• Home
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • General
  • News & Announcements
  • Ideas
  • RingCentral Office
    • Getting Started
    • Authentication
    • App Graduation
    • API Betas & Developer Previews
    • REST API
      • Call Management API
      • Glip API
      • Meetings API
      • Messaging API (SMS, Fax, Voicemail)
      • Provisioning API
      • Voice and Telephony API
    • Environment (Sandbox, Gateway)
    • SDKs
    • Admin & Credentials
  • RingCentral Engage
    • Getting Started
    • REST API
      • Interactions API
      • Provisioning API
      • Routing API
  • Jobs/Requests for Help
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Users
  • Badges
Skip to main content
  • Create
    • Ask a question
    • Create an article
    • Post an idea
    • General
    • News & Announcements
    • Ideas
    • RingCentral Office
      • Getting Started
      • Authentication
      • App Graduation
      • API Betas & Developer Previews
      • REST API
        • Call Management API
        • Glip API
        • Meetings API
        • Messaging API (SMS, Fax, Voicemail)
        • Provisioning API
        • Voice and Telephony API
      • Environment (Sandbox, Gateway)
      • SDKs
      • Admin & Credentials
    • RingCentral Engage
      • Getting Started
      • REST API
        • Interactions API
        • Provisioning API
        • Routing API
    • Jobs/Requests for Help
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges
  • Sign in
  • Home
  • RingCentral Office

question

automation-usa avatar image
automation-usa asked · Nov 05, 2016 at 07:04 PM

User roles and permissions

RingCentral has introduced multiple user roles and permission levels beyond admin and non-admin. I am looking for an API method of interrogating the system to determine whether a particular user is *the* Super Admin or not.
Is there a way to discover this information via the API?
topic-default
Comment
0
1 |1000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

4 Answers

· Write an Answer
  • Sort by Created Created
  • Sort by Oldest Oldest
  • Sort by Votes Votes
benjamin-dean avatar image
benjamin-dean answered · Nov 06, 2016 at 06:02 PM
While authenticated as an admin, you can call the Extension List resource to fetch a list of all extensions, or you can call the Extension by ID resource to get a particular Extension, both of these provide details about the extensions which contain a "permissions" object. If the user is an admin, the "admin.enabled" property will be "true".

Get Extension List:  https://platform.devtest.ringcentral.com/restapi/v1.0/account/~/extension/
Get Extension by ID:  https://platform.devtest.ringcentral.com/restapi/v1.0/account/~/extension/{ {ID}}
0 · Share
1 |1000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

automation-usa avatar image
automation-usa answered · Nov 07, 2016 at 02:33 AM
Hi Benjamin,

My issue is a RingCentral account can can now have  many Super Admins. Therefore the extension's "permissions" object returns 'true' for any number of users who have been assigned 'Super Admin' role.

Unfortunately certain API functions such as the ability to SMS using the main company number as caller ID can still only be performed by *the* Super Admin and no one else.

I am looking for a way to identify that one, *true*, original Super Admin from all the other possible Super Admins.
0 · Share
1 |1000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

anton-nikitin avatar image
anton-nikitin answered · Nov 07, 2016 at 09:17 AM
"permissions" object inside extension info is deprecated now after introducing roles and permissions functionality. It may not reflect roles assignments properly and should not be used to build any logic on it.

In the majority of cases, if an app requires to identify if certain operation is allowed to logged in user it should call a dedicated API which returns current authorization profile with a list of all granted user permissions. It is very unlikely that app really need to know role assignments to determine user entitlements.

But in the case described above it is even not a matter of permission check. Sending SMS from company numbers is allowed for company operator user (yes, it is main System Admin by default but this setting can be easily changed by end user). Learn more about this feature here:  https://devcommunity.ringcentral.com/ringcentraldev/topics/how-to-send-sms-from-the-main-company-num...

If there are any other scenarios where you believe you need to know if a user is "true original System Admin", let us know. I am pretty sure there is a better and more reliable way to achieve your goal.
· 1 comment · Share
1 |1000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

automation-usa avatar image automation-usa · Nov 07, 2016 at 03:42 PM
Hi Anton,

Thanks for clarifying that it is really the 'Operator' and not necessarily the 'Super Admin' who has the rights to send SMS under the main company caller ID.

That serves my immediate purposes, but as you mentioned, it would be nice to know which authenticated user has which rights, such as the ability to pull down reports.
1 · ·
benjamin-dean avatar image
benjamin-dean answered · Nov 07, 2016 at 03:30 PM
Hey Anton,

You commented the following...
dedicated API which returns current authorization profile with a list of all granted user permissions
To which API resource are you referring please sir? I do not see any new API resource documented in the API Reference or API Explorer?

Are you referring to the Authentication getToken API resource sir? If yes, that makes sense for making determinations in regards to what features an application/integration presents to an agent/operator post-authentication, but it does not address the inquiry which I believe is being made by the developer initially.
I am looking for an API method of interrogating the system to determine whether a particular user is *the* Super Admin or not.
A service which provides context about one or more users would be a property of an Extension, would it not?
· 4 comments · Share
1 |1000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

automation-usa avatar image automation-usa · Nov 07, 2016 at 03:32 PM
Hi Benjamin,

I believe Anton may have been referring to some future dedicated API to replace the current "permissions" object.

0 · ·
benjamin-dean avatar image benjamin-dean · Nov 07, 2016 at 03:36 PM
Perhaps, but I'm not certain after his opening sentence
"permissions" object inside extension info is deprecated now after introducing roles and permissions functionality.
0 · ·
anton-nikitin avatar image anton-nikitin · Nov 07, 2016 at 09:58 PM
I meant that "permissions" attribute from GET /restapi/v1.0/account/~/extension/~/ should not be used. Instead of it one should use GET  /restapi/v1.0/account/~/extension/~/authz-profile . Since Roles & Permissions feature is a new one, this API probably was not covered in our public API documentation.
1 · ·
automation-usa avatar image automation-usa · Nov 07, 2016 at 11:00 PM
Thanks Anton. That's 2 for 2 ( and I only asked one question )
0 · ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

question details

3 People are following this question.

automation-usa follows this question benjamin-dean follows this question anton-nikitin follows this question
Answers Subscribe to Answers Answers and Comments Subscribe to Comments and Answers

Related Questions

500 Error while getting the call status 'Consult RC Support' error message 6 Answers

API call log some records not found in result 12 Answers

Authorize URI for Different Users, Same Browser 6 Answers

Call Logs for Individual Accounts 3 Answers

Can we get result data in mssql 2012 format? 1 Answer

  • Developer Home
  • ·
  • Community Guidelines
  • ·
  • Legal
  • ·
  • Privacy Notice