Roles

A role is a named collection of privileges outlining a specific set of actions a user can perform. Using roles simplifies permission management by allowing you to assign a single role to a user rather than configuring multiple individual privileges.

A role can include an unlimited number of privileges.

Predefined roles

Tuum provides two predefined roles:

ADMIN — Can view and manage all company-related data, including full employee management capabilities.
SYSTEM — Designed for principals accessing the system via APIs, such as third-party applications or internal microservices.

You may use the predefined roles as provided, but you are not allowed to modify them.

Create roles

Beyond these predefined roles, you can create custom roles tailored to your organisation's specific needs.

Use the Create role endpoint to create a new custom role. In the request body, specify the privileges that should be included in the role.

Shell (bash)

curl -L -X POST 'https://auth-api.sandbox.tuumplatform.com/api/v1/roles/create' \
-H 'x-auth-token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoiTGlpdmEgS2FzdCIsImVtcGxveWVlSWQiOiJJRC0xMDcxIiwidGVuYW50Q29kZSI6Ik1CIiwiZXhwaXJ5RFRpbWUiOiIyMDI1LTEyLTE2VDE0OjIzOjExIiwiZXhwIjoxNzY1ODk0OTkxLCJyb2xlcyI6WyJBRE1JTiIsIkRBU0hCT0FSRF9CQUxBTkNFX1ZJRVdFUiIsIlNZU1RFTSJdfQ.nSENNpNY72ELoHTD5i34y4RXQHrrZGPHZwO5QRDsnaU' \
-H 'Content-Type: application/json' \
-d '{
  "roleCode": "TEST_ROLE",
  "privileges": [
    "ADD_ACCOUNT",
    "ACTIVATE_ACCOUNT",
    "ADD_PERSON_FILE",
    "MANAGE_ACCOUNT",
    "DELETE_PERSON_DOCUMENT"
  ],
  "description": "Test role creation"
}'

Manage roles

The following API endpoints are available for managing roles in Tuum.

Use the Get all roles endpoint to view all defined roles in the Tuum system.

Shell (bash)

curl -L -X GET 'https://auth-api.sandbox.tuumplatform.com/api/v2/roles' \
-H 'x-auth-token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoiTGlpdmEgS2FzdCIsImVtcGxveWVlSWQiOiJJRC0xMDcxIiwidGVuYW50Q29kZSI6Ik1CIiwiZXhwaXJ5RFRpbWUiOiIyMDI1LTEyLTE2VDE0OjIzOjExIiwiZXhwIjoxNzY1ODk0OTkxLCJyb2xlcyI6WyJBRE1JTiIsIkRBU0hCT0FSRF9CQUxBTkNFX1ZJRVdFUiIsIlNZU1RFTSJdfQ.nSENNpNY72ELoHTD5i34y4RXQHrrZGPHZwO5QRDsnaU'

Use the Get privileges for role endpoint to view which privileges are assigned to a specific role.

Shell (bash)

curl -L -X GET 'https://auth-api.sandbox.tuumplatform.com/api/v1/roles/TEST_ROLE/privileges' \
-H 'x-auth-token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoiTGlpdmEgS2FzdCIsImVtcGxveWVlSWQiOiJJRC0xMDcxIiwidGVuYW50Q29kZSI6Ik1CIiwiZXhwaXJ5RFRpbWUiOiIyMDI1LTEyLTE2VDE1OjM0OjQ0IiwiZXhwIjoxNzY1ODk5Mjg0LCJyb2xlcyI6WyJBRE1JTiIsIkRBU0hCT0FSRF9CQUxBTkNFX1ZJRVdFUiIsIlNZU1RFTSJdfQ.qz_NGIwMG9dVgo4ANtozC55JZWWcu5-S-Weyth-GuD0'

Use the Add privileges for role endpoint to add privileges to the specific role.

Shell (bash)

curl -L -X POST 'https://auth-api.sandbox.tuumplatform.com/api/v1/roles/TEST_ROLE/privileges/add' \
-H 'x-auth-token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoiTGlpdmEgS2FzdCIsImVtcGxveWVlSWQiOiJJRC0xMDcxIiwidGVuYW50Q29kZSI6Ik1CIiwiZXhwaXJ5RFRpbWUiOiIyMDI1LTEyLTE2VDE1OjM0OjQ0IiwiZXhwIjoxNzY1ODk5Mjg0LCJyb2xlcyI6WyJBRE1JTiIsIkRBU0hCT0FSRF9CQUxBTkNFX1ZJRVdFUiIsIlNZU1RFTSJdfQ.qz_NGIwMG9dVgo4ANtozC55JZWWcu5-S-Weyth-GuD0' \
-H 'Content-Type: application/json' \
-d '{
  "privileges": [
    "VIEW_CARD_ACCOUNT_RESERVATION",
    "CREATE_CARD_ACCOUNT_TRANSACTION"
  ]
}'

Use the Remove privilege endpoint to remove a specific privilege assigned to a role.

Shell (bash)

curl -L -X DELETE 'https://auth-api.sandbox.tuumplatform.com/api/v1/roles/TEST_ROLE/privileges/ADD_PERSON_FILE' \
-H 'x-auth-token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoiTGlpdmEgS2FzdCIsImVtcGxveWVlSWQiOiJJRC0xMDcxIiwidGVuYW50Q29kZSI6Ik1CIiwiZXhwaXJ5RFRpbWUiOiIyMDI1LTEyLTE3VDA4OjM0OjQwIiwiZXhwIjoxNzY1OTYwNDgwLCJyb2xlcyI6WyJBRE1JTiIsIkRBU0hCT0FSRF9CQUxBTkNFX1ZJRVdFUiIsIlNZU1RFTSJdfQ.MBWti-6sr0YKMF10kNc4Ah7bP_GjL_koY6UX6Bq0q1w' \
-d ''

Use the Remove privileges endpoint to remove multiple privileges from a role.

Shell (bash)

curl -L -X DELETE 'https://auth-api.sandbox.tuumplatform.com/api/v1/roles/TEST_ROLE/privileges' \
-H 'x-auth-token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoiTGlpdmEgS2FzdCIsImVtcGxveWVlSWQiOiJJRC0xMDcxIiwidGVuYW50Q29kZSI6Ik1CIiwiZXhwaXJ5RFRpbWUiOiIyMDI1LTEyLTE3VDA4OjM0OjQwIiwiZXhwIjoxNzY1OTYwNDgwLCJyb2xlcyI6WyJBRE1JTiIsIkRBU0hCT0FSRF9CQUxBTkNFX1ZJRVdFUiIsIlNZU1RFTSJdfQ.MBWti-6sr0YKMF10kNc4Ah7bP_GjL_koY6UX6Bq0q1w' \
-H 'Content-Type: application/json' \
-d '{
  "privileges": [
    "VIEW_CARD_ACCOUNT_RESERVATION",
    "CREATE_CARD_ACCOUNT_TRANSACTION"
  ]
}'

Delete role

Use the Delete role endpoint to remove a specific role.

Shell (bash)

curl -L -X DELETE 'https://auth-api.sandbox.tuumplatform.com/api/v1/roles/TEST_ROLE_2' \
-H 'x-auth-token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoiTGlpdmEgS2FzdCIsImVtcGxveWVlSWQiOiJJRC0xMDcxIiwidGVuYW50Q29kZSI6Ik1CIiwiZXhwaXJ5RFRpbWUiOiIyMDI1LTEyLTE3VDA4OjM0OjQwIiwiZXhwIjoxNzY1OTYwNDgwLCJyb2xlcyI6WyJBRE1JTiIsIkRBU0hCT0FSRF9CQUxBTkNFX1ZJRVdFUiIsIlNZU1RFTSJdfQ.MBWti-6sr0YKMF10kNc4Ah7bP_GjL_koY6UX6Bq0q1w' \
-d ''

PreviousPrivileges NextCreate employee

Last updated 2 months ago

Was this helpful?

Good morning

hashtagPredefined roles

hashtagCreate roles

hashtagManage roles

hashtagDelete role

Predefined roles

Create roles

Manage roles

Delete role