Delegation Scopes
Understanding the five delegation permission scopes and how to use them
Delegation Scopes
Delegation scopes define what actions a delegate can perform on behalf of the delegator. Each scope grants specific permissions, and delegations can include any combination of scopes.
Available Scopes
Rahal provides five delegation scopes:
| Scope | Permission | Description |
|---|---|---|
VIEW_TRAVELERS | See traveler profiles | View names, passport details, contact information, and documents |
MANAGE_TRAVELERS | Edit traveler profiles | Add new travelers, edit existing profiles, and delete travelers |
CREATE_BOOKINGS | Make new bookings | Search for flights/hotels and create bookings for delegated travelers |
VIEW_BOOKINGS | See booking history | View all bookings made for delegated travelers |
CANCEL_BOOKINGS | Cancel existing bookings | Request cancellation of active bookings for delegated travelers |
Scope Details
VIEW_TRAVELERS
Purpose: Allow the delegate to see the delegator's traveler profiles.
What it enables:
- View traveler list during traveler selection
- See traveler names, dates of birth, and nationalities
- View passport information (number, expiry, issuing country)
- See contact details (email, phone)
- View uploaded documents (if document viewing is allowed)
When to use: Always include this scope. Most other actions require being able to see travelers first.
This scope is typically required alongside other scopes. A delegate cannot create bookings without first being able to see and select travelers.
MANAGE_TRAVELERS
Purpose: Allow the delegate to modify the delegator's traveler profiles.
What it enables:
- Add new travelers to the delegator's account
- Edit existing traveler information
- Upload and manage traveler documents
- Update passport details
- Delete travelers
When to use: Grant this scope when the delegate needs to maintain traveler records, such as updating passport information or adding family members.
Only grant this to trusted individuals who need to maintain traveler records.
CREATE_BOOKINGS
Purpose: Allow the delegate to create new bookings for the delegator's travelers.
What it enables:
- Search for flights and hotels
- Select delegated travelers during booking
- Submit booking requests
- Complete the booking flow (payment if applicable)
Dependencies: Requires VIEW_TRAVELERS to be useful.
When to use: Grant this scope for executive assistants, travel coordinators, or anyone who needs to make travel arrangements on behalf of others.
VIEW_BOOKINGS
Purpose: Allow the delegate to see the delegator's booking history.
What it enables:
- View past and upcoming bookings
- See booking details (flights, hotels, travelers)
- Access booking confirmation information
- View booking status
When to use: Grant this scope when the delegate needs visibility into travel plans, such as for travel coordination or expense reporting.
CANCEL_BOOKINGS
Purpose: Allow the delegate to cancel existing bookings.
What it enables:
- Request cancellation of upcoming bookings
- Initiate refund processes (where applicable)
Dependencies: Requires VIEW_BOOKINGS to locate bookings to cancel.
When to use: Grant this scope sparingly, only to delegates who have authority to modify travel plans.
Cancellation may have financial implications. Ensure delegates understand the company's cancellation policies before granting this scope.
Scope Dependencies
While scopes can be granted independently, some have practical dependencies:
| Scope | Practical Dependencies |
|---|---|
VIEW_TRAVELERS | None - foundational scope |
MANAGE_TRAVELERS | Works best with VIEW_TRAVELERS |
CREATE_BOOKINGS | Requires VIEW_TRAVELERS to select travelers |
VIEW_BOOKINGS | Standalone - can view without other permissions |
CANCEL_BOOKINGS | Requires VIEW_BOOKINGS to find bookings to cancel |
Scope Presets
For convenience, Rahal provides common scope combinations as presets:
Full Access
Scopes: All five scopes
VIEW_TRAVELERS, MANAGE_TRAVELERS, CREATE_BOOKINGS, VIEW_BOOKINGS, CANCEL_BOOKINGSUse case: Executive assistants or travel managers who need complete control over the delegator's travel.
Booking Only
Scopes: View travelers + booking creation and viewing
VIEW_TRAVELERS, CREATE_BOOKINGS, VIEW_BOOKINGSUse case: Travel coordinators who need to make bookings but not modify traveler profiles or cancel bookings.
View Only
Scopes: Read-only access to travelers and bookings
VIEW_TRAVELERS, VIEW_BOOKINGSUse case: Managers who need visibility into team travel but should not make changes.
Traveler Manager
Scopes: Traveler profile management only
VIEW_TRAVELERS, MANAGE_TRAVELERSUse case: HR or admin staff who maintain traveler records but don't book travel.
Default Scopes
When creating a new delegation without specifying scopes, Rahal applies a default set:
VIEW_TRAVELERS, CREATE_BOOKINGS, VIEW_BOOKINGSThis default is equivalent to the "Booking Only" preset, which covers the most common delegation use case.
Scope Enforcement
Scopes are enforced at the API level. When a delegate attempts an action:
- System checks if an active delegation exists between delegator and delegate
- System verifies the delegation includes the required scope for the action
- If both checks pass, the action is allowed
- If either check fails, a
403 Forbiddenerror is returned
Error Messages
When scope enforcement fails, users see specific error messages:
| Error Code | Message | Cause |
|---|---|---|
DELEGATION_REVOKED | Your access to book for [name] has been revoked | Delegation was deleted or deactivated |
SCOPE_INSUFFICIENT | You no longer have permission to perform this action for [name] | Delegation exists but lacks the required scope |
TRAVELER_INACCESSIBLE | One or more selected travelers are no longer accessible | Traveler ownership changed or delegation revoked |
Best Practices
Principle of Least Privilege
Grant only the scopes necessary for the delegate's role:
- Start minimal: Begin with
VIEW_TRAVELERS+CREATE_BOOKINGS - Add as needed: Expand scopes based on actual requirements
- Review periodically: Remove scopes that are no longer needed
Common Mistakes
| Mistake | Why It's Problematic | Better Approach |
|---|---|---|
| Granting all scopes to everyone | Increases risk of accidental changes | Use presets appropriate for each role |
Not including VIEW_TRAVELERS | Delegate can't see travelers to book for | Always include this foundational scope |
Granting CANCEL_BOOKINGS broadly | Bookings may be cancelled without proper authority | Limit to travel managers only |
Related Pages
- Delegation Model - How delegation relationships work
- Booking Flow - How delegation affects bookings
- Scopes Reference - Technical reference