Roles

Control who can see and edit what

Attribute-level permissions (read/write/hidden) per schema. System-wide permissions for schemas, roles, dimensions, imports, exports. Combine schema permissions with catalog access to build precise access control for every team.

Attribute-Level Control

Set each attribute to read, write, or hidden per role and schema. Price visible to managers but hidden from translators.

System Permissions

Control who can manage schemas, roles, dimensions, option lists, and who can import or export data with boolean flags.

Catalog Permissions

Grant canView and canAssign per catalog, so teams only see their relevant product categories.

Resolve Effective Permissions

Use the /resolve endpoint to compute the final permission map for any attribute set within a schema.

Endpoints

Method	Endpoint	Description
GET	`/api/v1/roles`	List all roles
POST	`/api/v1/roles`	Create a new role
GET	`/api/v1/roles/:id`	Get role by ID
PUT	`/api/v1/roles/:id`	Update a role
DELETE	`/api/v1/roles/:id`	Delete a role (204 No Content)
POST	`/api/v1/roles/:id/resolve`	Resolve effective permissions for attributes

List All Roles

curl https://api.sigma-pim.com/api/v1/roles \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."

// Response
[
  {
    "id": "role-admin",
    "name": "Admin",
    "description": "Full access to all features and data",
    "canManageSchemas": true,
    "canManageRoles": true,
    "canManageDimensions": true,
    "canManageOptionLists": true,
    "canExport": true,
    "canImport": true,
    "schemaPermissions": [...],
    "catalogPermissions": [...]
  },
  {
    "id": "role-editor",
    "name": "Editor",
    "description": "Can edit product content but not pricing",
    ...
  }
]

Create a Role

Create a new role with system permissions, per-schema attribute permissions, and catalog access control. Each attribute can be set to write (full edit), read (view only), or hidden (not visible).

// Example: Admin role with full access
curl -X POST https://api.sigma-pim.com/api/v1/roles \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
  -H "Content-Type: application/json" \
  -d '{
    "id": "role-admin",
    "name": "Admin",
    "description": "Full access to all features and data",
    "canManageSchemas": true,
    "canManageRoles": true,
    "canManageDimensions": true,
    "canManageOptionLists": true,
    "canExport": true,
    "canImport": true,
    "schemaPermissions": [
      {
        "schemaId": "schema-apparel",
        "canCreate": true,
        "canDelete": true,
        "attributePermissions": {
          "attr-product-name": "write",
          "attr-description": "write",
          "attr-price": "write",
          "attr-sku": "write"
        },
        "defaultPermission": "write"
      }
    ],
    "catalogPermissions": [
      {
        "catalogId": "catalog-web",
        "canView": true,
        "canAssign": true
      }
    ]
  }'

// Example: Editor role — can edit most attributes but price is hidden
curl -X POST https://api.sigma-pim.com/api/v1/roles \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
  -H "Content-Type: application/json" \
  -d '{
    "id": "role-editor",
    "name": "Editor",
    "description": "Can edit product content but not pricing",
    "canManageSchemas": false,
    "canManageRoles": false,
    "canManageDimensions": false,
    "canManageOptionLists": false,
    "canExport": true,
    "canImport": false,
    "schemaPermissions": [
      {
        "schemaId": "schema-apparel",
        "canCreate": true,
        "canDelete": false,
        "attributePermissions": {
          "attr-product-name": "write",
          "attr-description": "write",
          "attr-price": "hidden",
          "attr-sku": "read"
        },
        "defaultPermission": "write"
      }
    ],
    "catalogPermissions": [
      {
        "catalogId": "catalog-web",
        "canView": true,
        "canAssign": false
      }
    ]
  }'

// Example: Viewer role — read-only access
curl -X POST https://api.sigma-pim.com/api/v1/roles \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
  -H "Content-Type: application/json" \
  -d '{
    "id": "role-viewer",
    "name": "Viewer",
    "description": "Read-only access to product data",
    "canManageSchemas": false,
    "canManageRoles": false,
    "canManageDimensions": false,
    "canManageOptionLists": false,
    "canExport": true,
    "canImport": false,
    "schemaPermissions": [
      {
        "schemaId": "schema-apparel",
        "canCreate": false,
        "canDelete": false,
        "attributePermissions": {},
        "defaultPermission": "read"
      }
    ],
    "catalogPermissions": [
      {
        "catalogId": "catalog-web",
        "canView": true,
        "canAssign": false
      }
    ]
  }'

Request Body Reference

Field	Type	Description
`id`	`string`	Unique role identifier
`name`	`string`	Display name for the role
`description`	`string?`	Optional description of the role's purpose
`canManageSchemas`	`boolean`	Can create, edit, and delete schemas
`canManageRoles`	`boolean`	Can create, edit, and delete roles
`canManageDimensions`	`boolean`	Can create, edit, and delete dimensions
`canManageOptionLists`	`boolean`	Can create, edit, and delete option lists
`canExport`	`boolean`	Can export product data
`canImport`	`boolean`	Can import product data
`schemaPermissions`	`SchemaPermission[]`	Per-schema access rules (see below)
`catalogPermissions`	`CatalogPermission[]`	Per-catalog access rules (see below)

SchemaPermission

Field	Type	Description
`schemaId`	`string`	The schema this permission applies to
`canCreate`	`boolean`	Can create new records in this schema
`canDelete`	`boolean`	Can delete records from this schema
`attributePermissions`	`Record<string, Permission>`	Map of attribute ID to `read` \| `write` \| `hidden`
`defaultPermission`	`Permission`	Fallback permission for attributes not explicitly listed: `read` \| `write` \| `hidden`

CatalogPermission

Field	Type	Description
`catalogId`	`string`	The catalog this permission applies to
`canView`	`boolean`	Can view products in this catalog
`canAssign`	`boolean`	Can assign/unassign products to categories

Get Role by ID

curl https://api.sigma-pim.com/api/v1/roles/role-editor \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."

// Response
{
  "id": "role-editor",
  "name": "Editor",
  "description": "Can edit product content but not pricing",
  "canManageSchemas": false,
  "canManageRoles": false,
  "canManageDimensions": false,
  "canManageOptionLists": false,
  "canExport": true,
  "canImport": false,
  "schemaPermissions": [
    {
      "schemaId": "schema-apparel",
      "canCreate": true,
      "canDelete": false,
      "attributePermissions": {
        "attr-product-name": "write",
        "attr-description": "write",
        "attr-price": "hidden",
        "attr-sku": "read"
      },
      "defaultPermission": "write"
    }
  ],
  "catalogPermissions": [
    {
      "catalogId": "catalog-web",
      "canView": true,
      "canAssign": false
    }
  ]
}

Update a Role

Replace the entire role definition. All fields must be provided.

// Grant the Editor role import access
curl -X PUT https://api.sigma-pim.com/api/v1/roles/role-editor \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
  -H "Content-Type: application/json" \
  -d '{
    "id": "role-editor",
    "name": "Editor",
    "description": "Can edit product content but not pricing",
    "canManageSchemas": false,
    "canManageRoles": false,
    "canManageDimensions": false,
    "canManageOptionLists": false,
    "canExport": true,
    "canImport": true,
    "schemaPermissions": [
      {
        "schemaId": "schema-apparel",
        "canCreate": true,
        "canDelete": false,
        "attributePermissions": {
          "attr-product-name": "write",
          "attr-description": "write",
          "attr-price": "hidden",
          "attr-sku": "read"
        },
        "defaultPermission": "write"
      }
    ],
    "catalogPermissions": [
      {
        "catalogId": "catalog-web",
        "canView": true,
        "canAssign": false
      }
    ]
  }'

Delete a Role

curl -X DELETE https://api.sigma-pim.com/api/v1/roles/role-viewer \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."

// Response: 204 No Content

Resolve Effective Permissions

Given a schema and a list of attribute IDs, compute the effective permission for each attribute. Attributes explicitly listed in attributePermissions use their assigned value; all others fall back to defaultPermission.

curl -X POST https://api.sigma-pim.com/api/v1/roles/role-editor/resolve \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
  -H "Content-Type: application/json" \
  -d '{
    "schemaId": "schema-apparel",
    "attributeIds": [
      "attr-product-name",
      "attr-description",
      "attr-price",
      "attr-sku",
      "attr-material",
      "attr-color"
    ]
  }'

// Response — effective permission per attribute
{
  "attr-product-name": "write",
  "attr-description": "write",
  "attr-price": "hidden",
  "attr-sku": "read",
  "attr-material": "write",
  "attr-color": "write"
}

Note how attr-material and attr-color are not explicitly listed in the Editor role's attributePermissions, so they inherit the defaultPermission of write.

Previous Workflows Next Search