Role Creation using GraphiQL
Written by Mitchell Ivany
Updated at March 13th, 2025
- Our Products & Services
- Getting Started
- Accounts
- Communication
- Billing
- Companies
- Financial
- Integrations
- Inventory
- Jobs
- Mapping
- Misc.
- Monitoring
- Purchase Orders
- Release Notes
- Sonar Billing
- Voice
- Reporting
- Security
- sonarPay
- Ticketing
- Working With the Sonar Team & Additional Resources
- System
- Networking
Table of Contents
In our User Role Creation & Best Practices article, we introduced you to one of the ways you could create new roles and set their permissions. While using the in-app interface is perfectly serviceable, we also offer the ability to create these roles using the GraphQL API through the GraphiQL interface, available in your instance by accessing [your instance url]/graphiql.
If you aren't familiar with GraphiQL, we have an introductory article here | How To Use GraphiQL to Understand the Sonar API
Below, we'll provide some example roles, their permissions, and the mutations and parameters needed to create the role using GraphiQL.
Support Agent
Mutation
mutation ($supportAgent: CreateRoleMutationInput) {
createRole(input: $supportAgent) {
id
name
}
}
Parameters
{
"supportAgent": {
"name": "Support Agent",
"applied_permissions": [
"READ_ALL_INVENTORY",
"ASSIGN_ACCOUNT_INVENTORY",
"MODIFY_ACCOUNT_SERVICES",
"UPDATE_ACCOUNT_SERVICE_PARAMETERS",
"UPDATE_ACCOUNT_BILLING_PARAMETERS",
"CREATE_ACCOUNT_TRANSACTIONS",
"READ_ACCOUNT_TRANSACTIONS",
"UPDATE_ACCOUNT_TRANSACTIONS",
"REVERSE_ACCOUNT_TRANSACTIONS",
"CREATE_ACCOUNT",
"READ_ACCOUNT",
"UPDATE_ACCOUNT",
"READ_ACCOUNT_GROUP",
"READ_ACCOUNT_STATUS",
"READ_ACCOUNT_TYPE",
"CREATE_SERVICEABLE_ADDRESS",
"READ_ADDRESS_LIST",
"READ_SERVICEABLE_ADDRESS",
"UPDATE_SERVICEABLE_ADDRESS",
"READ_BILLING_DEFAULT",
"READ_CALL_LOG",
"READ_CANNED_REPLY",
"CREATE_CALL_LOG",
"UPDATE_CALL_LOG",
"UPDATE_CANNED_REPLY",
"CREATE_CANNED_REPLY",
"CREATE_CONTACT",
"UPDATE_CONTACT",
"DELETE_CONTACT",
"READ_CONTRACT",
"CREATE_CUSTOM_FIELD",
"READ_CUSTOM_FIELD",
"UPDATE_CUSTOM_FIELD",
"DELETE_CUSTOM_FIELD",
"READ_DATA_USAGE_HISTORY",
"UPDATE_DATA_USAGE_HISTORY",
"CREATE_EMAIL_MESSAGE",
"READ_EMAIL_MESSAGE",
"UPDATE_EMAIL_MESSAGE",
"CREATE_INVENTORY_ITEM",
"UPDATE_INVENTORY_ITEM",
"DELETE_INVENTORY_ITEM",
"READ_JOB",
"UPDATE_JOB",
"CREATE_JOB",
"DELETE_JOB",
"READ_JOB_TYPE",
"READ_MASS_EMAIL",
"READ_NETWORK_SITE",
"CREATE_NOTE",
"UPDATE_NOTE",
"DELETE_NOTE",
"READ_PACKAGE",
"UPDATE_PACKAGE",
"CREATE_PACKAGE",
"READ_PAYMENT_PROCESSOR",
"CREATE_PAYMENT_METHOD",
"READ_PAYMENT_METHOD",
"UPDATE_PAYMENT_METHOD",
"DELETE_PAYMENT_METHOD",
"CREATE_PAYMENT",
"READ_RADIUS_ACCOUNT",
"CREATE_RADIUS_ACCOUNT",
"UPDATE_RADIUS_ACCOUNT",
"READ_SCHEDULED_EVENT",
"UPDATE_SCHEDULED_EVENT",
"CREATE_SCHEDULED_EVENT",
"READ_SERVICE",
"READ_TICKET",
"CREATE_TICKET",
"UPDATE_TICKET",
"READ_TICKET_CATEGORY",
"CREATE_FILE",
"UPDATE_FILE",
"DELETE_FILE",
"READ_FILE",
"REFUND_PAYMENTS",
"CREATE_DATA_USAGE_TOP_OFF",
"READ_INBOUND_MAILBOX",
"UPDATE_ACCOUNT_LINK",
"READ_NETWORK_SITE_SERVICEABLE_ADDRESS_LIST"
]
}
}
Sales Agent
Mutation
mutation ($salesAgent: CreateRoleMutationInput) {
createRole(input: $salesAgent) {
id
name
}
}
Parameters
{
"salesAgent": {
"name": "Sales Agent",
"applied_permissions": [
"ASSIGN_ACCOUNT_INVENTORY",
"READ_ALL_INVENTORY",
"MODIFY_ACCOUNT_SERVICES",
"UPDATE_ACCOUNT_SERVICE_PARAMETERS",
"UPDATE_ACCOUNT_BILLING_PARAMETERS",
"CREATE_ACCOUNT_TRANSACTIONS",
"READ_ACCOUNT_TRANSACTIONS",
"UPDATE_ACCOUNT_TRANSACTIONS",
"REVERSE_ACCOUNT_TRANSACTIONS",
"CREATE_ACCOUNT",
"READ_ACCOUNT",
"UPDATE_ACCOUNT",
"READ_ACCOUNT_GROUP",
"READ_ACCOUNT_STATUS",
"READ_ACCOUNT_TYPE",
"CREATE_SERVICEABLE_ADDRESS",
"READ_SERVICEABLE_ADDRESS",
"UPDATE_SERVICEABLE_ADDRESS",
"DELETE_SERVICEABLE_ADDRESS",
"READ_CALL_LOG",
"CREATE_CALL_LOG",
"UPDATE_CALL_LOG",
"READ_CANNED_REPLY",
"CREATE_CONTACT",
"UPDATE_CONTACT",
"DELETE_CONTACT",
"READ_CONTRACT",
"UPDATE_CONTRACT",
"CREATE_CONTRACT",
"DELETE_CONTRACT",
"READ_CONTRACT_TEMPLATE",
"READ_CUSTOM_FIELD",
"CREATE_FILE",
"UPDATE_FILE",
"READ_FILE",
"READ_JOB",
"UPDATE_JOB",
"CREATE_JOB",
"DELETE_JOB",
"READ_JOB_TYPE",
"CREATE_NOTE",
"UPDATE_NOTE",
"DELETE_NOTE",
"READ_PACKAGE",
"READ_PAYMENT_PROCESSOR",
"CREATE_PAYMENT_METHOD",
"READ_PAYMENT_METHOD",
"UPDATE_PAYMENT_METHOD",
"DELETE_PAYMENT_METHOD",
"CREATE_PAYMENT",
"READ_RADIUS_ACCOUNT",
"CREATE_RADIUS_ACCOUNT",
"UPDATE_RADIUS_ACCOUNT",
"READ_SCHEDULED_EVENT",
"UPDATE_SCHEDULED_EVENT",
"CREATE_SCHEDULED_EVENT",
"READ_SERVICE",
"READ_TICKET",
"CREATE_TICKET",
"UPDATE_TICKET",
"READ_TICKET_CATEGORY",
"UPDATE_ACCOUNT_LINK",
"REFUND_PAYMENTS",
"UPDATE_SERVICEABLE_ADDRESS",
"READ_NETWORK_SITE_SERVICEABLE_ADDRESS_LIST"
]
}
}
Field Technician
These are the minimum role permissions that would be required for any user to access the Sonar field app.
The last 3 permissions included within the Parameters section below are optional, but recommended:
REVERSE_ACCOUNT_TRANSACTIONS
DELETE_ACCOUNT_TRANSACTIONS
UPDATE_DRIVERS
Mutation
mutation ($fieldTech: CreateRoleMutationInput) {
createRole(input: $fieldTech) {
id
name
}
}
Parameters
{
"fieldTech": {
"name": "Field Technician",
"applied_permissions": [
"UPDATE_TASK",
"CREATE_NOTE",
"UPDATE_NOTE",
"DELETE_NOTE",
"READ_FILE",
"CREATE_FILE",
"UPDATE_FILE",
"DELETE_FILE",
"CHECK_IN_OWN_JOB",
"COMPLETE_OWN_JOB",
"MODIFY_ACCOUNT_SERVICES",
"CREATE_PAYMENT_METHOD",
"CREATE_ACCOUNT_TRANSACTIONS",
"CREATE_PAYMENT",
"ASSIGN_ACCOUNT_INVENTORY",
"CREATE_IP_ASSIGNMENT",
"CREATE_RADIUS_ACCOUNT",
"READ_ACCOUNT",
"READ_PAYMENT_METHOD",
"READ_ACCOUNT_TRANSACTIONS",
"READ_ALL_INVENTORY",
"READ_IP_ASSIGNMENT",
"READ_RADIUS_ACCOUNT",
"READ_SCHEDULED_EVENT",
"READ_CONTRACT",
"UPDATE_ACCOUNT",
"UPDATE_PAYMENT_METHOD",
"UPDATE_IP_ASSIGNMENT",
"UPDATE_RADIUS_ACCOUNT",
"DELETE_IP_ASSIGNMENT",
"DELETE_RADIUS_ACCOUNT",
"UPDATE_INVENTORY_ITEM",
"READ_NETWORK_SITE",
"READ_NETWORK_MONITORING_TEMPLATE",
"READ_ALERTING_ROTATION",
"READ_JOB",
"UPDATE_JOB",
"CREATE_TICKET",
"READ_TICKET",
"UPDATE_TICKET",
"READ_SERVICE",
"READ_SERVICEABLE_ADDRESS",
"READ_INLINE_DEVICE",
"READ_PACKAGE",
"READ_PHONE_NUMBER_TYPE",
"READ_DHCP_SERVER",
"REVERSE_ACCOUNT_TRANSACTIONS",
"DELETE_ACCOUNT_TRANSACTIONS",
"UPDATE_DRIVERS",
"READ_CALENDAR",
"CREATE_CALENDAR",
"UPDATE_CALENDAR",
"DELETE_CALENDAR"
]
}
}
Customer Portal User
Check out our full guide on Adding a Customer Portal to Your Sonar Instance
Mutation
mutation createRole($customer_portal: CreateRoleMutationInput) {
createRole(input: $customer_portal) {
name
}
}
Parameters
{
"customer_portal":
{
"name": "Customer Portal",
"applied_permissions": [
"READ_DATA_USAGE_HISTORY",
"CREATE_TICKET",
"READ_TICKET",
"UPDATE_TICKET",
"CREATE_PAYMENT_METHOD",
"CREATE_PAYMENT",
"READ_ACCOUNT",
"READ_PAYMENT_METHOD",
"READ_ACCOUNT_TRANSACTIONS",
"READ_CONTRACT",
"UPDATE_PAYMENT_METHOD",
"UPDATE_ACCOUNT_TRANSACTIONS",
"CREATE_CONTACT",
"UPDATE_CONTACT",
"DELETE_CONTACT",
"UPDATE_CONTRACT",
"DELETE_PAYMENT_METHOD",
"CREATE_ACCOUNT_TRANSACTIONS",
"READ_INVOICE_ATTACHMENT",
"READ_INVOICE_MESSAGE",
"READ_SERVICE",
"CREATE_DATA_USAGE_TOP_OFF",
"READ_PACKAGE",
"MODIFY_ACCOUNT_SERVICES",
"READ_PAYMENT_PROCESSOR",
"UPDATE_ACCOUNT",
"READ_INBOUND_MAILBOX"
],
"note": {
"message": "Customer Portal",
"priority": "NORMAL"
}
}
}
Read-Only User for 3rd Party Development (or other use)
This role is being given read-only permissions to the entire Sonar instance. Your particular use case will likely require modification to specific permissions in order to cover a wide range of scenarios.
Mutation
mutation createRole($read_only: CreateRoleMutationInput) {
createRole(input: $read_only) {
name
}
}
Parameters
{
"read_only":
{
"name": "Read-only",
"applied_permissions": [
"READ_ACCESS_LOG",
"READ_ACCOUNT",
"READ_ACCOUNT_GROUP",
"READ_ACCOUNT_REPORTS",
"READ_ACCOUNT_STATUS",
"READ_ACCOUNT_TRANSACTIONS",
"READ_ACCOUNT_TYPE",
"READ_ACH_BATCH",
"READ_ADDRESS_LIST",
"READ_ALERTING_ROTATION",
"READ_ALL_INVENTORY",
"READ_ALL_LOGS",
"READ_APPLICATION_FIREWALL_RULE",
"READ_BILLING_DEFAULT",
"READ_CABLE_MODEM_PROVISIONER",
"READ_CALL_DETAIL_RECORD",
"READ_CALL_DETAIL_RECORD_IMPORT",
"READ_CALL_LOG",
"READ_CANNED_REPLY",
"READ_CONTRACT",
"READ_CONTRACT_TEMPLATE",
"READ_CUSTOM_FIELD",
"READ_DAILY_AGGREGATE_VALUES",
"READ_DATA_USAGE_HISTORY",
"READ_DELINQUENCY_EXCLUSION",
"READ_DEPOSIT_SLIP",
"READ_DHCP_SERVER",
"READ_DID",
"READ_DID_ASSIGNMENT",
"READ_MESSAGE_CATEGORY",
"READ_EMAIL_DOMAIN",
"READ_EMAIL_MESSAGE",
"READ_EXTERNAL_MARKETING",
"READ_FCC_FORM_477_REPORT",
"READ_FILE",
"READ_FINANCIAL_REPORTS",
"READ_GENERAL_LEDGER_CODE",
"READ_GEOFENCE",
"READ_GPS_TRACKING_PROVIDER",
"READ_INBOUND_MAILBOX",
"READ_INLINE_DEVICE",
"READ_INVOICE_ATTACHMENT",
"READ_INVOICE_MESSAGE",
"READ_IP_ASSIGNMENT",
"READ_JOB",
"READ_JOB_TYPE",
"READ_LIMITED_INVENTORY",
"READ_LTE_PROVIDER",
"READ_MASS_EMAIL",
"READ_NETFLOW_ENDPOINT",
"READ_NETWORK_MONITORING_TEMPLATE",
"READ_NETWORK_SITE",
"READ_NON_INVENTORY_ITEM",
"READ_PACKAGE",
"READ_PAYMENT_METHOD",
"READ_PAYMENT_PROCESSOR",
"READ_PHONE_NUMBER_TYPE",
"READ_POLLER",
"READ_PRINTED_INVOICE_BATCH",
"READ_RADIUS_ACCOUNT",
"READ_RADIUS_GROUP",
"READ_RADIUS_SERVER",
"READ_SCHEDULED_EVENT",
"READ_SCHEDULE_ADDRESS",
"READ_SCHEDULE_AVAILABILITY",
"READ_SCHEDULE_BLOCKER",
"READ_SCHEDULE_TIME_OFF",
"READ_SEARCH_FILTER",
"READ_SERVICE",
"READ_SERVICEABLE_ADDRESS",
"READ_SNMP_OVERRIDE",
"READ_TASK_TEMPLATE",
"READ_TAX",
"READ_TAX_EXEMPTION",
"READ_TAX_PROVIDER",
"READ_TICKET",
"READ_TICKET_CATEGORY",
"READ_TICKET_GROUP",
"READ_TIMESERIES_DATA",
"READ_TOWERCOVERAGE_CONFIGURATION",
"READ_TOWERCOVERAGE_SUBMISSION",
"READ_TRIGGERED_EMAIL",
"READ_UNINVENTORIED_MAC_ADDRESS",
"READ_VENDOR",
"READ_VENDOR_ITEM",
"READ_VOICE_PROVIDER",
"READ_VOICE_PROVIDER_RATE",
"READ_VOICE_PROVIDER_RATE_IMPORT",
"READ_WEBHOOK_ENDPOINT",
"READ_WEBHOOK_ENDPOINT_EVENT"
],
"note": {
"message": "Read Only",
"priority": "NORMAL"
}
}
}