User

A user is a person or entity that uses the application to carry out certain tasks, functions or activities. Each user may have different levels of access, permissions and visibility within the application, depending on their specific role.

Therefore, a user is related to the business roles that have been applied to them and the nodes to which they have access.

The user is not linked to the service but to the node.

API User

To access the integration API, it is necessary to have an integration user. This is a standard Orquest user, which can be created from the application, with the "Access import api" permission enabled.

The integration user will have control over the Orquest data related to the nodes they have visibility into. If the user requires access to all business information, they can be placed directly at the root node of the organizational structure. Otherwise, they should be placed at the specific node where visibility is needed.

Visibility restrictions

In cases where the user only has access to a specific node of the business, the following visibility restrictions will apply:

GET Requests

The user can view general business data and configurations such as bags, metadata, counters, commercial periods or reference days.

However, they cannot view specific information defined within nodes or services where they do not have access: aptitudes, assignments, bag movements, calendar days, clockguards, compute counters, contracts, drafts, employees, incidences, locations, measures, needs, payrolls, products, services or schedules.

Any request not allowed for visibility reasons will return a 401 Unauthorized - Importer user don´t have sufficient permissions for operation error.

DELETE, POST or PUT Requests

The user cannot modify data from nodes or services where they do not have visibility: aptitudes, bag movements, calendar days, contract type filters, measures, needs, employee roles, sales targets, vacancies, etc.

For example, when updating an employee’s information, they cannot add a service association with an ownerProduct of a product they do not have access to or a cession with a product they do not have access to.

Additionally, if the employee has an active service association in another node where the user does not have visibility, and an attempt is made to create a service association that overlaps with this, the request will return a 409 Conflict error, specifying in the message: A service association override other and you are not allowed to do it.

Any request not allowed for visibility reasons will return an error 401 Unauthorized - Importer user don´t have sufficient permissions for operation or 409 Conflict - Service or node forbidden.

An Orquest user can have access without necessarily being an employee.