Tesouro uses role-based access control (RBAC) to manage what actions organization users can perform. When you create a role, you specify a set of permissions that define which actions are allowed on which objects.Documentation Index
Fetch the complete documentation index at: https://docs.tesouro.com/llms.txt
Use this file to discover all available pages before exploring further.
Permission types
The following permission types are available:not_allowed(default) - the specified action is not allowed.allowed- the specified action is always allowed.allowed_for_own- the specified action is allowed to be performed only on the objects created by this organization user.
List of permissions
Below is the list of all permissions available in the Tesouro RBAC system:| object_type | action_name | Description |
|---|---|---|
approval_policy | create, read, update, delete | Grants organization users permissions to create, view, update, and delete Approval policies. |
approval_request | create, read, update, delete | Defines an organization user’s ability to perform actions on approval requests. |
comment | create, read, update | Controls the ability to create, view, and update comments. |
counterpart | create, read, update, delete | Allows the organization user to create, view, update, and delete counterparts. |
counterpart_vat_id | create, read, update, delete | Allows access to perform actions on counterpart VAT IDs. |
delivery_note | create, read, update, delete | Controls the ability to create, view, update, and delete delivery notes. |
entity | read, update | Controls the ability to read and update organization information. |
entity_bank_account | create, read, update, delete | Allows access to perform actions on organization bank accounts. |
entity_vat_ids | create, read, update, delete | Allows access to perform actions on organization VAT IDs. |
entity_user | create, read, update, delete | Controls the ability to create, view, update, and delete organization users. |
export | create, read | Allows access to perform actions on data exports. |
mailbox | create, read, delete | Allows access to perform actions on mailboxes. |
ocr_task | create, read, update, delete | Controls the ability to perform actions related to generic OCR. |
onboarding | create, read, update | Controls the ability to perform actions related to organization onboarding. |
overdue_reminder | create, read, update, delete | Allows access to create, view, update, and delete overdue reminders. |
payable | create, create_from_mail, read, update, delete, submit, approve, cancel, pay | Allows the organization user to perform actions on a payable. |
payables_purchase_order | create, read, update, delete | Controls the organization user’s ability to create, view, update, and delete purchase orders. |
payment_record | create, read | Allows the organization user to create and view payment records. |
payment_reminder | create, read, update, delete | Allows access to create, view, update, and delete payment reminders. |
person | create, read, update, delete | Controls the ability to create, view, update, and delete persons associated with an organization. |
product | create, read, update, delete | Controls the ability to create, view, update, and delete products. |
project | create, read, update, delete | Controls the ability to create, view, update, and delete projects. |
receipt | create, create_from_mail, read, update, delete | Allows the organization user to perform actions on a receipt. |
receivable | create, read, update, delete | Allows the organization user to perform actions on a receivable. |
role | create, read, update, delete | Controls the ability to create, view, update, and delete user roles. |
tag | create, read, update, delete | Controls the ability to create, view, update, and delete tags. |
transaction | create, read, update, delete | Controls the ability to create, view, update, and delete transactions. |