Application Permissions

The following permissions are granted by default to users with Administartor and Managerial roles.

All other roles must be explicitly assigned the necessary permissions as stated below.

Making a request to lgfapi requires both user authorization and one or more of the following CRUD application-level permissions to access the corresponding HTTP methods.

These permissions are configurable at the group-level for each user.

Making a request to lgfapi not only requires user authorization, but also one or more of the CRUD application-level permission to access the supported HTTP methods. These are configurable in the user’s group-level permissions.

• “lgfapi_read_access” – GET, HEAD
• “lgfapi_create_access” – POST
• “lgfapi_update_access” – PATCH
• “lgfapi_delete_access” – DELETE

It’s recommended to create dedicated user(s) with appropriate lgfapi permissions and different facility/company eligibility to protect the integrity of your data. For instance, it is safe to give users read access but may not be appropriate to grant them permission to create or modify data.

The legacy API permission, “can_run_ws_stage_interface”, has been replaced by the new permission, “lgfapi_update_access”. This permission now applies to both lgfapi and the legacy APIs. For legacy API’s, this is the singular permission required to access all APIs. For lgfapi, this is one of several new permissions used to control user access.