Roles and permissions

AI-generated Key Takeaways

The SAS Portal API uses roles to control user permissions, with role_admin for administrative tasks and role_cpi for Certified Professional Installers.
Initially, an Admin user is automatically assigned during sign-up and can manage other users and their roles.
CPI users need to validate their certification using the ValidateInstaller() method to utilize the SignDevice() method for CBSD installations.
Both role_admin and role_cpi have access to a range of methods like GetCustomer(), ListDevices(), and UpdateDevice(), while SignDevice() is exclusive to validated role_cpi users.
Currently, user role assignment is handled by the SAS API Support team, and requests should be sent to sas-api-support@google.com.

The SAS Portal API has several roles, defined below, each of which gives a user permission to make certain API calls. Roles are assigned to the user's Google Account.

The first user of a SAS customer's organization is the Admin, who's automatically added during the sign-up process. The Admin can then add other users and assign them roles, including the Admin role.

User roles

There are two roles that can be assigned to users:

role_admin

This role has full administrative privileges for all of the child resources under the parent resource to which it has been granted access. They set up the organization's structure within the SAS Portal and manage user access.

role_cpi

This role is for users that are Certified Professional Installers (CPIs). To claim this role, users need to prove that they have an active CPI certification. They do so with the ValidateInstaller() method. Only users with a validated role_cpi role can use the SignDevice() method to submit the installation parameters of CBSDs that require CPI installation.

Methods

The following table shows which roles can use each type of method:

Methods	Roles
`GetCustomer()`	`role_admin` `role_cpi`
`ListCustomers()`	`role_admin` `role_cpi`
`CreateDevice()`	`role_admin` `role_cpi`
`GetDevice()`	`role_admin` `role_cpi`
`ListDevices()`	`role_admin` `role_cpi`
`UpdateDevice()`	`role_admin` `role_cpi`
`CreateSignedDevice()`	`role_admin` `role_cpi`
`UpdateSignedDevice()`	`role_admin` `role_cpi`
`GenerateSecret()`	`role_admin` `role_cpi`
`ValidateInstaller()`	`role_admin` `role_cpi`
`SignDevice()`	`role_cpi` (validated)