APIO Users

The APIO Users are the users that can call APIs.

They are generally split in the following logical categories:

  • real users (end users, Group admin, …) that are known by the Application Server provisioned by the APIO and authenticated by it.

  • APIO users who are known by the Application Server but authenticated by APIO (usually for a SSO mechanism)

  • APIO users who are not know by the Application Server, authenticated by APIO and then using shared user credentials for the Application Server.

All these users will be stored in APIO DB with different informations:

  • Basic profile info such as the username and the language and the email address

  • The reference to the Application Server that hosts them (for users known by it) or that they can manage (for users not known by it)

  • A list of additional Network Element they could access (such as the Phone Vendor Servers)

  • Their authorization level (System, Tenant, Group, End User) that explain what resources they can manage

  • The fact that they are normal users or reseller users (only for System Admin and Tenant Admin) meaning that they can access only part of the objects from their level.

APIO Resellers

When an APIO user is a reseller it means that they can manage only part of the Tenants and/or Groups: the ones that they own.

This is achieve by having an object caller Reseller (see Resellers), that will be referenced by both the APIO user of type reseller one one side and the TenantData and GroupData objects on the other side.

The fact that the reseller checks are done at Tenant and/or Group level is controlled by the following Configuration Settings:

"RESELLER_GROUP": true,
"RESELLER_TENANT": true
Settings description:

  • RESELLER_GROUP if true when an reseller user access a Group related resource (Group or End User), the GroupData object will be checked . Default is true.

  • RESELLER_TENANT if true when an reseller user access a Tenant related resource, the TenantData object will be checked . Default is false. This level of check has been introduced in 1.8.3.

The checks are of 2 types:

  • allowed or not to access directly a resource

  • presence or not of that resource in a list operation (for example a reseller user who will list the Groups in a Tenant will only see in the result the Groups that he owns).