Roles in the app define what actions a user can take on different types of data. Each role is a named collection of permissions that determine access to specific resources, such as orders, inventory, integrations, and account settings.
The app includes three built-in roles: Administrator, Developer, and User, each designed for a specific operational purpose. Roles are assigned at the organization level and help ensure users have only the access they need to perform their responsibilities.
Definitions
Role
A role is a predefined set of permissions that allows users to take specific actions on various types of data within the app. For example, the Administrator role includes all available permissions for every resource/entity type in the system, such as Orders, Products, and Inventory.
Permission
A permission allows a user to perform a specific action on a specific entity type. For example, having permission to "read Orders" means a user can view any order in the organization. Permissions are assigned at the entity type level, not individual entities.
Global Roles and Their Purpose
The app provides three built-in roles, each with different access levels:
Role |
Description |
|---|---|
Administrator |
Full access to all entities across all categories. Can manage users and billing. Assigned to the user who creates the organization. |
Developer |
Full access to configuration and transaction entities. Useful for setup and testing. |
User |
Full access to transaction entities and view-only access to configuration entities. Intended for daily operations. |
Entities (also referred to as resources) are grouped into three categories:
Account/Organization – Users, API Keys, Org Settings
Configuration – Integrations, Routing Rules, Automation Rules
Transaction – Orders, Inventory, Returns, Products, Refunds
Permissions List
Here is the permissions list across all three built-in roles in Pipe17. Certain permissions differ depending on the assigned role (User, Developer, Administrator).
Permission Types
There are five types of permissions available in the app:
Read (View): See the details of an entity
Create: Add a new entity
Update: Modify an existing entity
Delete: Remove an entity
List: View all entities of a certain type
Legend:
C = Create R = Read/View U = Update D = Delete L = List
Entity / Resource |
User |
Developer |
Administrator |
|---|---|---|---|
Accounts |
R, L |
R, L |
R, L |
API Key |
L |
C, R, U, D, L |
C, R, U, D, L |
Arrival |
C, R, U, D, L |
C, R, U, D, L |
C, R, U, D, L |
Automation Rule |
C, R, U, D, L |
C, R, U, D, L |
C, R, U, D, L |
Automation Run |
R, L |
R, L |
R, L |
Entity Filter |
C, R, U, D, L |
C, R, U, D, L |
C, R, U, D, L |
Entity Schema |
R, L |
R, L |
R, L |
Entity Mappings |
R, L |
C, R, U, D, L |
C, R, U, D, L |
Events |
R, L |
C, R, U, D, L |
C, R, U, D, L |
Exception Category |
R, L |
C, R, U, D, L |
C, R, U, D, L |
Exception Filter |
R, L |
C, R, U, D, L |
C, R, U, D, L |
Exceptions |
R, U, L |
C, R, U, D, L |
C, R, U, D, L |
Fulfillment |
C, R, U, D, L |
C, R, U, D, L |
C, R, U, D, L |
Integration Actions |
R, L |
C, R, U, D, L |
C, R, U, D, L |
Integrations |
L |
C, R, U, D, L |
C, R, U, D, L |
Inventory |
C, R, U, D, L |
C, R, U, D, L |
C, R, U, D, L |
Job (Bulk Jobs) |
C, R, U, D, L |
C, R, U, D, L |
C, R, U, D, L |
Label |
C, R, U, D, L |
C, R, U, D, L |
C, R, U, D, L |
Location |
C, R, U, D, L |
C, R, U, D, L |
C, R, U, D, L |
Notes |
R, L |
C, R, U, D, L |
C, R, U, D, L |
Organizations |
R, L |
R, L |
C, R, U, D, L |
Order Routing Rule |
R, L |
C, R, U, D, L |
C, R, U, D, L |
Orders |
C, R, U, D, L |
C, R, U, D, L |
C, R, U, D, L |
Products |
C, R, U, D, L |
C, R, U, D, L |
C, R, U, D, L |
Purchase Order |
C, R, U, D, L |
C, R, U, D, L |
C, R, U, D, L |
References |
R, L |
R, L |
R, L |
Roles |
R, L |
R, L |
C, R, U, D, L |
Receipt |
C, R, U, D, L |
C, R, U, D, L |
C, R, U, D, L |
Refund |
C, R, U, D, L |
C, R, U, D, L |
C, R, U, D, L |
Return |
C, R, U, D, L |
C, R, U, D, L |
C, R, U, D, L |
Shipping Request |
C, R, U, D, L |
C, R, U, D, L |
C, R, U, D, L |
Shipment Logs |
R, L |
R, L |
R, L |
Shipping Method Mapping |
C, R, U, D, L |
C, R, U, D, L |
C, R, U, D, L |
Settlement Report |
C, R, U, D, L |
C, R, U, D, L |
C, R, U, D, L |
Suppliers |
C, R, U, D, L |
C, R, U, D, L |
C, R, U, D, L |
Transfer Order |
C, R, U, D, L |
C, R, U, D, L |
C, R, U, D, L |
Users |
R, L |
R, L |
C, R, U, D, L |
Webhooks |
L |
C, R, U, D, L |
C, R, U, D, L |
Users with Multiple Roles
If a user is assigned multiple roles, the app applies the most permissive combination. For example, if a user has both User and Developer roles, they will be able to create and manage integrations because the Developer role allows it.
Adding and Managing New Roles
Besides the three built-in roles, you can create a set of permissions. To create a custom role:
Go to Settings → Roles.
Click New Role.
Enter a Name and Description.
Set the Status to Active or Disabled.
-
Select a Permissions Template to give the corresponding permissions to the role:
Read Only API: Designed for retrieving data without modification, suitable for reporting or dashboards.
Update API: Allows reading and updating existing data but not creating new records.
Create API: Permits reading, creating, and potentially updating entities.
Account Management: Focuses on managing organization-level settings, billing, and profile information.
Developer: A global role with full permissions (Read, Create, Update, Delete, List) for configuration and transaction entities, ideal for technical users setting up and testing the system.
User Management: Concentrates on administrative tasks related to user accounts, including creation, viewing, updating, and deletion of users and role assignments.
Click Save.
Administrators and users with “update” permissions in a custom role can only manage roles and users. Also, users cannot grant permissions to themselves.
You can edit or delete a custom role at any time using the Edit or Delete icons on the Roles page.
Performing Actions Not Permitted
If a user attempts an action that their role does not allow, they will encounter an "Access explicitly denied" error.
Examples include:
A red notification banner on the screen
-
A full-page "Access Denied" error message
Need Help?
If you need additional assistance:
Use Ask Pippen, our AI agent, located at the top of the app page.
Submit a support request with as much relevant detail as possible. Learn how to submit a request.
For urgent issues, email us directly at support@pipe17.com.
We're here to help you succeed with your operations.
Comments
0 comments