Table of Contents

Role Creation using GraphiQL

Mitchell Paul-Soumis Updated by Mitchell Paul-Soumis

Read Time: 4 mins

In our User Role Creation & Best Practices article, we introduced you to one of the ways you could create new roles and set their permissions. While using the in-app interface is perfectly serviceable, we also offer the ability to create these roles using the GraphQL API through the GraphiQL interface, available in your instance by accessing [your instance url]/graphiql.

If you aren't familiar with GraphiQL, we have an introductory article here | How To Use GraphiQL to Understand the Sonar API

Below, we'll provide some example roles, their permissions, and the mutations and parameters needed to create the role using GraphiQL.

Support Agent

Mutation

mutation ($supportAgent: CreateRoleMutationInput) {
  createRole(input: $supportAgent) {
    id
name
  }
}

Parameters

{
"supportAgent": {
"name": "Support Agent",
"applied_permissions": [
"READ_ALL_INVENTORY",
"ASSIGN_ACCOUNT_INVENTORY",
"MODIFY_ACCOUNT_SERVICES",
"UPDATE_ACCOUNT_SERVICE_PARAMETERS",
"UPDATE_ACCOUNT_BILLING_PARAMETERS",
"CREATE_ACCOUNT_TRANSACTIONS",
"READ_ACCOUNT_TRANSACTIONS",
"UPDATE_ACCOUNT_TRANSACTIONS",
"REVERSE_ACCOUNT_TRANSACTIONS",
"CREATE_ACCOUNT",
"READ_ACCOUNT",
"UPDATE_ACCOUNT",
"READ_ACCOUNT_GROUP",
"READ_ACCOUNT_STATUS",
"READ_ACCOUNT_TYPE",
"CREATE_SERVICEABLE_ADDRESS",
"READ_ADDRESS_LIST",
"READ_SERVICEABLE_ADDRESS",
"UPDATE_SERVICEABLE_ADDRESS",
"READ_BILLING_DEFAULT",
"READ_CALL_LOG",
"READ_CANNED_REPLY",
"CREATE_CALL_LOG",
"UPDATE_CALL_LOG",
"UPDATE_CANNED_REPLY",
"CREATE_CANNED_REPLY",
"CREATE_CONTACT",
"UPDATE_CONTACT",
"DELETE_CONTACT",
"READ_CONTRACT",
"CREATE_CUSTOM_FIELD",
"READ_CUSTOM_FIELD",
"UPDATE_CUSTOM_FIELD",
"DELETE_CUSTOM_FIELD",
"READ_DATA_USAGE_HISTORY",
"UPDATE_DATA_USAGE_HISTORY",
"CREATE_EMAIL_MESSAGE",
"READ_EMAIL_MESSAGE",
"UPDATE_EMAIL_MESSAGE",
"CREATE_INVENTORY_ITEM",
"UPDATE_INVENTORY_ITEM",
"DELETE_INVENTORY_ITEM",
"READ_JOB",
"UPDATE_JOB",
"CREATE_JOB",
"DELETE_JOB",
"READ_JOB_TYPE",
"READ_MASS_EMAIL",
"READ_NETWORK_SITE",
"CREATE_NOTE",
"UPDATE_NOTE",
"DELETE_NOTE",
"READ_PACKAGE",
"UPDATE_PACKAGE",
"CREATE_PACKAGE",
"READ_PAYMENT_PROCESSOR",
"CREATE_PAYMENT_METHOD",
"READ_PAYMENT_METHOD",
"UPDATE_PAYMENT_METHOD",
"DELETE_PAYMENT_METHOD",
"CREATE_PAYMENT",
"READ_RADIUS_ACCOUNT",
"CREATE_RADIUS_ACCOUNT",
"UPDATE_RADIUS_ACCOUNT",
"READ_SCHEDULED_EVENT",
"UPDATE_SCHEDULED_EVENT",
"CREATE_SCHEDULED_EVENT",
"READ_SERVICE",
"READ_TICKET",
"CREATE_TICKET",
"UPDATE_TICKET",
"READ_TICKET_CATEGORY",
"CREATE_FILE",
"UPDATE_FILE",
"DELETE_FILE",
"READ_FILE",
"REFUND_PAYMENTS",
"CREATE_DATA_USAGE_TOP_OFF",
"READ_INBOUND_MAILBOX",
"UPDATE_ACCOUNT_LINK",
"READ_NETWORK_SITE_SERVICEABLE_ADDRESS_LIST"
]
}
}

Sales Agent

Mutation

mutation ($salesAgent: CreateRoleMutationInput) {
  createRole(input: $salesAgent) {
    id
name
  }
}

Parameters

{
"salesAgent": {
"name": "Sales Agent",
"applied_permissions": [
"ASSIGN_ACCOUNT_INVENTORY",
"READ_ALL_INVENTORY",
"MODIFY_ACCOUNT_SERVICES",
"UPDATE_ACCOUNT_SERVICE_PARAMETERS",
"UPDATE_ACCOUNT_BILLING_PARAMETERS",
"CREATE_ACCOUNT_TRANSACTIONS",
"READ_ACCOUNT_TRANSACTIONS",
"UPDATE_ACCOUNT_TRANSACTIONS",
"REVERSE_ACCOUNT_TRANSACTIONS",
"CREATE_ACCOUNT",
"READ_ACCOUNT",
"UPDATE_ACCOUNT",
"READ_ACCOUNT_GROUP",
"READ_ACCOUNT_STATUS",
"READ_ACCOUNT_TYPE",
"CREATE_SERVICEABLE_ADDRESS",
"READ_SERVICEABLE_ADDRESS",
"UPDATE_SERVICEABLE_ADDRESS",
"DELETE_SERVICEABLE_ADDRESS",
"READ_CALL_LOG",
"CREATE_CALL_LOG",
"UPDATE_CALL_LOG",
"READ_CANNED_REPLY",
"CREATE_CONTACT",
"UPDATE_CONTACT",
"DELETE_CONTACT",
"READ_CONTRACT",
"UPDATE_CONTRACT",
"CREATE_CONTRACT",
"DELETE_CONTRACT",
"READ_CONTRACT_TEMPLATE",
"READ_CUSTOM_FIELD",
"CREATE_FILE",
"UPDATE_FILE",
"READ_FILE",
"READ_JOB",
"UPDATE_JOB",
"CREATE_JOB",
"DELETE_JOB",
"READ_JOB_TYPE",
"CREATE_NOTE",
"UPDATE_NOTE",
"DELETE_NOTE",
"READ_PACKAGE",
"READ_PAYMENT_PROCESSOR",
"CREATE_PAYMENT_METHOD",
"READ_PAYMENT_METHOD",
"UPDATE_PAYMENT_METHOD",
"DELETE_PAYMENT_METHOD",
"CREATE_PAYMENT",
"READ_RADIUS_ACCOUNT",
"CREATE_RADIUS_ACCOUNT",
"UPDATE_RADIUS_ACCOUNT",
"READ_SCHEDULED_EVENT",
"UPDATE_SCHEDULED_EVENT",
"CREATE_SCHEDULED_EVENT",
"READ_SERVICE",
"READ_TICKET",
"CREATE_TICKET",
"UPDATE_TICKET",
"READ_TICKET_CATEGORY",
"UPDATE_ACCOUNT_LINK",
"REFUND_PAYMENTS",
"UPDATE_SERVICEABLE_ADDRESS",
"READ_NETWORK_SITE_SERVICEABLE_ADDRESS_LIST"
]
}
}

Field Technician

These are the minimum role permissions that would be required for any user to access the Sonar field app.

The last 3 permissions included within the Parameters section below are optional, but recommended:

REVERSE_ACCOUNT_TRANSACTIONS
DELETE_ACCOUNT_TRANSACTIONS
UPDATE_DRIVERS

Mutation

mutation ($fieldTech: CreateRoleMutationInput) {
  createRole(input: $fieldTech) {
    id
name
  }
}

Parameters

{
"fieldTech": {
"name": "Field Technician",
"applied_permissions": [
"UPDATE_TASK",
"CREATE_NOTE",
"UPDATE_NOTE",
"DELETE_NOTE",
"READ_FILE",
"CREATE_FILE",
"UPDATE_FILE",
"DELETE_FILE",
"CHECK_IN_OWN_JOB",
"COMPLETE_OWN_JOB",
"MODIFY_ACCOUNT_SERVICES",
"CREATE_PAYMENT_METHOD",
"CREATE_ACCOUNT_TRANSACTIONS",
"CREATE_PAYMENT",
"ASSIGN_ACCOUNT_INVENTORY",
"CREATE_IP_ASSIGNMENT",
"CREATE_RADIUS_ACCOUNT",
"READ_ACCOUNT",
"READ_PAYMENT_METHOD",
"READ_ACCOUNT_TRANSACTIONS",
"READ_ALL_INVENTORY",
"READ_IP_ASSIGNMENT",
"READ_RADIUS_ACCOUNT",
"READ_SCHEDULED_EVENT",
"READ_CONTRACT",
"UPDATE_ACCOUNT",
"UPDATE_PAYMENT_METHOD",
"UPDATE_IP_ASSIGNMENT",
"UPDATE_RADIUS_ACCOUNT",
"DELETE_IP_ASSIGNMENT",
"DELETE_RADIUS_ACCOUNT",
"UPDATE_INVENTORY_ITEM",
"READ_NETWORK_SITE",
"READ_NETWORK_MONITORING_TEMPLATE",
"READ_ALERTING_ROTATION",
"READ_JOB",
"UPDATE_JOB",
"CREATE_TICKET",
"READ_TICKET",
"UPDATE_TICKET",
"READ_SERVICE",
"READ_SERVICEABLE_ADDRESS",
"READ_INLINE_DEVICE",
"READ_PACKAGE",
"READ_PHONE_NUMBER_TYPE",
"READ_DHCP_SERVER",
"REVERSE_ACCOUNT_TRANSACTIONS",
"DELETE_ACCOUNT_TRANSACTIONS",
"UPDATE_DRIVERS",
"READ_CALENDAR",
"CREATE_CALENDAR",
"UPDATE_CALENDAR",
"DELETE_CALENDAR"
]
}
}

Customer Portal User

Mutation

mutation createRole($customer_portal: CreateRoleMutationInput) {
createRole(input: $customer_portal) {
name
}
}

Parameters

{
"customer_portal":
{
"name": "Customer Portal",
"applied_permissions": [
"READ_DATA_USAGE_HISTORY",
"CREATE_TICKET",
"READ_TICKET",
"UPDATE_TICKET",
"CREATE_PAYMENT_METHOD",
"CREATE_PAYMENT",
"READ_ACCOUNT",
"READ_PAYMENT_METHOD",
"READ_ACCOUNT_TRANSACTIONS",
"READ_CONTRACT",
"UPDATE_PAYMENT_METHOD",
"UPDATE_ACCOUNT_TRANSACTIONS",
"CREATE_CONTACT",
"UPDATE_CONTACT",
"DELETE_CONTACT",
"UPDATE_CONTRACT",
"DELETE_PAYMENT_METHOD",
"CREATE_ACCOUNT_TRANSACTIONS",
"READ_INVOICE_ATTACHMENT",
"READ_INVOICE_MESSAGE",
"READ_SERVICE",
"CREATE_DATA_USAGE_TOP_OFF",
"READ_PACKAGE",
"MODIFY_ACCOUNT_SERVICES",
"READ_PAYMENT_PROCESSOR",
"UPDATE_ACCOUNT",
"READ_INBOUND_MAILBOX"
],
"note": {
"message": "Customer Portal",
"priority": "NORMAL"
}
}
}

Read-Only User for 3rd Party Development (or other use)

This role is being given read-only permissions to the entire Sonar instance. Your particular use case will likely require modification to specific permissions in order to cover a wide range of scenarios.

Mutation

mutation createRole($read_only: CreateRoleMutationInput) {
createRole(input: $read_only) {
name
}
}

Parameters

{
"read_only":
{
"name": "Read-only",
"applied_permissions": [
"READ_ACCESS_LOG",
"READ_ACCOUNT",
"READ_ACCOUNT_GROUP",
"READ_ACCOUNT_REPORTS",
"READ_ACCOUNT_STATUS",
"READ_ACCOUNT_TRANSACTIONS",
"READ_ACCOUNT_TYPE",
"READ_ACH_BATCH",
"READ_ADDRESS_LIST",
"READ_ALERTING_ROTATION",
"READ_ALL_INVENTORY",
"READ_ALL_LOGS",
"READ_APPLICATION_FIREWALL_RULE",
"READ_BILLING_DEFAULT",
"READ_CABLE_MODEM_PROVISIONER",
"READ_CALL_DETAIL_RECORD",
"READ_CALL_DETAIL_RECORD_IMPORT",
"READ_CALL_LOG",
"READ_CANNED_REPLY",
"READ_CONTRACT",
"READ_CONTRACT_TEMPLATE",
"READ_CUSTOM_FIELD",
"READ_DAILY_AGGREGATE_VALUES",
"READ_DATA_USAGE_HISTORY",
"READ_DELINQUENCY_EXCLUSION",
"READ_DEPOSIT_SLIP",
"READ_DHCP_SERVER",
"READ_DID",
"READ_DID_ASSIGNMENT",
"READ_MESSAGE_CATEGORY",
"READ_EMAIL_DOMAIN",
"READ_EMAIL_MESSAGE",
"READ_EXTERNAL_MARKETING",
"READ_FCC_FORM_477_REPORT",
"READ_FILE",
"READ_FINANCIAL_REPORTS",
"READ_GENERAL_LEDGER_CODE",
"READ_GEOFENCE",
"READ_GPS_TRACKING_PROVIDER",
"READ_INBOUND_MAILBOX",
"READ_INLINE_DEVICE",
"READ_INVOICE_ATTACHMENT",
"READ_INVOICE_MESSAGE",
"READ_IP_ASSIGNMENT",
"READ_JOB",
"READ_JOB_TYPE",
"READ_LIMITED_INVENTORY",
"READ_LTE_PROVIDER",
"READ_MASS_EMAIL",
"READ_NETFLOW_ENDPOINT",
"READ_NETWORK_MONITORING_TEMPLATE",
"READ_NETWORK_SITE",
"READ_NON_INVENTORY_ITEM",
"READ_PACKAGE",
"READ_PAYMENT_METHOD",
"READ_PAYMENT_PROCESSOR",
"READ_PHONE_NUMBER_TYPE",
"READ_POLLER",
"READ_PRINTED_INVOICE_BATCH",
"READ_RADIUS_ACCOUNT",
"READ_RADIUS_GROUP",
"READ_RADIUS_SERVER",
"READ_SCHEDULED_EVENT",
"READ_SCHEDULE_ADDRESS",
"READ_SCHEDULE_AVAILABILITY",
"READ_SCHEDULE_BLOCKER",
"READ_SCHEDULE_TIME_OFF",
"READ_SEARCH_FILTER",
"READ_SERVICE",
"READ_SERVICEABLE_ADDRESS",
"READ_SNMP_OVERRIDE",
"READ_TASK_TEMPLATE",
"READ_TAX",
"READ_TAX_EXEMPTION",
"READ_TAX_PROVIDER",
"READ_TICKET",
"READ_TICKET_CATEGORY",
"READ_TICKET_GROUP",
"READ_TIMESERIES_DATA",
"READ_TOWERCOVERAGE_CONFIGURATION",
"READ_TOWERCOVERAGE_SUBMISSION",
"READ_TRIGGERED_EMAIL",
"READ_UNINVENTORIED_MAC_ADDRESS",
"READ_VENDOR",
"READ_VENDOR_ITEM",
"READ_VOICE_PROVIDER",
"READ_VOICE_PROVIDER_RATE",
"READ_VOICE_PROVIDER_RATE_IMPORT",
"READ_WEBHOOK_ENDPOINT",
"READ_WEBHOOK_ENDPOINT_EVENT"
],
"note": {
"message": "Read Only",
"priority": "NORMAL"
}
}
}

How did we do?

Removing a Terminated Employee In Sonar

User Role Creation & Best Practices

Contact