# User rights Each functionality provided by API has one of following access restrictions: * **None**: Resource is whitelisted during authorization, and no authorization is required to access the resource. * **Authorized** : Authenticated is required to access resource, but no specific user right is required. Unauthenticated users are forbidden to invoke given action. * **Right(s) required**: User must be authorized and must have specific "user right(s)" assigned to access the resource. Note that specific payloads may modify rights that are required to perform given action. Example: user may update ticket with user right `ticketUpdate`. But if provided ticket contains item quantity decrease, API requires additional `storno` right. ## Rights list * Api key * `apiKeyCreate` * `apiKeyUpdate` * `apiKeyDelete` * Article category * `articleCategoryCreate` * `articleCategoryUpdate` * `articleCategoryDelete` * Currency * `currencyCreate` * `currencyUpdate` * `currencyDelete` * Customer * `customerCreate` * `customerUpdate` * `customerDelete` * `customerSetCredit` * `customerSetDiscount` * Company * `companyCreate` * `companyUpdate` * `companyDelete` * Daily sales report * `dsrCreate` * `dsrUpdate` * `dsrDelete` * `dsrCloseManually` * Device * `deviceCreate` * `deviceUpdate` * `deviceDelete` * Fiscal * `fiscalCreate` * `fiscalUpdate` * `fiscalDelete` * `fiscalOpenDrawer` * `fiscalCashTransfer` * `fiscalPrintRecordCopy` * `summaryIntervalSalesReport` * `detailedIntervalSalesReport` * `overviewSalesReport` * `doDailySalesReport` * `fiscalPrintDailySalesReportCopy` * `printNonfiscalRecord` * License * `licenseGet` * `licenseActivate` * Modifiers * `modifierCreate` * `modifierUpdate` * `modifierDelete` * Order endpoints * `orderEndpointCreate` * `orderEndpointUpdate` * `orderEndpointDelete` * Orders * `orderUpdate` * `orderDelete` * `orderProcess` * Payment types * `paymentTypeCreate` * `paymentTypeUpdate` * `paymentTypeDelete` * PLUs * `pluCreate` * `pluUpdate` * `pluDelete` * Roles * `roleCreate` * `roleUpdate` * `roleDelete` * Stats * `stats` * `statsCurrent` * `statsPlus` * `statsPrint` * `statsTickets` * `statsTicketsCurrent` * Stocks * `stockCreate` * `stockUpdate` * `stockDelete` * Stock transfers * `stockTransferCreate` * `stockTransferUpdate` * `stockTransferUpdateAny` * `stockTransferDelete` * `stockTransferClose` * Stock transfer numberings * `stockTransferNumberingCreate` * `stockTransferNumberingUpdate` * `stockTransferNumberingDelete` * Stock takings * `stockTakingCreate` * `stockTakingUpdate` * `stockTakingDelete` * `stockTakingClose` * Tickets * `ticketCreate` * `ticketUpdate` * `ticketUpdateAny` * `ticketDelete` * `ticketRename` * `ticketSetDiscount` * `ticketSetCustomer` * `ticketClose` * `ticketCloseAny` * `ticketCloseAs` * `ticketCloseToAnyFiscal` * `ticketPrintPreliminary` * `ticketSplit` * `ticketMerge` * `ticketHandover` * `ticketTakeover` * `ticketRefund` * User * `userCreate` * `userUpdate` * `userDelete` * Vats * `vatCreate` * `vatUpdate` * `vatDelete` * Zones * `zoneCreate` * `zoneUpdate` * `zoneDelete` * Others * ~~`negativeSale`~~ (not enforced in current version) * `storno` * `admin` - represents the consolidation of all rights. When a user possesses this right, they are automatically granted all other rights.