Policies from License Manager

Policies and permissions Policies from License Manager

Discover the policies a VTEX IO app can use from License Manager resources.

In order for a VTEX IO app to access external resources, it requires authorization through policies declared in its manifest.json file. One type of external resource available is the License Manager resources, which can be authorized to access by declaring the resource’s Key in the policies list of the app. For instance, by adding Sku.aspx to the policies list, your app gains permission to read SKUs from the Catalog.


_23{
_23  "$schema": "https://raw.githubusercontent.com/vtex/node-vtex-api/master/gen/manifest.schema",
_23  "name": "app-name",
_23  "vendor": "vendor",
_23  "version": "0.0.0",
_23  "title": "VTEX IO App",
_23  "description": "",
_23  "dependencies": {},
_23  "builders": {...},
_23  "scripts": {...},
_23  "policies": [
_23    {
_23      "name": "Sku.aspx"
_23    },
_23    {
_23      "name": "outbound-access",
_23      "attrs": {
_23        "host": "{{account}}.vtexcommercestable.com.br",
_23        "path": "/arquivos/favicon.ico"
_23      }
_23    }
_23  ]
_23}

Note that License Manager policies are declared in a different way than outbound-access policies. While outbound-access policies require the explicit host and path for each resource, License Manager policies operate based on predefined roles.

Below is a table listing the role-based VTEX IO policies for the License Manager resources. The table indicates which Client the policy is associated with.

Name	Key	Description	Client	Resources
Product management	`ProdutoForm.aspx`	View the registration screen and product change.	`catalog`	`{{account}}.vtexcommercestable.com.br/api/catalog_system/pvt/products/*`
Product and SKU Management	`ManterFormularioProdutoSku`	Change and inclusion of product and SKU.	`catalog`	`{{account}}.vtexcommercestable.com.br/api/catalog_system/pvt/products/*`
Brands	`Marca.aspx`	List all registered brands.	`catalog`	`{{account}}.vtexcommercestable.com.br/api/catalog_system/pvt/brand/list`
SKUs	`Sku.aspx`	Lists all registered SKUs.	`catalog`	`{{account}}.vtexcommercestable.com.br/api/catalog_system/pvt/sku/*`
Orders Full Access	`AcessaTodosPedidos`	Reading and writing for all requests via Checkout API. It does not allow access to requests for the flow of the order management module.	`checkout`	`{{account}}.vtexcommercestable.com.br/api/oms/pvt/orders/*`
Order Cancellation	`CancelaPedidos`	Cancel orders.	`checkout`	`/api/oms/pvt/orders/{{orderId}}/cancel`
Save OrderForm Configuration	`SaveOrderFormConfiguration`	Save the configuration of shopping carts.	`checkout`	`/api/checkout/pvt/configuration/orderform`
Read Shopping Cart	`GetOrderForm`	Reading and listing all shopping carts. It does not allow access to non-masked cart data.	`checkout`	`/api/checkout/pub/orderform/{{orderFormId}}`
Get account by identifier	`Get_Account_By_Identifier`	Consultation that returns accounts for the identifier, which may be the account ID, host, or name of the account application.	`licenseManager`	`/api/license-manager/account` `/api/license-manager/pvt/accounts/` `/api/pvt/accounts/` `/api/site/pvt/accounts/` `/api/license-manager/site/pvt/accounts/`
Master Data administrator	`ADMIN_DS`	Manage Master Data.	`masterData`	`{{account}}.vtexcommercestable.com.br/*`
Vbase Read Only	`vbase-read-only`	Read-only access to VBase.	`vbase`	`/buckets/*`
Vbase Read Write	`vbase-read-write`	Read and write access to VBase.	`vbase`	`/buckets/*`
List Orders	`ListOrders`	List all orders from the given account.	`OMS`	`/api/oms/pvt/orders`

If you know about a policy that needs to be described in the table and wants it to be documented, open a request using our feedback form.