Skip to main content

1E 23.7 (SaaS)

PrincipalRoleManagementGroups

Entity - Role Based Access Control - Interrogates the PrincipalRoleManagementGroup table in the database

All the entries described below require at least API version 8.0.

Verb

Request

Notes

Permissions Required

GET

/Consumer/PrincipalRoleManagementGroups

Gets all assignments that are visible to the invoking user.

Example data returned Expand source

[
    {
        "PrincipalId": 1,
        "RoleId": 1,
        "ManagementGroupId": 1,
        "CreatedTimestampUtc": "2021-04-15T11:25:49.423Z",
        "Principal": {
            "Id": 1,
            "ExternalId": "S-1-5-21-193489370-1251057138-4208286054-1234",
            "PrincipalName": "Domain\\User",
            "Email": null,
            "Enabled": true,
            "CreatedTimestampUtc": "2020-02-21T09:23:31.937Z",
            "ModifiedTimestampUtc": "2020-02-21T09:23:31.937Z",
            "SystemPrincipal": false,
            "DisplayName": "Alberto",
            "IsGroup": false
        },
        "Role": {
            "AssignedManagementGroupCount": 2,
            "HasAllDevicesManagementGroupAssigned": true,
            "AssignedPrincipalCount": 2,
            "Id": 1,
            "Name": "Global Administrators",
            "Description": "Has the combined rights of all the other system roles",
            "CreatedTimestampUtc": "2020-02-21T09:23:31.907Z",
            "ModifiedTimestampUtc": "2020-04-14T15:30:02.96Z",
            "SystemRole": true
        },
        "ManagementGroup": {
            "Id": 1,
            "Name": "All Devices",
            "Description": "All devices are members of this ManagementGroup",
            "Expression": null,
            "TachyonManagementGroupType": 0,
            "TachyonDeviceCount": -1,
            "UsableId": "global",
            "HashOfMembers": "global",
            "CreatedTimestampUtc": "2020-02-21T09:23:34.23Z",
            "ModifiedTimestampUtc": "2020-02-21T09:23:34.23Z",
            "ParentUsableId": null
        }
    },
    {
        ...etc...
    }
]

Requires 'Read' permission on the 'Security' securable type

GET

/Consumer/PrincipalRoleManagementGroups/ Principal/Id/{principalId}

Gets all assignments for a Principal given by its Id

Requires 'Read' permission on the 'Security' securable type

GET

/Consumer/PrincipalRoleManagementGroups/ Principal/Name/{principalName}

Gets all assignments for a Principal given by its Name

Requires 'Read' permission on the 'Security' securable type

GET

/Consumer/PrincipalRoleManagementGroups/ Role/Id/{roleId}

Gets all assignments for a Role given by its Id

Requires 'Read' permission on the 'Security' securable type

GET

/Consumer/PrincipalRoleManagementGroups/ Role/Name/{roleName}

Gets all assignments for a Role given by its Name

Requires 'Read' permission on the 'Security' securable type

GET

/Consumer/PrincipalRoleManagementGroups/ ManagementGroup/Id/{managementGroupId}/ {includeInherited}

Gets all assignments for a Management Group given by its Id

The optional parameter includeInherited is a true/false value (defaults to false if not provided in the query string) that determines whether the results will include assignments that are not explicitly provided for the given Management Group, but rather are inferred from the Management Groups inheritance tree. A property called IsInherited is returned in every row to indicate if the row is inferred from inheritance or is an actual explicit assignment.

Requires 'Read' permission on the 'Security' securable type

GET

/Consumer/PrincipalRoleManagementGroups/ ManagementGroup/UsableId/{usableId}/ {includeInherited}

Gets all assignments for a Management Group given by its UsableId

The optional parameter includeInherited is a true/false value (defaults to false if not provided in the query string) that determines whether the results will include assignments that are not explicitly provided for the given Management Group, but rather are inferred from the Management Groups inheritance tree. A property called IsInherited is returned in every row to indicate if the row is inferred from inheritance or is an actual explicit assignment.

Requires 'Read' permission on the 'Security' securable type

POST

/Consumer/PrincipalRoleManagementGroups

Adds multiple assignments, ignoring any already existing entries.

Returns a collection containing the newly created assignments.

Sample input

[
    { "PrincipalId":3, "RoleId": 10, "ManagementGroupId": 5 },
    { "PrincipalId":3, "RoleId": 10, "ManagementGroupId": 7 }
]

Requires 'Write' permission on the 'Security' securable type

PUT

/Consumer/PrincipalRoleManagementGroups/ Principal/Id/{principalId}

Replaces all current assignments for a Principal with the set supplied in the request. All entries in the set are assigned to the principal indicated in the query string. Any principal Id specified within the entries is ignored.

Example input body

[
    { "RoleId": 10, "ManagementGroupId": 5 },
    { "RoleId": 10, "ManagementGroupId": 7 
]

Returns the newly created assignments.

Requires 'Write' permission on the 'Security' securable type

PUT

/Consumer/PrincipalRoleManagementGroups/ Principal/Name/{principalName}

Like above, but the Principal that receives the assignments is specified by Name instead of by Id

Requires 'Write' permission on the 'Security' securable type

PUT

/Consumer/PrincipalRoleManagementGroups/ Role/Id/{roleId}

Replaces all current assignments for a Role with the set supplied in the request. All entries in the set must be for the same role.

Requires 'Write' permission on the 'Security' securable type

PUT

/Consumer/PrincipalRoleManagementGroups/ Role/Name/{roleName}

Like above, but the Role that receives the assignments is specified by Name instead of by Id

Requires 'Write' permission on the 'Security' securable type

PUT

/Consumer/PrincipalRoleManagementGroups/ ManagementGroup/Id/{Id}

Replaces all current assignments for a Management Group with the set supplied in the request. All entries in the set must be for the same MG.

Requires 'Write' permission on the 'Security' securable type

PUT

/Consumer/PrincipalRoleManagementGroups/ ManagementGroup/UsableId/{usableId}

Like above, but the Management Group that receives the assignments is specified by UsableId instead of by Id

Requires 'Write' permission on the 'Security' securable type

DELETE

/Consumer/PrincipalRoleManagementGroups

Deletes multiple assignments, specified in the body of the request.

Input: takes an array of PrincipalRoleManagementGroup objects.

Requires 'Write' permission on the 'Security' securable type

DELETE

/Consumer/PrincipalRoleManagementGroups/ PrincipalId/{principalId}/RoleId/{roleId}/ ManagementGroupId/{managementGroupId}

Deletes a single assignment, specified in the URL.

Requires 'Write' permission on the 'Security' securable type

In this section: