Configuring security and permissions policies

Configure security and permission policies to control how API keys access data. Authorize each client integration (API key) to create, update, read, and delete only the required resource groups, and explicitly define which fields are exposed.

API keys without the appropriate security policies and permissions can’t access any data. Proper configuration ensures that each API key accesses only the data that has been explicitly defined and approved, helping maintain data security and visibility control.

Before you begin

  • You must have administrator or integrations access to the tenant.

  • You must be familiar with REST APIs and XML.

Steps

  1. Log in to Professional.

  2. From the left hand navigation menu, go to Settings  Security & Permissions.

  3. In the upper right corner, select Create Security Policy (+). The Add New Policy window appears.

  4. In the General section:

    • Title: Enter a descriptive policy name, for example, Client_SourceSystem_Worker_API.

    • ID: Enter a unique identifier. Use letters, numbers, periods (.), underscores (_), or hyphens (-).

  5. In the Policy Type section, select Permit (default).

  6. In the Actions section:

    • Select Read to allow data retrieval.

    • Select Create, Update, and/or Delete to allow data changes.

  7. In the Policy Details section:

    • Actor Type: Select Integration Client.

    • Resource Group: Select the data group to control access. For example:

      • Reference Data: Access reference objects such as workers, users, organizations, and business sites.

      • Workers: Access worker-related data.

      • Engagements: Access engagement data associated with workers.

  8. Select the Actor tab, then select Specific Integration Client.

  9. From the Specific Integration Client drop-down menu, select the newly created API key.

  10. Select the Resource tab and move the required fields from the Available fields column to Chosen fields.

  11. Select Add. A Policy created message appears.

Create a separate policy for each resource group (for example, Workers or Cost Centers). This approach enforces the principle of least privilege and simplifies troubleshooting and access management.

Documentation Assistant

Delete Chat Conversation

Are you sure you want to permanently delete the chat history?

Hi, I am Beeline Professional Docs Assistant. Here's how I can help you:
  • Type your question in the input below
  • I'll understand your query and provide a helpful response
  • You can ask follow-up questions