Delegation Scopes
Understanding the five delegation permission scopes and how to use them
Delegation Scopes
Delegation scopes define what actions a delegate can perform on behalf of the delegator. Each scope grants specific permissions, and delegations can include any combination of scopes.
Available Scopes
Rahal provides five delegation scopes:
| Scope | Permission | Description |
|---|---|---|
| View Travelers | See traveler profiles | View names, passport details, contact information, and documents |
| Manage Travelers | Edit traveler profiles | Add new travelers, edit existing profiles, and delete travelers |
| Create Bookings | Make new bookings | Search for flights/hotels and create bookings for delegated travelers |
| View Bookings | See booking history | View all bookings made for delegated travelers |
| Cancel Bookings | Cancel existing bookings | Request cancellation of active bookings for delegated travelers |
Scope Details
View Travelers
Purpose: Allow the delegate to see the delegator's traveler profiles.
What it enables:
- View traveler list during traveler selection
- See traveler names, dates of birth, and nationalities
- View passport information (number, expiry, issuing country)
- See contact details (email, phone)
- View uploaded documents (if document viewing is allowed)
When to use: Always include this scope. Most other actions require being able to see travelers first.
This scope is typically required alongside other scopes. A delegate cannot create bookings without first being able to see and select travelers.
Manage Travelers
Purpose: Allow the delegate to modify the delegator's traveler profiles.
What it enables:
- Add new travelers to the delegator's account
- Edit existing traveler information
- Upload and manage traveler documents
- Update passport details
- Delete travelers
When to use: Grant this scope when the delegate needs to maintain traveler records, such as updating passport information or adding family members.
Only grant this to trusted individuals who need to maintain traveler records.
Create Bookings
Purpose: Allow the delegate to create new bookings for the delegator's travelers.
What it enables:
- Search for flights and hotels
- Select delegated travelers during booking
- Submit booking requests
- Complete the booking flow (payment if applicable)
Automatically includes: View Travelers and Manage Travelers. When you grant Create Bookings, the system adds both so the delegate can see and manage travelers during booking.
When to use: Grant this scope for executive assistants, travel coordinators, or anyone who needs to make travel arrangements on behalf of others.
View Bookings
Purpose: Allow the delegate to see the delegator's booking history.
What it enables:
- View past and upcoming bookings
- See booking details (flights, hotels, travelers)
- Access booking confirmation information
- View booking status
When to use: Grant this scope when the delegate needs visibility into travel plans, such as for travel coordination or expense reporting.
Cancel Bookings
Purpose: Allow the delegate to cancel existing bookings.
What it enables:
- Request cancellation of upcoming bookings
- Initiate refund processes (where applicable)
Automatically includes: View Bookings. When you grant Cancel Bookings, the system adds View Bookings so the delegate can find bookings to cancel.
When to use: Grant this scope sparingly, only to delegates who have authority to modify travel plans.
Cancellation may have financial implications. Ensure delegates understand the company's cancellation policies before granting this scope.
Scope Dependencies
Some scopes depend on others. When you select a scope, the system automatically includes its required dependencies. These dependencies are enforced both in the UI (checkboxes are checked and disabled) and on the backend (scopes are normalized before saving).
| Scope | Automatically Includes |
|---|---|
| View Travelers | None - foundational scope |
| Manage Travelers | View Travelers |
| Create Bookings | View Travelers + Manage Travelers |
| View Bookings | None - standalone scope |
| Cancel Bookings | View Bookings |
Scope Presets
For convenience, Rahal provides common scope combinations as presets:
Full Access
All five scopes: View Travelers, Manage Travelers, Create Bookings, View Bookings, Cancel Bookings.
Use case: Executive assistants or travel managers who need complete control over the delegator's travel.
Booking Only
View Travelers, Create Bookings, and View Bookings. Since Create Bookings automatically includes Manage Travelers, the effective scopes are View Travelers, Manage Travelers, Create Bookings, and View Bookings.
Use case: Travel coordinators who need to make bookings but should not cancel existing ones.
View Only
View Travelers and View Bookings only.
Use case: Managers who need visibility into team travel but should not make changes.
Traveler Manager
View Travelers and Manage Travelers only.
Use case: HR or admin staff who maintain traveler records but don't book travel.
Default Scopes
When creating a new delegation without specifying scopes, Rahal applies the Booking Only preset (View Travelers, Create Bookings, View Bookings). After auto-normalization, the effective default scopes are View Travelers, Manage Travelers, Create Bookings, and View Bookings.
Scope Enforcement
Scopes are enforced at the API level. When a delegate attempts an action:
- System checks if an active delegation exists between delegator and delegate
- System verifies the delegation includes the required scope for the action
- If both checks pass, the action is allowed
- If either check fails, a
403 Forbiddenerror is returned
Error Messages
When scope enforcement fails, users see specific error messages:
| Error Code | Message | Cause |
|---|---|---|
DELEGATION_REVOKED | Your access to book for [name] has been revoked | Delegation was deleted or deactivated |
SCOPE_INSUFFICIENT | You no longer have permission to perform this action for [name] | Delegation exists but lacks the required scope |
TRAVELER_INACCESSIBLE | One or more selected travelers are no longer accessible | Traveler ownership changed or delegation revoked |
Best Practices
Principle of Least Privilege
Grant only the scopes necessary for the delegate's role:
- Start minimal: Begin with View Travelers + Create Bookings
- Add as needed: Expand scopes based on actual requirements
- Review periodically: Remove scopes that are no longer needed
Common Mistakes
| Mistake | Why It's Problematic | Better Approach |
|---|---|---|
| Granting all scopes to everyone | Increases risk of accidental changes | Use presets appropriate for each role |
| Not including View Travelers | Delegate can't see travelers to book for | Always include this foundational scope |
| Granting Cancel Bookings broadly | Bookings may be cancelled without proper authority | Limit to travel managers only |
Related Pages
- Delegation Model - How delegation relationships work
- Booking Flow - How delegation affects bookings
- Scopes Reference - Technical reference