@epilot/sdk 2.0.0-beta.3 → 2.0.0-beta.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (189) hide show
  1. package/definitions/access-token-runtime.json +1 -0
  2. package/definitions/access-token.json +663 -0
  3. package/definitions/address-runtime.json +1 -0
  4. package/definitions/address-suggestions-runtime.json +1 -0
  5. package/definitions/address-suggestions.json +582 -0
  6. package/definitions/address.json +578 -0
  7. package/definitions/ai-agents-runtime.json +1 -0
  8. package/definitions/ai-agents.json +1711 -0
  9. package/definitions/app-runtime.json +1 -0
  10. package/definitions/app.json +4443 -0
  11. package/definitions/audit-logs-runtime.json +1 -0
  12. package/definitions/audit-logs.json +305 -0
  13. package/definitions/automation-runtime.json +1 -0
  14. package/definitions/automation.json +4850 -0
  15. package/definitions/billing-runtime.json +1 -0
  16. package/definitions/billing.json +837 -0
  17. package/definitions/blueprint-manifest-runtime.json +1 -0
  18. package/definitions/blueprint-manifest.json +3376 -0
  19. package/definitions/consent-runtime.json +1 -0
  20. package/definitions/consent.json +344 -0
  21. package/definitions/customer-portal-runtime.json +1 -0
  22. package/definitions/customer-portal.json +15000 -0
  23. package/definitions/dashboard-runtime.json +1 -0
  24. package/definitions/dashboard.json +484 -0
  25. package/definitions/data-management-runtime.json +1 -0
  26. package/definitions/data-management.json +962 -0
  27. package/definitions/deduplication-runtime.json +1 -0
  28. package/definitions/deduplication.json +183 -0
  29. package/definitions/design-runtime.json +1 -0
  30. package/definitions/design.json +1423 -0
  31. package/definitions/document-runtime.json +1 -0
  32. package/definitions/document.json +758 -0
  33. package/definitions/email-settings-runtime.json +1 -0
  34. package/definitions/email-settings.json +2627 -0
  35. package/definitions/email-template-runtime.json +1 -0
  36. package/definitions/email-template.json +1419 -0
  37. package/definitions/entity-mapping-runtime.json +1 -0
  38. package/definitions/entity-mapping.json +1642 -0
  39. package/definitions/entity-runtime.json +1 -0
  40. package/definitions/entity.json +10074 -0
  41. package/definitions/environments-runtime.json +1 -0
  42. package/definitions/environments.json +363 -0
  43. package/definitions/erp-integration-runtime.json +1 -0
  44. package/definitions/erp-integration.json +5845 -0
  45. package/definitions/event-catalog-runtime.json +1 -0
  46. package/definitions/event-catalog.json +1051 -0
  47. package/definitions/file-runtime.json +1 -0
  48. package/definitions/file.json +2842 -0
  49. package/definitions/iban-runtime.json +1 -0
  50. package/definitions/iban.json +132 -0
  51. package/definitions/journey-runtime.json +1 -0
  52. package/definitions/journey.json +2341 -0
  53. package/definitions/kanban-runtime.json +1 -0
  54. package/definitions/kanban.json +929 -0
  55. package/definitions/message-runtime.json +1 -0
  56. package/definitions/message.json +2660 -0
  57. package/definitions/metering-runtime.json +1 -0
  58. package/definitions/metering.json +2321 -0
  59. package/definitions/notes-runtime.json +1 -0
  60. package/definitions/notes.json +1531 -0
  61. package/definitions/notification-runtime.json +1 -0
  62. package/definitions/notification.json +1425 -0
  63. package/definitions/organization-runtime.json +1 -0
  64. package/definitions/organization.json +629 -0
  65. package/definitions/partner-directory-runtime.json +1 -0
  66. package/definitions/partner-directory.json +1718 -0
  67. package/definitions/permissions-runtime.json +1 -0
  68. package/definitions/permissions.json +1480 -0
  69. package/definitions/pricing-runtime.json +1 -0
  70. package/definitions/pricing-tier-runtime.json +1 -0
  71. package/definitions/pricing-tier.json +105 -0
  72. package/definitions/pricing.json +9884 -0
  73. package/definitions/purpose-runtime.json +1 -0
  74. package/definitions/purpose.json +524 -0
  75. package/definitions/sandbox-runtime.json +1 -0
  76. package/definitions/sandbox.json +453 -0
  77. package/definitions/submission-runtime.json +1 -0
  78. package/definitions/submission.json +313 -0
  79. package/definitions/targeting-runtime.json +1 -0
  80. package/definitions/targeting.json +1474 -0
  81. package/definitions/template-variables-runtime.json +1 -0
  82. package/definitions/template-variables.json +1408 -0
  83. package/definitions/user-runtime.json +1 -0
  84. package/definitions/user.json +2408 -0
  85. package/definitions/validation-rules-runtime.json +1 -0
  86. package/definitions/validation-rules.json +1491 -0
  87. package/definitions/webhooks-runtime.json +1 -0
  88. package/definitions/webhooks.json +1525 -0
  89. package/definitions/workflow-definition-runtime.json +1 -0
  90. package/definitions/workflow-definition.json +3417 -0
  91. package/definitions/workflow-runtime.json +1 -0
  92. package/definitions/workflow.json +4106 -0
  93. package/dist/apis/access-token.cjs +13 -84
  94. package/dist/apis/access-token.js +11 -82
  95. package/dist/apis/address-suggestions.cjs +13 -127
  96. package/dist/apis/address-suggestions.js +11 -125
  97. package/dist/apis/address.cjs +13 -79
  98. package/dist/apis/address.js +11 -77
  99. package/dist/apis/ai-agents.cjs +13 -210
  100. package/dist/apis/ai-agents.js +11 -208
  101. package/dist/apis/app.cjs +13 -568
  102. package/dist/apis/app.js +11 -566
  103. package/dist/apis/audit-logs.cjs +13 -50
  104. package/dist/apis/audit-logs.js +11 -48
  105. package/dist/apis/automation.cjs +13 -277
  106. package/dist/apis/automation.js +11 -275
  107. package/dist/apis/billing.cjs +13 -170
  108. package/dist/apis/billing.js +11 -168
  109. package/dist/apis/blueprint-manifest.cjs +13 -499
  110. package/dist/apis/blueprint-manifest.js +11 -497
  111. package/dist/apis/consent.cjs +13 -79
  112. package/dist/apis/consent.js +11 -77
  113. package/dist/apis/customer-portal.cjs +13 -2247
  114. package/dist/apis/customer-portal.js +11 -2245
  115. package/dist/apis/dashboard.cjs +13 -79
  116. package/dist/apis/dashboard.js +11 -77
  117. package/dist/apis/data-management.cjs +13 -235
  118. package/dist/apis/data-management.js +11 -233
  119. package/dist/apis/deduplication.cjs +13 -37
  120. package/dist/apis/deduplication.js +11 -35
  121. package/dist/apis/design.cjs +13 -214
  122. package/dist/apis/design.js +11 -212
  123. package/dist/apis/document.cjs +13 -73
  124. package/dist/apis/document.js +11 -71
  125. package/dist/apis/email-settings.cjs +13 -528
  126. package/dist/apis/email-settings.js +11 -526
  127. package/dist/apis/email-template.cjs +13 -117
  128. package/dist/apis/email-template.js +11 -115
  129. package/dist/apis/entity-mapping.cjs +13 -210
  130. package/dist/apis/entity-mapping.js +11 -208
  131. package/dist/apis/entity.cjs +13 -1595
  132. package/dist/apis/entity.js +11 -1593
  133. package/dist/apis/environments.cjs +13 -66
  134. package/dist/apis/environments.js +11 -64
  135. package/dist/apis/erp-integration.cjs +13 -581
  136. package/dist/apis/erp-integration.js +11 -579
  137. package/dist/apis/event-catalog.cjs +13 -125
  138. package/dist/apis/event-catalog.js +11 -123
  139. package/dist/apis/file.cjs +13 -568
  140. package/dist/apis/file.js +11 -566
  141. package/dist/apis/iban.cjs +13 -38
  142. package/dist/apis/iban.js +11 -36
  143. package/dist/apis/journey.cjs +13 -265
  144. package/dist/apis/journey.js +11 -263
  145. package/dist/apis/kanban.cjs +13 -159
  146. package/dist/apis/kanban.js +11 -157
  147. package/dist/apis/message.cjs +13 -668
  148. package/dist/apis/message.js +11 -666
  149. package/dist/apis/metering.cjs +13 -394
  150. package/dist/apis/metering.js +11 -392
  151. package/dist/apis/notes.cjs +13 -214
  152. package/dist/apis/notes.js +11 -212
  153. package/dist/apis/notification.cjs +13 -232
  154. package/dist/apis/notification.js +11 -230
  155. package/dist/apis/organization.cjs +13 -113
  156. package/dist/apis/organization.js +11 -111
  157. package/dist/apis/partner-directory.cjs +13 -277
  158. package/dist/apis/partner-directory.js +11 -275
  159. package/dist/apis/permissions.cjs +13 -173
  160. package/dist/apis/permissions.js +11 -171
  161. package/dist/apis/pricing-tier.cjs +14 -32
  162. package/dist/apis/pricing-tier.js +11 -29
  163. package/dist/apis/pricing.cjs +13 -434
  164. package/dist/apis/pricing.js +11 -432
  165. package/dist/apis/purpose.cjs +13 -175
  166. package/dist/apis/purpose.js +11 -173
  167. package/dist/apis/sandbox.cjs +13 -95
  168. package/dist/apis/sandbox.js +11 -93
  169. package/dist/apis/submission.cjs +13 -50
  170. package/dist/apis/submission.js +11 -48
  171. package/dist/apis/targeting.cjs +13 -270
  172. package/dist/apis/targeting.js +11 -268
  173. package/dist/apis/template-variables.cjs +13 -154
  174. package/dist/apis/template-variables.js +11 -152
  175. package/dist/apis/user.cjs +13 -483
  176. package/dist/apis/user.js +11 -481
  177. package/dist/apis/validation-rules.cjs +13 -115
  178. package/dist/apis/validation-rules.js +11 -113
  179. package/dist/apis/webhooks.cjs +13 -247
  180. package/dist/apis/webhooks.js +11 -245
  181. package/dist/apis/workflow-definition.cjs +13 -337
  182. package/dist/apis/workflow-definition.js +11 -335
  183. package/dist/apis/workflow.cjs +13 -397
  184. package/dist/apis/workflow.js +11 -395
  185. package/dist/{chunk-D7ICL3AM.cjs → chunk-5LXNSDG2.cjs} +51 -2
  186. package/dist/{chunk-DGCGLG7G.js → chunk-QMQNMCOC.js} +49 -0
  187. package/dist/index.cjs +56 -54
  188. package/dist/index.js +53 -51
  189. package/package.json +50 -3
package/definitions/permissions.json ADDED
@@ -0,0 +1,1480 @@
1
+ {
2
+ "openapi": "3.0.3",
3
+ "info": {
4
+ "title": "Permissions API",
5
+ "version": "1.2.0",
6
+ "description": "Flexible Role-based Access Control for epilot"
7
+ },
8
+ "tags": [
9
+ {
10
+ "name": "Roles",
11
+ "description": "Manage roles and grants"
12
+ },
13
+ {
14
+ "name": "Assignments",
15
+ "description": "Assign roles to users"
16
+ }
17
+ ],
18
+ "security": [
19
+ {
20
+ "EpilotAuth": []
21
+ },
22
+ {
23
+ "EpilotOrg": []
24
+ }
25
+ ],
26
+ "paths": {
27
+ "/v1/permissions/me": {
28
+ "get": {
29
+ "operationId": "listCurrentRoles",
30
+ "summary": "listCurrentRoles",
31
+ "description": "Returns roles and grants assigned to current user",
32
+ "tags": [
33
+ "Roles"
34
+ ],
35
+ "responses": {
36
+ "200": {
37
+ "description": "ok",
38
+ "content": {
39
+ "application/json": {
40
+ "schema": {
41
+ "type": "object",
42
+ "properties": {
43
+ "roles": {
44
+ "type": "array",
45
+ "items": {
46
+ "$ref": "#/components/schemas/Role"
47
+ }
48
+ }
49
+ }
50
+ }
51
+ }
52
+ }
53
+ }
54
+ }
55
+ }
56
+ },
57
+ "/v1/permissions/roles": {
58
+ "get": {
59
+ "operationId": "listAllRoles",
60
+ "summary": "listAllRoles",
61
+ "description": "Returns list of all roles in organization",
62
+ "tags": [
63
+ "Roles"
64
+ ],
65
+ "responses": {
66
+ "200": {
67
+ "description": "ok",
68
+ "content": {
69
+ "application/json": {
70
+ "schema": {
71
+ "type": "object",
72
+ "properties": {
73
+ "roles": {
74
+ "type": "array",
75
+ "items": {
76
+ "$ref": "#/components/schemas/Role"
77
+ }
78
+ }
79
+ }
80
+ }
81
+ }
82
+ }
83
+ }
84
+ }
85
+ },
86
+ "post": {
87
+ "operationId": "createRole",
88
+ "summary": "createRole",
89
+ "description": "Create role",
90
+ "tags": [
91
+ "Roles"
92
+ ],
93
+ "requestBody": {
94
+ "content": {
95
+ "application/json": {
96
+ "schema": {
97
+ "$ref": "#/components/schemas/CreateRolePayload"
98
+ }
99
+ }
100
+ }
101
+ },
102
+ "responses": {
103
+ "200": {
104
+ "description": "ok",
105
+ "content": {
106
+ "application/json": {
107
+ "schema": {
108
+ "$ref": "#/components/schemas/Role"
109
+ }
110
+ }
111
+ }
112
+ },
113
+ "400": {
114
+ "description": "Invalid role configuration",
115
+ "content": {
116
+ "application/json": {
117
+ "schema": {
118
+ "$ref": "#/components/schemas/Error"
119
+ },
120
+ "examples": {
121
+ "parent_role_invalid_type": {
122
+ "summary": "Parent role must be org_role or share_role",
123
+ "value": {
124
+ "message": "Parent role must be org_role or share_role, got user_role"
125
+ }
126
+ },
127
+ "parent_role_different_org": {
128
+ "summary": "Parent org_role must be in the same organization",
129
+ "value": {
130
+ "message": "Parent org_role must be in the same organization"
131
+ }
132
+ },
133
+ "parent_role_max_hierarchy": {
134
+ "summary": "Parent role cannot itself have a parent",
135
+ "value": {
136
+ "message": "Parent role cannot itself have a parent (max 2 levels of hierarchy)"
137
+ }
138
+ },
139
+ "circular_dependency_self": {
140
+ "summary": "Role cannot be its own parent",
141
+ "value": {
142
+ "message": "Role cannot be its own parent"
143
+ }
144
+ },
145
+ "circular_dependency_detected": {
146
+ "summary": "Circular dependency detected",
147
+ "value": {
148
+ "message": "Circular dependency detected: role 123:child would create a cycle"
149
+ }
150
+ }
151
+ }
152
+ }
153
+ }
154
+ },
155
+ "404": {
156
+ "description": "Parent role does not exist",
157
+ "content": {
158
+ "application/json": {
159
+ "schema": {
160
+ "$ref": "#/components/schemas/Error"
161
+ },
162
+ "examples": {
163
+ "parent_role_not_found": {
164
+ "summary": "Parent role does not exist",
165
+ "value": {
166
+ "message": "Parent role 123:nonexistent does not exist"
167
+ }
168
+ }
169
+ }
170
+ }
171
+ }
172
+ }
173
+ }
174
+ }
175
+ },
176
+ "/v1/permissions/roles:search": {
177
+ "post": {
178
+ "operationId": "searchRoles",
179
+ "summary": "searchRoles",
180
+ "description": "Search Roles",
181
+ "tags": [
182
+ "Roles"
183
+ ],
184
+ "requestBody": {
185
+ "content": {
186
+ "application/json": {
187
+ "schema": {
188
+ "$ref": "#/components/schemas/RoleSearchInput"
189
+ }
190
+ }
191
+ }
192
+ },
193
+ "responses": {
194
+ "200": {
195
+ "description": "ok",
196
+ "content": {
197
+ "application/json": {
198
+ "schema": {
199
+ "type": "object",
200
+ "properties": {
201
+ "hits": {
202
+ "type": "number"
203
+ },
204
+ "results": {
205
+ "type": "array",
206
+ "items": {
207
+ "$ref": "#/components/schemas/Role"
208
+ }
209
+ }
210
+ }
211
+ }
212
+ }
213
+ }
214
+ }
215
+ }
216
+ }
217
+ },
218
+ "/v1/permissions/roles/{roleId}": {
219
+ "get": {
220
+ "operationId": "getRole",
221
+ "summary": "getRole",
222
+ "description": "Get role by id",
223
+ "tags": [
224
+ "Roles"
225
+ ],
226
+ "parameters": [
227
+ {
228
+ "name": "roleId",
229
+ "in": "path",
230
+ "required": true,
231
+ "schema": {
232
+ "$ref": "#/components/schemas/RoleId"
233
+ }
234
+ }
235
+ ],
236
+ "responses": {
237
+ "200": {
238
+ "description": "ok",
239
+ "content": {
240
+ "application/json": {
241
+ "schema": {
242
+ "$ref": "#/components/schemas/Role"
243
+ }
244
+ }
245
+ }
246
+ }
247
+ }
248
+ },
249
+ "put": {
250
+ "operationId": "putRole",
251
+ "summary": "putRole",
252
+ "description": "Create or update role",
253
+ "tags": [
254
+ "Roles"
255
+ ],
256
+ "parameters": [
257
+ {
258
+ "name": "roleId",
259
+ "in": "path",
260
+ "required": true,
261
+ "schema": {
262
+ "$ref": "#/components/schemas/RoleId"
263
+ }
264
+ }
265
+ ],
266
+ "requestBody": {
267
+ "content": {
268
+ "application/json": {
269
+ "schema": {
270
+ "$ref": "#/components/schemas/RolePayload"
271
+ },
272
+ "x-examples": {
273
+ "User role: manager": {
274
+ "description": "Example manager role",
275
+ "value": {
276
+ "id": "123:manager",
277
+ "name": "Manager",
278
+ "slug": "manager",
279
+ "type": "user_role",
280
+ "organization_id": "123",
281
+ "grants": [
282
+ {
283
+ "action": "entity:view",
284
+ "resource": "*"
285
+ },
286
+ {
287
+ "action": "entity:update",
288
+ "resource": "*"
289
+ },
290
+ {
291
+ "action": "user:view"
292
+ },
293
+ {
294
+ "action": "user:invite"
295
+ },
296
+ {
297
+ "action": "role:view"
298
+ },
299
+ {
300
+ "action": "role:create"
301
+ },
302
+ {
303
+ "action": "role:assign"
304
+ },
305
+ {
306
+ "action": "entity:view",
307
+ "resource": "file:*",
308
+ "conditions": [
309
+ {
310
+ "attribute": "_tags",
311
+ "operation": "equals",
312
+ "values": [
313
+ "offer",
314
+ "contract"
315
+ ]
316
+ }
317
+ ]
318
+ },
319
+ {
320
+ "action": "message:view",
321
+ "dependencies": [
322
+ {
323
+ "action": "entity:view",
324
+ "resource": "message*"
325
+ },
326
+ {
327
+ "action": "entity:view",
328
+ "resource": "thread*"
329
+ }
330
+ ]
331
+ },
332
+ {
333
+ "action": "message:send",
334
+ "dependencies": [
335
+ {
336
+ "action": "entity:*",
337
+ "resource": "message*"
338
+ },
339
+ {
340
+ "action": "entity:*",
341
+ "resource": "thread*"
342
+ }
343
+ ]
344
+ },
345
+ {
346
+ "action": "workflow:*"
347
+ }
348
+ ]
349
+ }
350
+ },
351
+ "User role: employee": {
352
+ "description": "Example employee role",
353
+ "value": {
354
+ "id": "123:employee",
355
+ "name": "Employee",
356
+ "slug": "employee",
357
+ "type": "user_role",
358
+ "organization_id": "123",
359
+ "grants": [
360
+ {
361
+ "action": "entity:view",
362
+ "resource": "*"
363
+ },
364
+ {
365
+ "action": "entity:update",
366
+ "resource": "*"
367
+ },
368
+ {
369
+ "action": "user:view"
370
+ },
371
+ {
372
+ "action": "message:view",
373
+ "dependencies": [
374
+ {
375
+ "action": "entity:view",
376
+ "resource": "message*"
377
+ },
378
+ {
379
+ "action": "entity:view",
380
+ "resource": "thread*"
381
+ }
382
+ ]
383
+ },
384
+ {
385
+ "action": "message:send",
386
+ "dependencies": [
387
+ {
388
+ "action": "entity:*",
389
+ "resource": "message*"
390
+ },
391
+ {
392
+ "action": "entity:*",
393
+ "resource": "thread*"
394
+ }
395
+ ]
396
+ },
397
+ {
398
+ "action": "workflow:execution:*"
399
+ }
400
+ ]
401
+ }
402
+ },
403
+ "User role: administrator": {
404
+ "description": "Example administrator role",
405
+ "value": {
406
+ "id": "123:administrator",
407
+ "name": "Administrator",
408
+ "slug": "administrator",
409
+ "type": "user_role",
410
+ "organization_id": "123",
411
+ "grants": [
412
+ {
413
+ "action": "*",
414
+ "resource": "*"
415
+ }
416
+ ]
417
+ }
418
+ },
419
+ "Organization root role": {
420
+ "description": "Example organization root role. Must be satisifed for all org queries.",
421
+ "value": {
422
+ "id": "123:root",
423
+ "name": "Organization root role",
424
+ "slug": "root",
425
+ "type": "org_role",
426
+ "organization_id": "123",
427
+ "grants": [
428
+ {
429
+ "action": "*",
430
+ "resource": "*"
431
+ },
432
+ {
433
+ "action": "webhook:*",
434
+ "effect": "deny"
435
+ }
436
+ ]
437
+ }
438
+ },
439
+ "Share role": {
440
+ "description": "Example share role. This can be assigned to users in other organizations",
441
+ "value": {
442
+ "id": "123:example_share_role",
443
+ "name": "Example opportunity share role",
444
+ "slug": "example_share_role",
445
+ "type": "share_role",
446
+ "organization_id": "123",
447
+ "grants": [
448
+ {
449
+ "action": "entity:view",
450
+ "resource": "opportunity:123456"
451
+ },
452
+ {
453
+ "action": "entity:edit",
454
+ "resource": "opportunity:123456"
455
+ },
456
+ {
457
+ "action": "workflow:execution:*"
458
+ },
459
+ {
460
+ "action": "message:*"
461
+ },
462
+ {
463
+ "action": "entity:*",
464
+ "resource": "message*"
465
+ },
466
+ {
467
+ "action": "entity:*",
468
+ "resource": "thread*"
469
+ }
470
+ ]
471
+ }
472
+ },
473
+ "Partner role": {
474
+ "description": "Example partner role. This can be given to a partner organization, who can then assign it to their users",
475
+ "value": {
476
+ "id": "123:example_partner_role",
477
+ "name": "Example opportunity share role",
478
+ "slug": "example_partner_role",
479
+ "type": "partner_role",
480
+ "organization_id": "123",
481
+ "partner_org_id": "456",
482
+ "grants": [
483
+ {
484
+ "action": "entity:view",
485
+ "resource": "opportunity*"
486
+ },
487
+ {
488
+ "action": "entity:edit",
489
+ "resource": "opportunity*"
490
+ },
491
+ {
492
+ "action": "workflow:execution:*"
493
+ },
494
+ {
495
+ "action": "message:*"
496
+ },
497
+ {
498
+ "action": "entity:*",
499
+ "resource": "message*"
500
+ },
501
+ {
502
+ "action": "entity:*",
503
+ "resource": "thread*"
504
+ }
505
+ ]
506
+ }
507
+ },
508
+ "Portal role": {
509
+ "description": "Example portal role. Implicitly used by end users of portals",
510
+ "value": {
511
+ "id": "123:default_end_customer_portal_role",
512
+ "name": "Default End Customer Portal Role",
513
+ "slug": "default_end_customer_portal_role",
514
+ "type": "portal_role",
515
+ "organization_id": "123",
516
+ "grants": [
517
+ {
518
+ "action": "entity:attribute:view",
519
+ "resource": "contact:*/*"
520
+ },
521
+ {
522
+ "action": "entity:edit",
523
+ "resource": "opportunity*"
524
+ }
525
+ ]
526
+ }
527
+ },
528
+ "User role with parent": {
529
+ "description": "Example user role that inherits from a parent role",
530
+ "value": {
531
+ "id": "123:limited_manager",
532
+ "name": "Limited Manager",
533
+ "slug": "limited_manager",
534
+ "type": "user_role",
535
+ "organization_id": "123",
536
+ "parent_role": "123:manager",
537
+ "grants": [
538
+ {
539
+ "action": "entity:view",
540
+ "resource": "contact:*"
541
+ },
542
+ {
543
+ "action": "entity:edit",
544
+ "resource": "contact:*"
545
+ }
546
+ ]
547
+ }
548
+ }
549
+ }
550
+ }
551
+ }
552
+ },
553
+ "responses": {
554
+ "200": {
555
+ "description": "ok",
556
+ "content": {
557
+ "application/json": {
558
+ "schema": {
559
+ "$ref": "#/components/schemas/Role"
560
+ }
561
+ }
562
+ }
563
+ },
564
+ "400": {
565
+ "description": "Bad Request - Invalid role configuration",
566
+ "content": {
567
+ "application/json": {
568
+ "schema": {
569
+ "$ref": "#/components/schemas/Error"
570
+ },
571
+ "examples": {
572
+ "parent_role_invalid_type": {
573
+ "summary": "Parent role must be org_role or share_role",
574
+ "value": {
575
+ "message": "Parent role must be org_role or share_role, got user_role"
576
+ }
577
+ },
578
+ "parent_role_different_org": {
579
+ "summary": "Parent org_role must be in the same organization",
580
+ "value": {
581
+ "message": "Parent org_role must be in the same organization"
582
+ }
583
+ },
584
+ "parent_role_max_hierarchy": {
585
+ "summary": "Parent role cannot itself have a parent",
586
+ "value": {
587
+ "message": "Parent role cannot itself have a parent (max 2 levels of hierarchy)"
588
+ }
589
+ },
590
+ "circular_dependency_self": {
591
+ "summary": "Role cannot be its own parent",
592
+ "value": {
593
+ "message": "Role cannot be its own parent"
594
+ }
595
+ },
596
+ "circular_dependency_detected": {
597
+ "summary": "Circular dependency detected",
598
+ "value": {
599
+ "message": "Circular dependency detected: role 123:child would create a cycle"
600
+ }
601
+ }
602
+ }
603
+ }
604
+ }
605
+ },
606
+ "404": {
607
+ "description": "Not Found - Parent role does not exist",
608
+ "content": {
609
+ "application/json": {
610
+ "schema": {
611
+ "$ref": "#/components/schemas/Error"
612
+ },
613
+ "examples": {
614
+ "parent_role_not_found": {
615
+ "summary": "Parent role does not exist",
616
+ "value": {
617
+ "message": "Parent role 123:nonexistent does not exist"
618
+ }
619
+ }
620
+ }
621
+ }
622
+ }
623
+ }
624
+ }
625
+ },
626
+ "delete": {
627
+ "operationId": "deleteRole",
628
+ "summary": "deleteRole",
629
+ "description": "Delete role by id",
630
+ "tags": [
631
+ "Roles"
632
+ ],
633
+ "parameters": [
634
+ {
635
+ "name": "roleId",
636
+ "in": "path",
637
+ "required": true,
638
+ "schema": {
639
+ "$ref": "#/components/schemas/RoleId"
640
+ }
641
+ }
642
+ ],
643
+ "responses": {
644
+ "200": {
645
+ "description": "ok",
646
+ "content": {
647
+ "application/json": {
648
+ "schema": {
649
+ "$ref": "#/components/schemas/Role"
650
+ }
651
+ }
652
+ }
653
+ }
654
+ }
655
+ }
656
+ },
657
+ "/v1/permissions/refresh": {
658
+ "get": {
659
+ "operationId": "refreshPermissions",
660
+ "summary": "refreshPermissions",
661
+ "description": "Makes sure the user has a role in the organization",
662
+ "tags": [
663
+ "Roles"
664
+ ],
665
+ "responses": {
666
+ "200": {
667
+ "description": "Refreshed succesfully"
668
+ }
669
+ }
670
+ }
671
+ },
672
+ "/v1/permissions/assignments/{userId}": {
673
+ "get": {
674
+ "operationId": "getAssignedRolesForUser",
675
+ "summary": "getAssignedRolesForUser",
676
+ "description": "Get list of assigned roles by user id",
677
+ "tags": [
678
+ "Assignments"
679
+ ],
680
+ "parameters": [
681
+ {
682
+ "name": "userId",
683
+ "in": "path",
684
+ "required": true,
685
+ "schema": {
686
+ "$ref": "#/components/schemas/UserId"
687
+ }
688
+ }
689
+ ],
690
+ "responses": {
691
+ "200": {
692
+ "description": "ok",
693
+ "content": {
694
+ "application/json": {
695
+ "schema": {
696
+ "$ref": "#/components/schemas/Assignments"
697
+ }
698
+ }
699
+ }
700
+ }
701
+ }
702
+ },
703
+ "put": {
704
+ "operationId": "assignRoles",
705
+ "summary": "assignRoles",
706
+ "description": "Assign / unassign roles to users.",
707
+ "tags": [
708
+ "Assignments"
709
+ ],
710
+ "parameters": [
711
+ {
712
+ "name": "userId",
713
+ "in": "path",
714
+ "required": true,
715
+ "schema": {
716
+ "$ref": "#/components/schemas/UserId"
717
+ }
718
+ }
719
+ ],
720
+ "requestBody": {
721
+ "content": {
722
+ "application/json": {
723
+ "schema": {
724
+ "$ref": "#/components/schemas/Assignments"
725
+ }
726
+ }
727
+ }
728
+ },
729
+ "responses": {
730
+ "200": {
731
+ "description": "ok",
732
+ "content": {
733
+ "application/json": {
734
+ "schema": {
735
+ "$ref": "#/components/schemas/Assignments"
736
+ }
737
+ }
738
+ }
739
+ }
740
+ }
741
+ }
742
+ },
743
+ "/v1/permissions/assignments/{userId}/{roleId}": {
744
+ "post": {
745
+ "operationId": "addAssignment",
746
+ "summary": "addAssignment",
747
+ "description": "Assign a user to a role.\n\nUse the `x-epilot-org-id` header to assign share roles to users in other orgs\n",
748
+ "tags": [
749
+ "Assignments"
750
+ ],
751
+ "parameters": [
752
+ {
753
+ "name": "userId",
754
+ "in": "path",
755
+ "required": true,
756
+ "schema": {
757
+ "$ref": "#/components/schemas/UserId"
758
+ }
759
+ },
760
+ {
761
+ "name": "roleId",
762
+ "in": "path",
763
+ "required": true,
764
+ "schema": {
765
+ "$ref": "#/components/schemas/RoleId"
766
+ }
767
+ }
768
+ ],
769
+ "responses": {
770
+ "201": {
771
+ "description": "ok",
772
+ "content": {
773
+ "application/json": {
774
+ "schema": {
775
+ "$ref": "#/components/schemas/Assignment"
776
+ }
777
+ }
778
+ }
779
+ }
780
+ }
781
+ },
782
+ "delete": {
783
+ "operationId": "removeAssignment",
784
+ "summary": "removeAssignment",
785
+ "description": "Remove role assignment from user",
786
+ "tags": [
787
+ "Assignments"
788
+ ],
789
+ "parameters": [
790
+ {
791
+ "name": "userId",
792
+ "in": "path",
793
+ "required": true,
794
+ "schema": {
795
+ "$ref": "#/components/schemas/UserId"
796
+ }
797
+ },
798
+ {
799
+ "name": "roleId",
800
+ "in": "path",
801
+ "required": true,
802
+ "schema": {
803
+ "$ref": "#/components/schemas/RoleId"
804
+ }
805
+ }
806
+ ],
807
+ "responses": {
808
+ "200": {
809
+ "description": "ok",
810
+ "content": {
811
+ "application/json": {
812
+ "schema": {
813
+ "$ref": "#/components/schemas/Assignment"
814
+ }
815
+ }
816
+ }
817
+ }
818
+ }
819
+ }
820
+ },
821
+ "/v1/permissions/assignments": {
822
+ "get": {
823
+ "operationId": "listAllAssignments",
824
+ "summary": "listAllAssignments",
825
+ "description": "Returns list of all assignments in organization",
826
+ "tags": [
827
+ "Assignments"
828
+ ],
829
+ "responses": {
830
+ "200": {
831
+ "description": "ok",
832
+ "content": {
833
+ "application/json": {
834
+ "schema": {
835
+ "type": "object",
836
+ "properties": {
837
+ "assignments": {
838
+ "type": "array",
839
+ "items": {
840
+ "$ref": "#/components/schemas/Assignment"
841
+ }
842
+ }
843
+ }
844
+ }
845
+ }
846
+ }
847
+ }
848
+ }
849
+ }
850
+ }
851
+ },
852
+ "components": {
853
+ "securitySchemes": {
854
+ "EpilotAuth": {
855
+ "type": "http",
856
+ "scheme": "bearer",
857
+ "description": "Authorization header with epilot OAuth2 bearer token",
858
+ "bearerFormat": "JWT"
859
+ },
860
+ "EpilotOrg": {
861
+ "description": "Overrides the target organization to allow shared tenantaccess",
862
+ "name": "x-epilot-org-id",
863
+ "in": "header",
864
+ "type": "apiKey"
865
+ }
866
+ },
867
+ "schemas": {
868
+ "Grant": {
869
+ "type": "object",
870
+ "properties": {
871
+ "action": {
872
+ "type": "string",
873
+ "example": "entity-read"
874
+ },
875
+ "resource": {
876
+ "type": "string",
877
+ "example": "entity:123:contact:f7c22299-ca72-4bca-8538-0a88eeefc947"
878
+ },
879
+ "effect": {
880
+ "type": "string",
881
+ "default": "allow",
882
+ "enum": [
883
+ "allow",
884
+ "deny"
885
+ ]
886
+ },
887
+ "conditions": {
888
+ "type": "array",
889
+ "items": {
890
+ "$ref": "#/components/schemas/GrantCondition"
891
+ }
892
+ }
893
+ },
894
+ "required": [
895
+ "action"
896
+ ]
897
+ },
898
+ "GrantWithDependencies": {
899
+ "allOf": [
900
+ {
901
+ "$ref": "#/components/schemas/Grant"
902
+ },
903
+ {
904
+ "type": "object",
905
+ "properties": {
906
+ "dependencies": {
907
+ "description": "Provided additional dependencies, exploded when storing the role",
908
+ "type": "array",
909
+ "items": {
910
+ "$ref": "#/components/schemas/Grant"
911
+ }
912
+ }
913
+ }
914
+ }
915
+ ]
916
+ },
917
+ "GrantCondition": {
918
+ "allOf": [
919
+ {
920
+ "description": "An additional condition that must be met for the grant",
921
+ "type": "object",
922
+ "required": [
923
+ "operation"
924
+ ]
925
+ },
926
+ {
927
+ "anyOf": [
928
+ {
929
+ "$ref": "#/components/schemas/EqualsCondition"
930
+ }
931
+ ]
932
+ }
933
+ ]
934
+ },
935
+ "EqualsCondition": {
936
+ "description": "Check if attribute equals to any of the values",
937
+ "type": "object",
938
+ "properties": {
939
+ "attribute": {
940
+ "type": "string",
941
+ "example": "workflows.primary.task_name"
942
+ },
943
+ "operation": {
944
+ "type": "string",
945
+ "enum": [
946
+ "equals"
947
+ ]
948
+ },
949
+ "values": {
950
+ "type": "array",
951
+ "items": {
952
+ "example": "Qualification"
953
+ }
954
+ }
955
+ },
956
+ "required": [
957
+ "attribute",
958
+ "operation",
959
+ "values"
960
+ ]
961
+ },
962
+ "RoleId": {
963
+ "type": "string",
964
+ "example": "123:owner",
965
+ "description": "Format: <organization_id>:<slug>"
966
+ },
967
+ "BaseRole": {
968
+ "type": "object",
969
+ "properties": {
970
+ "id": {
971
+ "$ref": "#/components/schemas/RoleId"
972
+ },
973
+ "name": {
974
+ "type": "string",
975
+ "example": "Owner",
976
+ "description": "Human-friendly name for the role"
977
+ },
978
+ "slug": {
979
+ "type": "string",
980
+ "example": "owner",
981
+ "description": "URL-friendly name for the role"
982
+ },
983
+ "type": {
984
+ "type": "string",
985
+ "description": "Type of the role"
986
+ },
987
+ "expires_at": {
988
+ "type": "string",
989
+ "format": "date-time",
990
+ "example": "2028-07-21T17:32:28Z",
991
+ "description": "date and time then the role will expire"
992
+ },
993
+ "organization_id": {
994
+ "$ref": "#/components/schemas/OrganizationId"
995
+ },
996
+ "grants": {
997
+ "type": "array",
998
+ "items": {
999
+ "$ref": "#/components/schemas/Grant"
1000
+ },
1001
+ "description": "List of grants (permissions) applied to the role"
1002
+ }
1003
+ },
1004
+ "required": [
1005
+ "id",
1006
+ "name",
1007
+ "slug",
1008
+ "type",
1009
+ "organization_id",
1010
+ "grants"
1011
+ ]
1012
+ },
1013
+ "BaseRoleForCreate": {
1014
+ "type": "object",
1015
+ "properties": {
1016
+ "id": {
1017
+ "$ref": "#/components/schemas/RoleId"
1018
+ },
1019
+ "name": {
1020
+ "type": "string",
1021
+ "example": "Owner",
1022
+ "description": "Human-friendly name for the role"
1023
+ },
1024
+ "slug": {
1025
+ "type": "string",
1026
+ "example": "owner",
1027
+ "description": "URL-friendly name for the role"
1028
+ },
1029
+ "type": {
1030
+ "type": "string",
1031
+ "description": "Type of the role"
1032
+ },
1033
+ "expires_at": {
1034
+ "type": "string",
1035
+ "format": "date-time",
1036
+ "example": "2028-07-21T17:32:28Z",
1037
+ "description": "date and time then the role will expire"
1038
+ },
1039
+ "organization_id": {
1040
+ "$ref": "#/components/schemas/OrganizationId"
1041
+ },
1042
+ "grants": {
1043
+ "type": "array",
1044
+ "items": {
1045
+ "$ref": "#/components/schemas/Grant"
1046
+ },
1047
+ "description": "List of grants (permissions) applied to the role"
1048
+ }
1049
+ },
1050
+ "required": [
1051
+ "name",
1052
+ "slug",
1053
+ "type",
1054
+ "grants"
1055
+ ]
1056
+ },
1057
+ "UserRole": {
1058
+ "allOf": [
1059
+ {
1060
+ "$ref": "#/components/schemas/BaseRole"
1061
+ },
1062
+ {
1063
+ "description": "A standard user role. Must be explicitly assigned to users.",
1064
+ "properties": {
1065
+ "type": {
1066
+ "enum": [
1067
+ "user_role"
1068
+ ]
1069
+ },
1070
+ "parent_role": {
1071
+ "allOf": [
1072
+ {
1073
+ "$ref": "#/components/schemas/RoleId"
1074
+ },
1075
+ {
1076
+ "description": "Optional parent role that this role inherits from. Must be an `org_role` or `share_role`."
1077
+ }
1078
+ ]
1079
+ }
1080
+ }
1081
+ }
1082
+ ]
1083
+ },
1084
+ "OrgRole": {
1085
+ "allOf": [
1086
+ {
1087
+ "$ref": "#/components/schemas/BaseRole"
1088
+ },
1089
+ {
1090
+ "description": "A role automatically applied to all users in an organization.",
1091
+ "properties": {
1092
+ "type": {
1093
+ "enum": [
1094
+ "org_role"
1095
+ ]
1096
+ },
1097
+ "pricing_tier": {
1098
+ "type": "string",
1099
+ "description": "The pricing tier of the organization this root role is based on",
1100
+ "example": "Professional"
1101
+ }
1102
+ }
1103
+ }
1104
+ ]
1105
+ },
1106
+ "ShareRole": {
1107
+ "allOf": [
1108
+ {
1109
+ "$ref": "#/components/schemas/BaseRole"
1110
+ },
1111
+ {
1112
+ "description": "A role that can be assigned to users in other organizations for sharing purposes.",
1113
+ "properties": {
1114
+ "type": {
1115
+ "enum": [
1116
+ "share_role"
1117
+ ]
1118
+ }
1119
+ }
1120
+ }
1121
+ ]
1122
+ },
1123
+ "PartnerRole": {
1124
+ "allOf": [
1125
+ {
1126
+ "$ref": "#/components/schemas/BaseRole"
1127
+ },
1128
+ {
1129
+ "description": "A role that appears in another organization's role list that can be assigned but not modified by the partner organization.",
1130
+ "properties": {
1131
+ "type": {
1132
+ "enum": [
1133
+ "partner_role"
1134
+ ]
1135
+ },
1136
+ "partner_org_id": {
1137
+ "allOf": [
1138
+ {
1139
+ "description": "Partner organization who can assign this role to their users."
1140
+ },
1141
+ {
1142
+ "$ref": "#/components/schemas/OrganizationId"
1143
+ }
1144
+ ]
1145
+ },
1146
+ "vendor_enforced_user_limit": {
1147
+ "type": "integer",
1148
+ "readOnly": true,
1149
+ "description": "Maximum number of users that can be assigned this role (vendor-enforced limit, can only be set via internal auth)"
1150
+ }
1151
+ }
1152
+ }
1153
+ ]
1154
+ },
1155
+ "PortalRole": {
1156
+ "allOf": [
1157
+ {
1158
+ "$ref": "#/components/schemas/BaseRole"
1159
+ },
1160
+ {
1161
+ "description": "A role that is applied to end customers and installers using the Portals",
1162
+ "properties": {
1163
+ "type": {
1164
+ "enum": [
1165
+ "portal_role"
1166
+ ]
1167
+ }
1168
+ }
1169
+ }
1170
+ ]
1171
+ },
1172
+ "Role": {
1173
+ "oneOf": [
1174
+ {
1175
+ "$ref": "#/components/schemas/UserRole"
1176
+ },
1177
+ {
1178
+ "$ref": "#/components/schemas/OrgRole"
1179
+ },
1180
+ {
1181
+ "$ref": "#/components/schemas/ShareRole"
1182
+ },
1183
+ {
1184
+ "$ref": "#/components/schemas/PartnerRole"
1185
+ },
1186
+ {
1187
+ "$ref": "#/components/schemas/PortalRole"
1188
+ }
1189
+ ]
1190
+ },
1191
+ "RolePayload": {
1192
+ "allOf": [
1193
+ {
1194
+ "properties": {
1195
+ "grants": {
1196
+ "type": "array",
1197
+ "items": {
1198
+ "$ref": "#/components/schemas/GrantWithDependencies"
1199
+ }
1200
+ }
1201
+ }
1202
+ },
1203
+ {
1204
+ "oneOf": [
1205
+ {
1206
+ "$ref": "#/components/schemas/UserRole"
1207
+ },
1208
+ {
1209
+ "$ref": "#/components/schemas/OrgRole"
1210
+ },
1211
+ {
1212
+ "$ref": "#/components/schemas/ShareRole"
1213
+ },
1214
+ {
1215
+ "$ref": "#/components/schemas/PartnerRole"
1216
+ },
1217
+ {
1218
+ "$ref": "#/components/schemas/PortalRole"
1219
+ }
1220
+ ]
1221
+ }
1222
+ ]
1223
+ },
1224
+ "Assignment": {
1225
+ "type": "object",
1226
+ "description": "A role attached to an user",
1227
+ "properties": {
1228
+ "user_id": {
1229
+ "$ref": "#/components/schemas/UserId"
1230
+ },
1231
+ "roles": {
1232
+ "type": "array",
1233
+ "items": {
1234
+ "$ref": "#/components/schemas/RoleId"
1235
+ }
1236
+ }
1237
+ }
1238
+ },
1239
+ "InternalAssignment": {
1240
+ "type": "object",
1241
+ "description": "A role attached to an user",
1242
+ "properties": {
1243
+ "userId": {
1244
+ "$ref": "#/components/schemas/UserId"
1245
+ },
1246
+ "roles": {
1247
+ "type": "array",
1248
+ "items": {
1249
+ "$ref": "#/components/schemas/RoleId"
1250
+ }
1251
+ }
1252
+ }
1253
+ },
1254
+ "OrgAssignments": {
1255
+ "type": "object",
1256
+ "description": "All roles attached to an users of an organization",
1257
+ "properties": {
1258
+ "organizationId": {
1259
+ "$ref": "#/components/schemas/OrganizationId"
1260
+ },
1261
+ "assignments": {
1262
+ "type": "array",
1263
+ "items": {
1264
+ "$ref": "#/components/schemas/InternalAssignment"
1265
+ }
1266
+ }
1267
+ }
1268
+ },
1269
+ "OrgRoles": {
1270
+ "type": "object",
1271
+ "description": "All roles attached to an users of an organization",
1272
+ "properties": {
1273
+ "organizationId": {
1274
+ "$ref": "#/components/schemas/OrganizationId"
1275
+ },
1276
+ "roles": {
1277
+ "type": "array",
1278
+ "items": {
1279
+ "$ref": "#/components/schemas/Role"
1280
+ }
1281
+ }
1282
+ }
1283
+ },
1284
+ "Assignments": {
1285
+ "type": "array",
1286
+ "description": "List of role ids attached to an user",
1287
+ "items": {
1288
+ "$ref": "#/components/schemas/RoleId"
1289
+ }
1290
+ },
1291
+ "UserId": {
1292
+ "type": "string",
1293
+ "example": "1",
1294
+ "description": "Id of a user"
1295
+ },
1296
+ "OrganizationId": {
1297
+ "type": "string",
1298
+ "example": "123",
1299
+ "description": "Id of an organization"
1300
+ },
1301
+ "Slug": {
1302
+ "type": "string",
1303
+ "example": "owner",
1304
+ "description": "Slug of a role; for a role with id = 123:manager -> 123 is org_id & manager is slug"
1305
+ },
1306
+ "RoleSearchInput": {
1307
+ "type": "object",
1308
+ "properties": {
1309
+ "role_ids": {
1310
+ "type": "array",
1311
+ "description": "List of role ids to filter by",
1312
+ "example": [
1313
+ "123:manager",
1314
+ "456:owner"
1315
+ ],
1316
+ "items": {
1317
+ "$ref": "#/components/schemas/RoleId"
1318
+ }
1319
+ },
1320
+ "org_ids": {
1321
+ "type": "array",
1322
+ "description": "List of organization ids to filter by",
1323
+ "example": [
1324
+ "123",
1325
+ "456"
1326
+ ],
1327
+ "items": {
1328
+ "$ref": "#/components/schemas/OrganizationId"
1329
+ }
1330
+ },
1331
+ "slugs": {
1332
+ "type": "array",
1333
+ "description": "List of role slugs to filter by",
1334
+ "example": [
1335
+ "manager",
1336
+ "owner"
1337
+ ],
1338
+ "items": {
1339
+ "$ref": "#/components/schemas/Slug"
1340
+ }
1341
+ },
1342
+ "query": {
1343
+ "type": "string",
1344
+ "description": "Input to search across fields",
1345
+ "example": "Administrator"
1346
+ },
1347
+ "limit": {
1348
+ "type": "number",
1349
+ "description": "The Number of roles to return",
1350
+ "example": 1,
1351
+ "minimum": 1,
1352
+ "default": 50
1353
+ },
1354
+ "offset": {
1355
+ "type": "number",
1356
+ "description": "The number of roles to skip before starting to collect the result set",
1357
+ "example": 1,
1358
+ "minimum": 1,
1359
+ "default": 0
1360
+ }
1361
+ }
1362
+ },
1363
+ "CreateRolePayload": {
1364
+ "allOf": [
1365
+ {
1366
+ "properties": {
1367
+ "grants": {
1368
+ "type": "array",
1369
+ "items": {
1370
+ "$ref": "#/components/schemas/GrantWithDependencies"
1371
+ }
1372
+ }
1373
+ }
1374
+ },
1375
+ {
1376
+ "$ref": "#/components/schemas/BaseRoleForCreate"
1377
+ },
1378
+ {
1379
+ "oneOf": [
1380
+ {
1381
+ "description": "A standard user role. Must be explicitly assigned to users.",
1382
+ "properties": {
1383
+ "type": {
1384
+ "enum": [
1385
+ "user_role"
1386
+ ]
1387
+ },
1388
+ "parent_role": {
1389
+ "allOf": [
1390
+ {
1391
+ "$ref": "#/components/schemas/RoleId"
1392
+ },
1393
+ {
1394
+ "description": "Optional parent role that this role inherits from. Must be an `org_role` or a sharing role of type `share_role` or `partner_role`."
1395
+ }
1396
+ ]
1397
+ }
1398
+ }
1399
+ },
1400
+ {
1401
+ "description": "A role automatically applied to all users in an organization.",
1402
+ "properties": {
1403
+ "type": {
1404
+ "enum": [
1405
+ "org_role"
1406
+ ]
1407
+ },
1408
+ "pricing_tier": {
1409
+ "type": "string",
1410
+ "description": "The pricing tier of the organization this root role is based on",
1411
+ "example": "Professional"
1412
+ }
1413
+ }
1414
+ },
1415
+ {
1416
+ "description": "A role that can be assigned to users in other organizations for sharing purposes.",
1417
+ "properties": {
1418
+ "type": {
1419
+ "enum": [
1420
+ "share_role"
1421
+ ]
1422
+ }
1423
+ }
1424
+ },
1425
+ {
1426
+ "description": "A role that appears in another organization's role list that can be assigned but not modified by the partner organization.",
1427
+ "properties": {
1428
+ "type": {
1429
+ "enum": [
1430
+ "partner_role"
1431
+ ]
1432
+ },
1433
+ "partner_org_id": {
1434
+ "allOf": [
1435
+ {
1436
+ "description": "Partner organization who can assign this role to their users."
1437
+ },
1438
+ {
1439
+ "$ref": "#/components/schemas/OrganizationId"
1440
+ }
1441
+ ]
1442
+ }
1443
+ }
1444
+ },
1445
+ {
1446
+ "description": "A role that is applied to end customers and installers using the Portals",
1447
+ "properties": {
1448
+ "type": {
1449
+ "enum": [
1450
+ "portal_role"
1451
+ ]
1452
+ }
1453
+ }
1454
+ }
1455
+ ]
1456
+ }
1457
+ ]
1458
+ },
1459
+ "Error": {
1460
+ "type": "object",
1461
+ "description": "Error response",
1462
+ "properties": {
1463
+ "message": {
1464
+ "type": "string",
1465
+ "description": "Error message",
1466
+ "example": "Parent role 123:nonexistent does not exist"
1467
+ }
1468
+ },
1469
+ "required": [
1470
+ "message"
1471
+ ]
1472
+ }
1473
+ }
1474
+ },
1475
+ "servers": [
1476
+ {
1477
+ "url": "https://permissions.sls.epilot.io"
1478
+ }
1479
+ ]
1480
+ }