Table of Contents
Role Creation using GraphiQL
Updated
by Mitchell Paul-Soumis
Read Time: 4 mins
In our User Role Creation & Best Practices article, we introduced you to one of the ways you could create new roles and set their permissions. While using the in-app interface is perfectly serviceable, we also offer the ability to create these roles using the GraphQL API through the GraphiQL interface, available in your instance by accessing [your instance url]/graphiql.
If you aren't familiar with GraphiQL, we have an introductory article here | How To Use GraphiQL to Understand the Sonar API
Below, we'll provide some example roles, their permissions, and the mutations and parameters needed to create the role using GraphiQL.
Support Agent
Mutation
mutation ($supportAgent: CreateRoleMutationInput) {
createRole(input: $supportAgent) {
id
name
}
}Parameters
{
"supportAgent": {
"name": "Support Agent",
"applied_permissions": [
"READ_ALL_INVENTORY",
"ASSIGN_ACCOUNT_INVENTORY",
"MODIFY_ACCOUNT_SERVICES",
"UPDATE_ACCOUNT_SERVICE_PARAMETERS",
"UPDATE_ACCOUNT_BILLING_PARAMETERS",
"CREATE_ACCOUNT_TRANSACTIONS",
"READ_ACCOUNT_TRANSACTIONS",
"UPDATE_ACCOUNT_TRANSACTIONS",
"REVERSE_ACCOUNT_TRANSACTIONS",
"CREATE_ACCOUNT",
"READ_ACCOUNT",
"UPDATE_ACCOUNT",
"READ_ACCOUNT_GROUP",
"READ_ACCOUNT_STATUS",
"READ_ACCOUNT_TYPE",
"CREATE_SERVICEABLE_ADDRESS",
"READ_ADDRESS_LIST",
"READ_SERVICEABLE_ADDRESS",
"UPDATE_SERVICEABLE_ADDRESS",
"READ_BILLING_DEFAULT",
"READ_CALL_LOG",
"READ_CANNED_REPLY",
"CREATE_CALL_LOG",
"UPDATE_CALL_LOG",
"UPDATE_CANNED_REPLY",
"CREATE_CANNED_REPLY",
"CREATE_CONTACT",
"UPDATE_CONTACT",
"DELETE_CONTACT",
"READ_CONTRACT",
"CREATE_CUSTOM_FIELD",
"READ_CUSTOM_FIELD",
"UPDATE_CUSTOM_FIELD",
"DELETE_CUSTOM_FIELD",
"READ_DATA_USAGE_HISTORY",
"UPDATE_DATA_USAGE_HISTORY",
"CREATE_EMAIL_MESSAGE",
"READ_EMAIL_MESSAGE",
"UPDATE_EMAIL_MESSAGE",
"CREATE_INVENTORY_ITEM",
"UPDATE_INVENTORY_ITEM",
"DELETE_INVENTORY_ITEM",
"READ_JOB",
"UPDATE_JOB",
"CREATE_JOB",
"DELETE_JOB",
"READ_JOB_TYPE",
"READ_MASS_EMAIL",
"READ_NETWORK_SITE",
"CREATE_NOTE",
"UPDATE_NOTE",
"DELETE_NOTE",
"READ_PACKAGE",
"UPDATE_PACKAGE",
"CREATE_PACKAGE",
"READ_PAYMENT_PROCESSOR",
"CREATE_PAYMENT_METHOD",
"READ_PAYMENT_METHOD",
"UPDATE_PAYMENT_METHOD",
"DELETE_PAYMENT_METHOD",
"CREATE_PAYMENT",
"READ_RADIUS_ACCOUNT",
"CREATE_RADIUS_ACCOUNT",
"UPDATE_RADIUS_ACCOUNT",
"READ_SCHEDULED_EVENT",
"UPDATE_SCHEDULED_EVENT",
"CREATE_SCHEDULED_EVENT",
"READ_SERVICE",
"READ_TICKET",
"CREATE_TICKET",
"UPDATE_TICKET",
"READ_TICKET_CATEGORY",
"CREATE_FILE",
"UPDATE_FILE",
"DELETE_FILE",
"READ_FILE",
"REFUND_PAYMENTS",
"CREATE_DATA_USAGE_TOP_OFF",
"READ_INBOUND_MAILBOX",
"UPDATE_ACCOUNT_LINK",
"READ_NETWORK_SITE_SERVICEABLE_ADDRESS_LIST"
]
}
}Sales Agent
Mutation
mutation ($salesAgent: CreateRoleMutationInput) {
createRole(input: $salesAgent) {
id
name
}
}Parameters
{
"salesAgent": {
"name": "Sales Agent",
"applied_permissions": [
"ASSIGN_ACCOUNT_INVENTORY",
"READ_ALL_INVENTORY",
"MODIFY_ACCOUNT_SERVICES",
"UPDATE_ACCOUNT_SERVICE_PARAMETERS",
"UPDATE_ACCOUNT_BILLING_PARAMETERS",
"CREATE_ACCOUNT_TRANSACTIONS",
"READ_ACCOUNT_TRANSACTIONS",
"UPDATE_ACCOUNT_TRANSACTIONS",
"REVERSE_ACCOUNT_TRANSACTIONS",
"CREATE_ACCOUNT",
"READ_ACCOUNT",
"UPDATE_ACCOUNT",
"READ_ACCOUNT_GROUP",
"READ_ACCOUNT_STATUS",
"READ_ACCOUNT_TYPE",
"CREATE_SERVICEABLE_ADDRESS",
"READ_SERVICEABLE_ADDRESS",
"UPDATE_SERVICEABLE_ADDRESS",
"DELETE_SERVICEABLE_ADDRESS",
"READ_CALL_LOG",
"CREATE_CALL_LOG",
"UPDATE_CALL_LOG",
"READ_CANNED_REPLY",
"CREATE_CONTACT",
"UPDATE_CONTACT",
"DELETE_CONTACT",
"READ_CONTRACT",
"UPDATE_CONTRACT",
"CREATE_CONTRACT",
"DELETE_CONTRACT",
"READ_CONTRACT_TEMPLATE",
"READ_CUSTOM_FIELD",
"CREATE_FILE",
"UPDATE_FILE",
"READ_FILE",
"READ_JOB",
"UPDATE_JOB",
"CREATE_JOB",
"DELETE_JOB",
"READ_JOB_TYPE",
"CREATE_NOTE",
"UPDATE_NOTE",
"DELETE_NOTE",
"READ_PACKAGE",
"READ_PAYMENT_PROCESSOR",
"CREATE_PAYMENT_METHOD",
"READ_PAYMENT_METHOD",
"UPDATE_PAYMENT_METHOD",
"DELETE_PAYMENT_METHOD",
"CREATE_PAYMENT",
"READ_RADIUS_ACCOUNT",
"CREATE_RADIUS_ACCOUNT",
"UPDATE_RADIUS_ACCOUNT",
"READ_SCHEDULED_EVENT",
"UPDATE_SCHEDULED_EVENT",
"CREATE_SCHEDULED_EVENT",
"READ_SERVICE",
"READ_TICKET",
"CREATE_TICKET",
"UPDATE_TICKET",
"READ_TICKET_CATEGORY",
"UPDATE_ACCOUNT_LINK",
"REFUND_PAYMENTS",
"UPDATE_SERVICEABLE_ADDRESS",
"READ_NETWORK_SITE_SERVICEABLE_ADDRESS_LIST"
]
}
}Field Technician
These are the minimum role permissions that would be required for any user to access the Sonar field app.
The last 3 permissions included within the Parameters section below are optional, but recommended:
REVERSE_ACCOUNT_TRANSACTIONS
DELETE_ACCOUNT_TRANSACTIONS
UPDATE_DRIVERS
The last 3 permissions included within the Parameters section below are optional, but recommended:
REVERSE_ACCOUNT_TRANSACTIONS
DELETE_ACCOUNT_TRANSACTIONS
UPDATE_DRIVERS
Additional Inventory Permissions can be added for technicians tasked with the removal of Segmentable Inventory, “
DELETE_INVENTORY_ITEM". However, adding this permission would also allow the technician to delete any inventory item in the instance, as such, it's recommended to add it only when absolutely required.Mutation
mutation ($fieldTech: CreateRoleMutationInput) {
createRole(input: $fieldTech) {
id
name
}
}Parameters
{
"fieldTech": {
"name": "Field Technician",
"applied_permissions": [
"UPDATE_TASK",
"CREATE_NOTE",
"UPDATE_NOTE",
"DELETE_NOTE",
"READ_FILE",
"CREATE_FILE",
"UPDATE_FILE",
"DELETE_FILE",
"CHECK_IN_OWN_JOB",
"COMPLETE_OWN_JOB",
"MODIFY_ACCOUNT_SERVICES",
"CREATE_PAYMENT_METHOD",
"CREATE_ACCOUNT_TRANSACTIONS",
"CREATE_PAYMENT",
"ASSIGN_ACCOUNT_INVENTORY",
"CREATE_IP_ASSIGNMENT",
"CREATE_RADIUS_ACCOUNT",
"READ_ACCOUNT",
"READ_PAYMENT_METHOD",
"READ_ACCOUNT_TRANSACTIONS",
"READ_ALL_INVENTORY",
"READ_IP_ASSIGNMENT",
"READ_RADIUS_ACCOUNT",
"READ_SCHEDULED_EVENT",
"READ_CONTRACT",
"UPDATE_ACCOUNT",
"UPDATE_PAYMENT_METHOD",
"UPDATE_IP_ASSIGNMENT",
"UPDATE_RADIUS_ACCOUNT",
"DELETE_IP_ASSIGNMENT",
"DELETE_RADIUS_ACCOUNT",
"CREATE_INVENTORY_ITEM",
"UPDATE_INVENTORY_ITEM",
"READ_NETWORK_SITE",
"READ_NETWORK_MONITORING_TEMPLATE",
"READ_ALERTING_ROTATION",
"READ_JOB",
"UPDATE_JOB",
"CREATE_TICKET",
"READ_TICKET",
"UPDATE_TICKET",
"READ_SERVICE",
"READ_SERVICEABLE_ADDRESS",
"READ_INLINE_DEVICE",
"READ_PACKAGE",
"READ_PHONE_NUMBER_TYPE",
"READ_DHCP_SERVER",
"REVERSE_ACCOUNT_TRANSACTIONS",
"DELETE_ACCOUNT_TRANSACTIONS",
"UPDATE_DRIVERS",
"READ_CALENDAR",
"CREATE_CALENDAR",
"UPDATE_CALENDAR",
"DELETE_CALENDAR"
]
}
}Customer Portal User
Check out our full guide on Adding a Customer Portal to Your Sonar Instance
Mutation
mutation createRole($customer_portal: CreateRoleMutationInput) {
createRole(input: $customer_portal) {
name
}
}Parameters
{
"customer_portal":
{
"name": "Customer Portal",
"applied_permissions": [
"READ_DATA_USAGE_HISTORY",
"CREATE_TICKET",
"READ_TICKET",
"UPDATE_TICKET",
"CREATE_PAYMENT_METHOD",
"CREATE_PAYMENT",
"READ_ACCOUNT",
"READ_PAYMENT_METHOD",
"READ_ACCOUNT_TRANSACTIONS",
"READ_CONTRACT",
"UPDATE_PAYMENT_METHOD",
"UPDATE_ACCOUNT_TRANSACTIONS",
"CREATE_CONTACT",
"UPDATE_CONTACT",
"DELETE_CONTACT",
"UPDATE_CONTRACT",
"DELETE_PAYMENT_METHOD",
"CREATE_ACCOUNT_TRANSACTIONS",
"READ_INVOICE_ATTACHMENT",
"READ_INVOICE_MESSAGE",
"READ_SERVICE",
"CREATE_DATA_USAGE_TOP_OFF",
"READ_PACKAGE",
"MODIFY_ACCOUNT_SERVICES",
"READ_PAYMENT_PROCESSOR",
"UPDATE_ACCOUNT",
"READ_INBOUND_MAILBOX"
],
"note": {
"message": "Customer Portal",
"priority": "NORMAL"
}
}
}Read-Only User for 3rd Party Development (or other use)
This role is being given read-only permissions to the entire Sonar instance. Your particular use case will likely require modification to specific permissions in order to cover a wide range of scenarios.
Mutation
mutation createRole($read_only: CreateRoleMutationInput) {
createRole(input: $read_only) {
name
}
}Parameters
{
"read_only":
{
"name": "Read-only",
"applied_permissions": [
"READ_ACCESS_LOG",
"READ_ACCOUNT",
"READ_ACCOUNT_GROUP",
"READ_ACCOUNT_REPORTS",
"READ_ACCOUNT_STATUS",
"READ_ACCOUNT_TRANSACTIONS",
"READ_ACCOUNT_TYPE",
"READ_ACH_BATCH",
"READ_ADDRESS_LIST",
"READ_ALERTING_ROTATION",
"READ_ALL_INVENTORY",
"READ_ALL_LOGS",
"READ_APPLICATION_FIREWALL_RULE",
"READ_BILLING_DEFAULT",
"READ_CABLE_MODEM_PROVISIONER",
"READ_CALL_DETAIL_RECORD",
"READ_CALL_DETAIL_RECORD_IMPORT",
"READ_CALL_LOG",
"READ_CANNED_REPLY",
"READ_CONTRACT",
"READ_CONTRACT_TEMPLATE",
"READ_CUSTOM_FIELD",
"READ_DAILY_AGGREGATE_VALUES",
"READ_DATA_USAGE_HISTORY",
"READ_DELINQUENCY_EXCLUSION",
"READ_DEPOSIT_SLIP",
"READ_DHCP_SERVER",
"READ_DID",
"READ_DID_ASSIGNMENT",
"READ_MESSAGE_CATEGORY",
"READ_EMAIL_DOMAIN",
"READ_EMAIL_MESSAGE",
"READ_EXTERNAL_MARKETING",
"READ_FCC_FORM_477_REPORT",
"READ_FILE",
"READ_FINANCIAL_REPORTS",
"READ_GENERAL_LEDGER_CODE",
"READ_GEOFENCE",
"READ_GPS_TRACKING_PROVIDER",
"READ_INBOUND_MAILBOX",
"READ_INLINE_DEVICE",
"READ_INVOICE_ATTACHMENT",
"READ_INVOICE_MESSAGE",
"READ_IP_ASSIGNMENT",
"READ_JOB",
"READ_JOB_TYPE",
"READ_LIMITED_INVENTORY",
"READ_LTE_PROVIDER",
"READ_MASS_EMAIL",
"READ_NETFLOW_ENDPOINT",
"READ_NETWORK_MONITORING_TEMPLATE",
"READ_NETWORK_SITE",
"READ_NON_INVENTORY_ITEM",
"READ_PACKAGE",
"READ_PAYMENT_METHOD",
"READ_PAYMENT_PROCESSOR",
"READ_PHONE_NUMBER_TYPE",
"READ_POLLER",
"READ_PRINTED_INVOICE_BATCH",
"READ_RADIUS_ACCOUNT",
"READ_RADIUS_GROUP",
"READ_RADIUS_SERVER",
"READ_SCHEDULED_EVENT",
"READ_SCHEDULE_ADDRESS",
"READ_SCHEDULE_AVAILABILITY",
"READ_SCHEDULE_BLOCKER",
"READ_SCHEDULE_TIME_OFF",
"READ_SEARCH_FILTER",
"READ_SERVICE",
"READ_SERVICEABLE_ADDRESS",
"READ_SNMP_OVERRIDE",
"READ_TASK_TEMPLATE",
"READ_TAX",
"READ_TAX_EXEMPTION",
"READ_TAX_PROVIDER",
"READ_TICKET",
"READ_TICKET_CATEGORY",
"READ_TICKET_GROUP",
"READ_TIMESERIES_DATA",
"READ_TOWERCOVERAGE_CONFIGURATION",
"READ_TOWERCOVERAGE_SUBMISSION",
"READ_TRIGGERED_EMAIL",
"READ_UNINVENTORIED_MAC_ADDRESS",
"READ_VENDOR",
"READ_VENDOR_ITEM",
"READ_VOICE_PROVIDER",
"READ_VOICE_PROVIDER_RATE",
"READ_VOICE_PROVIDER_RATE_IMPORT",
"READ_WEBHOOK_ENDPOINT",
"READ_WEBHOOK_ENDPOINT_EVENT"
],
"note": {
"message": "Read Only",
"priority": "NORMAL"
}
}
}
