Configure Service Account Permissions
Objective
To configure permissions for service accounts on the Contact Information page in the company's Directory tool.
Background
When you initially create a service account, default permissions are set to 'None' for all company level tools. You must set proper permissions for the service account prior to using it to access the Procore API. In addition, you can further refine and customise these permissions in order to implement and enforce more stringent security policies.
Important
Bear in mind that although you may be able to generate an OAuth 2.0 access token using a service account with default ('None') permissions, this token will not work for making successful calls to the Procore API. Therefore, you must set proper permissions for the service account prior to using it to access the Procore API.Things to Consider
- Required User Permissions:
- 'Admin' level permissions on the company's Directory tool.
- Access Considerations:
- Existing service account permissions are set to 'none' on any new tool added since the service account was created.
- Be mindful of sensitive data and exercise caution when defining permissions on Service Accounts.
- Important Company Directory Considerations:
- Once you create a service account, the associated email address must not be changed in the company directory. If you modify the service account email address, the service account will no longer be functional
- The service account contact cannot be added to more than one company directory (just the one it was created in), or else it will stop working.
Steps
- Log in to Procore and navigate to the company's Directory tool.
- In the company Directory, locate the service account you want to configure permissions for and click Edit.
- On the contact information page for the selected service account, scroll down to the permissions matrix.
- Configure service account access levels by selecting None, Read-Only, Standard or Admin for each tool in the permissions matrix.
- Click Save to update your service account with the new permissions settings.