Roles & Permissions

The API Control Plane uses role-based access control. Each user is assigned a role that determines their permissions.

Available roles

Role	Description
`GLOBAL_ADMIN`	Full access to all resources and settings
`ADMIN`	Administrative access within their organization
`USER`	Standard access — can manage their own applications and subscriptions
`BILLING_CONTACT`	Access to billing information
`NO_ACCESS`	Account exists but has no access

Assign a role to a user

Update a user's role:

curl -X PUT "https://<your-subdomain>.backend.<region>.controlplane.boomi.com/users/<user-id>" \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "username": "jdoe",
    "email": "jdoe@example.com",
    "role": "ADMIN",
    "locked": false
  }'

List users by role

curl -X GET "https://<your-subdomain>.backend.<region>.controlplane.boomi.com/users?role=GLOBAL_ADMIN" \
  -H "Authorization: Bearer <your-token>"

Lock / unlock a user

Lock a user account to prevent access:

curl -X PUT "https://<your-subdomain>.backend.<region>.controlplane.boomi.com/users/<user-id>" \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "username": "jdoe",
    "email": "jdoe@example.com",
    "locked": true
  }'

Access token scopes and roles

When creating personal access tokens, the available scopes are independent of the user's role — but the token can only access resources the user has permission to access. A token with API_WRITE scope will still fail if the user doesn't have write access to APIs.

Available roles​

Assign a role to a user​

List users by role​

Lock / unlock a user​

Access token scopes and roles​

Available roles

Assign a role to a user

List users by role

Lock / unlock a user

Access token scopes and roles