Managing Roles and Permissions in Pipe17

Roles in the app define what actions a user can take on different types of data. Each role is a named collection of permissions that determine access to specific resources, such as orders, inventory, integrations, and account settings.

The app includes three built-in roles: Administrator, Developer, and User, each designed for a specific operational purpose. Roles are assigned at the organization level and help ensure users have only the access they need to perform their responsibilities.


Definitions

Role

A role is a predefined set of permissions that allows users to take specific actions on various types of data within the app. For example, the Administrator role includes all available permissions for every resource/entity type in the system, such as Orders, Products, and Inventory.

Permission

A permission allows a user to perform a specific action on a specific entity type. For example, having permission to "read Orders" means a user can view any order in the organization. Permissions are assigned at the entity type level, not individual entities.


Global Roles and Their Purpose

The app provides three built-in roles, each with different access levels:

Role

 

Description

 

Administrator

Full access to all entities across all categories. Can manage users and billing. Assigned to the user who creates the organization.

Developer

Full access to configuration and transaction entities. Useful for setup and testing.

User

Full access to transaction entities and view-only access to configuration entities. Intended for daily operations.

Entities (also referred to as resources) are grouped into three categories:

  • Account/Organization – Users, API Keys, Org Settings

  • Configuration – Integrations, Routing Rules, Automation Rules

  • Transaction – Orders, Inventory, Returns, Products, Refunds


Permissions List

Here is the permissions list across all three built-in roles in Pipe17. Certain permissions differ depending on the assigned role (User, Developer, Administrator).

Permission Types

There are five types of permissions available in the app:

  • Read (View): See the details of an entity

  • Create: Add a new entity

  • Update: Modify an existing entity

  • Delete: Remove an entity

  • List: View all entities of a certain type

Legend:
C = Create R = Read/View U = Update D = Delete L = List

Entity / Resource

 

User

 

Developer

 

Administrator

 

Accounts

R, L

R, L

R, L

API Key

L

C, R, U, D, L

C, R, U, D, L

Arrival

C, R, U, D, L

C, R, U, D, L

C, R, U, D, L

Automation Rule

C, R, U, D, L

C, R, U, D, L

C, R, U, D, L

Automation Run

R, L

R, L

R, L

Entity Filter

C, R, U, D, L

C, R, U, D, L

C, R, U, D, L

Entity Schema

R, L

R, L

R, L

Entity Mappings

R, L

C, R, U, D, L

C, R, U, D, L

Events

R, L

C, R, U, D, L

C, R, U, D, L

Exception Category

R, L

C, R, U, D, L

C, R, U, D, L

Exception Filter

R, L

C, R, U, D, L

C, R, U, D, L

Exceptions

R, U, L

C, R, U, D, L

C, R, U, D, L

Fulfillment

C, R, U, D, L

C, R, U, D, L

C, R, U, D, L

Integration Actions

R, L

C, R, U, D, L

C, R, U, D, L

Integrations

L

C, R, U, D, L

C, R, U, D, L

Inventory

C, R, U, D, L

C, R, U, D, L

C, R, U, D, L

Job (Bulk Jobs)

C, R, U, D, L

C, R, U, D, L

C, R, U, D, L

Label

C, R, U, D, L

C, R, U, D, L

C, R, U, D, L

Location

C, R, U, D, L

C, R, U, D, L

C, R, U, D, L

Notes

R, L

C, R, U, D, L

C, R, U, D, L

Organizations

R, L

R, L

C, R, U, D, L

Order Routing Rule

R, L

C, R, U, D, L

C, R, U, D, L

Orders

C, R, U, D, L

C, R, U, D, L

C, R, U, D, L

Products

C, R, U, D, L

C, R, U, D, L

C, R, U, D, L

Purchase Order

C, R, U, D, L

C, R, U, D, L

C, R, U, D, L

References

R, L

R, L

R, L

Roles

R, L

R, L

C, R, U, D, L

Receipt

C, R, U, D, L

C, R, U, D, L

C, R, U, D, L

Refund

C, R, U, D, L

C, R, U, D, L

C, R, U, D, L

Return

C, R, U, D, L

C, R, U, D, L

C, R, U, D, L

Shipping Request

C, R, U, D, L

C, R, U, D, L

C, R, U, D, L

Shipment Logs

R, L

R, L

R, L

Shipping Method Mapping

C, R, U, D, L

C, R, U, D, L

C, R, U, D, L

Settlement Report

C, R, U, D, L

C, R, U, D, L

C, R, U, D, L

Suppliers

C, R, U, D, L

C, R, U, D, L

C, R, U, D, L

Transfer Order

C, R, U, D, L

C, R, U, D, L

C, R, U, D, L

Users

R, L

R, L

C, R, U, D, L

Webhooks

L

C, R, U, D, L

C, R, U, D, L

Users with Multiple Roles

If a user is assigned multiple roles, the app applies the most permissive combination. For example, if a user has both User and Developer roles, they will be able to create and manage integrations because the Developer role allows it.


Adding and Managing New Roles

Besides the three built-in roles, you can create a set of permissions. To create a custom role:

  1. Go to Settings → Roles.

  2. Click New Role.

  3. Enter a Name and Description.

  4. Set the Status to Active or Disabled.

  5. Select a Permissions Template to give the corresponding permissions to the role:

    1. Read Only API: Designed for retrieving data without modification, suitable for reporting or dashboards.

    2. Update API: Allows reading and updating existing data but not creating new records.

    3. Create API: Permits reading, creating, and potentially updating entities.

    4. Account Management: Focuses on managing organization-level settings, billing, and profile information.

    5. Developer: A global role with full permissions (Read, Create, Update, Delete, List) for configuration and transaction entities, ideal for technical users setting up and testing the system.

    6. User Management: Concentrates on administrative tasks related to user accounts, including creation, viewing, updating, and deletion of users and role assignments.

  6. Click Save.

Administrators and users with “update” permissions in a custom role can only manage roles and users. Also, users cannot grant permissions to themselves.

You can edit or delete a custom role at any time using the Edit or Delete icons on the Roles page.

 

Performing Actions Not Permitted

If a user attempts an action that their role does not allow, they will encounter an "Access explicitly denied" error.

Examples include:

  • A red notification banner on the screen

  • A full-page "Access Denied" error message


Need Help?

If you need additional assistance:

We're here to help you succeed with your operations.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.

Have more questions?
Submit a request
Share it, if you like it.