The Rulerr Access API allows you to integrate a product's access privileges with Rulerr. By integrating a product's access privileges with the Rulerr Access API, Rulerr Customers are able to view, manage and collaborate on access privileges in real time.
When you select to integrate with Rulerr Access, your Product will show as an integrated product within the Access page.
You can configure the integration to Read access privileges from the product and/or Write information to the product.
When you have completed the integration, you must submit it as complete. We will then check your integration to make sure that it works as customers would expect. If we are satisfied that it adheres to our integration rules, we will make your integration available to Rulerr customers.
To integrate a products access privileges with Rulerr, the basic premise is as follows:
A product has accounts and access privileges are attached to those accounts. Within Rulerr the accounts from your product are mapped to people in Rulerr
The details for creating or retrieving an account for your product from the Rulerr API can be found here.
Once an account has been created, an Access Object must also be created to indicate to Rulerr that the account has permission(s) within your product. Details on creating/retrieving an access object can be found here. When creating an Access Object, an Account ID must be given with the request in order to connect the Account with the Access Object.
You have two options to publish access privileges for your product:
Roles are grouped access privileges within your product, to learn more about Roles please see here.
Privileges should be used for "complex" access privileges where roles do not fit your product's security requirements. A Privilege object can be added per resource in your product. For example, in a file storage product each file or folder would correspond to an Privilege object in Rulerr. Privilege objects can have their read and/or write flags set to indicate the same in your product.
Note that when adding or updating both Roles and Privileges, an Access Object ID must be given to Rulerr which corresponds to the Access object of the Rulerr account which holds the access privilege.
Full documentation for the Rulerr API can be found here
To integrate with Rulerr Access, you must use certain API endpoints, which are explained below.
- Add your product to your developer portal, selecting "Permissions" as the integration type.
- Obtain an access token for your product, and use this when accessing the Rulerr API.
Read mode indicates that data will be "read" from your application and placed into Rulerr.
Obtain a list of organizations which are using your product. Each organization will be returned with the applicable authentication data necessary to interface with your Product's API.
For each account that is present within your Product, add an account to the corresponding Organization. Of course, any accounts which have been updated or disabled within your product must be updated or disabled within Rulerr so that Rulerr reflects what is contained within your Product. You can obtain a list of accounts for the given Organization in order to compare your Product's data to what is contained within Rulerr.
For each account that was added in the previous step, a corresponding Access object must be created, updated or deleted to reflect the state in your Product, and to add Privileges in the next step. The access object reflects whether the account has access to your Product. Now that an access object has been created for the account, we can manage the associated Roles or Permissions for this account. You can obtain a list of access objects for the given Organization in order to compare your Product's data to what is contained within Rulerr.
- Roles and Privileges