↩
-
The FleetShare feature needs to be activated for your fleet for this permission to work. The same applies to the
fleet-sharing:share
andfleet-sharing:return
permissions. ↩