Permissions =========== Authorization and permissions are granted based on a user's ``roles`` as provided by the token sent with each request. Unauthorized and ``USER`` Role Permissions ------------------------------------------ Users that have not provided a valid JWT or only have the ``USER`` role may access all resources as read-only. +-----------------+-------+--------+---------+---------+ | Resource | List | Create | Update | Delete | +=================+=======+========+=========+=========+ | Study | Yes | No | No | No | +-----------------+-------+--------+---------+---------+ | Release | Yes | No | No | No | +-----------------+-------+--------+---------+---------+ | Release Note | Yes | No | No | No | +-----------------+-------+--------+---------+---------+ | Task | Yes | No | No | No | +-----------------+-------+--------+---------+---------+ | Task Service | Yes | No | No | No | +-----------------+-------+--------+---------+---------+ | Event | Yes | No | No | No | +-----------------+-------+--------+---------+---------+ ``ADMIN`` Role Permissions -------------------------- Admins have the ability to create and update most all resources with excpetion to events, which are generated automatically, and studies, which are synchronized with studies in the dataservice. +-----------------+-------+--------+---------+---------+ | Resource | List | Create | Update | Delete | +=================+=======+========+=========+=========+ | Study | Yes | No | No | No | +-----------------+-------+--------+---------+---------+ | Release | Yes | Yes | Yes | No | +-----------------+-------+--------+---------+---------+ | Release Note | Yes | Yes | Yes | No | +-----------------+-------+--------+---------+---------+ | Task | Yes | Yes | Yes | No | +-----------------+-------+--------+---------+---------+ | Task Service | Yes | Yes | Yes | Yes | +-----------------+-------+--------+---------+---------+ | Event | Yes | No | No | No | +-----------------+-------+--------+---------+---------+