Entity - Role Based Access Control - Interrogates the Permission table in the database

Page version: 25, last updated:



VerbRequestNotesPermissions required
GET - single/Consumer/Permissions/{permissionId}

Gets permission details for the specified Permission ID.

Example Response
{
  "Id": 15,
  "SecurableId": null,
  "SecurableTypeId": 3,
  "SecurableTypeName": "ProductPackManagement",
  "RoleId": 1,
  "RoleName": "Global Administrators",
  "OperationId": 9,
  "OperationName": "Add",
  "Allowed": true,
  "CreatedTimestampUtc": "2016-05-17T09:49:59.41Z",
  "ModifiedTimestampUtc": "2016-05-17T09:49:59.41Z"
}
  • Read

Returns Unauthorized (401) if user does not have the required permissions.

GET/Consumer/Permissions/Role/{roleId}

Gets permission details for the specified Role ID.

Example Response
[
  {
    "SecurableId": null,
    "SecurableName": null,
    "SecurableTypeId": 3,
    "SecurableTypeName": "ProductPackManagement",
    "RoleId": 2,
    "RoleName": "Product Pack Administrators",
    "Allowed": true,
    "Operations": [
      {
        "PermissionId": 12,
        "OperationId": 9,
        "OperationName": "Add",
        "CreatedTimestampUtc": "2016-05-17T09:49:59.41Z",
        "ModifiedTimestampUtc": "2016-05-17T09:49:59.41Z"
      },
      {
        "PermissionId": 13,
        "OperationId": 8,
        "OperationName": "Delete",
        "CreatedTimestampUtc": "2016-05-17T09:49:59.41Z",
        "ModifiedTimestampUtc": "2016-05-17T09:49:59.41Z"
      },
      {
        "PermissionId": 14,
        "OperationId": 10,
        "OperationName": "Read",
        "CreatedTimestampUtc": "2016-05-17T09:49:59.41Z",
        "ModifiedTimestampUtc": "2016-05-17T09:49:59.41Z"
      }
    ]
  }
]
  • Read

Returns Unauthorized (401) if user does not have the required permissions.

GET/Consumer/Permissions/Principal/{accountName}

Gets permission details for the specified Account Name.

AccountName should be specified in Base64 encoding.

Example Response
[
  {
    "SecurableId": 11,
    "SecurableName": null,
    "SecurableTypeId": 1,
    "SecurableTypeName": "ProductPack",
    "RoleId": 9,
    "RoleName": "CM questions",
    "Allowed": true,
    "Operations": [
      {
        "PermissionId": 24,
        "OperationId": 3,
        "OperationName": "Questioner",
        "CreatedTimestampUtc": "2016-05-18T15:56:46.09Z",
        "ModifiedTimestampUtc": "2016-05-18T15:56:46.09Z"
      }
    ]
  }
]
  • Read

Returns Unauthorized (401) if user does not have the required permissions.

A user can request own permissions.

GET/Consumer/Permissions/Securable/{typeId}Gets permission details for the specified securable type.
  • Read

Returns Unauthorized (401) if user does not have the required permissions.

GET/Consumer/Permissions/Securable/{typeId}/{instanceId:int?}

Gets permission details for the specified securable type instance.

  • TypeID = SecurableTypeId from the Permissions table
  • InstanceID = SecurableId as displayed in the Permissions table and also the Questions ID from the QuestionsDefinition table
  • Read

Returns Unauthorized (401) if user does not have the required permissions.

GET/Consumer/Permissions/Role/{roleId}/Type/{securableTypeName}/{instanceId:int?}

Gets permission details for the specified role on a securable type instance.

  • roleId - role id
  • securableTypeName - securable type
  • instanceId - securable instance id (optional)
  • Read

Returns Unauthorized (401) if user does not have the required permissions.

GET/Consumer/Permissions/Principal/{accountName}/Type/{securableTypeName}/{instanceId:int?}

Gets permission details for the specified user account on a securable type instance.

  • accountName - user account
  • securableTypeName - securable type
  • instanceId - securable instance id (optional)
  • Read

Returns Unauthorized (401) if user does not have the required permissions.

GET/Consumer/Permissions/RBAC/EnabledReturns true if RBAC is enabled on the server, otherwise false.
  • Unrestricted
GET/Consumer/Permissions/InstructionAccess/{instructionId}

Checks authorization of the calling user to access the specified instruction.

Returns true if the calling user has Viewer permission on the Product Pack that contains the instruction definition for the specified instruction, otherwise returns false.

  • Unrestricted
GET/Consumer/Permissions/Type/{securableType}/Operation/{operation}

Checks authorization of the calling user to perform the specified operation.

  • securableType - type of object permissions is being tested
  • operation - operation on type/object for which permission is being tested
  • Unrestricted
GET/Consumer/Permissions/Type/{securableType}/Operation/{operation}/{idProperty}/{id}

Checks authorization of the calling user to access the specified securable type instance..

  • securableType - type of object permissions is being tested
  • operation - operation on type/object for which permission is being tested
  • idProperty - identification property of type/object
  • id - identification value
  • Unrestricted
POST/Consumer/Permissions

Creates permissions in bulk.

  • Write

Returns Unauthorized (401) if user does not have the required permissions.

POST/Consumer/Permissions/single

Creates an individual permission.

Example Request
{
    "OperationName":"DummyOperation2",
    "SecurableTypeName":"MySecurableType",
    "RoleName":"Global Administrators",
    "Allowed":true
}
  • OperationName can be substituted by OperationId. These are mutually exclusive and only one can be used.
  • SecurableTypeName can be substituted by SecurableTypeId. These are mutually exclusive and only one can be used.
  • RoleName can be substituted by RoleId. These are mutually exclusive and only one can be used.
  • Write

Returns Unauthorized (401) if user does not have the required permissions.

DELETE/Consumer/Permissions/{permissionId}

Deletes a permission by id.

 

  • Write

Returns Unauthorized (401) if user does not have the required permissions.

GET/Consumers/Permissions/ProductPack/{operation}

REMOVED IN 3.1

Checks if calling user has given permission on any of the product pack

None
GET/Consumer/Permissions/InstructionSet/{operation}

Minimum API version 3.1

Check if calling user has given permission on any instruction set

 
GET/Consumer/Permissions/{id}/ManagementGroups

Minimum API version 3.3

Returns Management Groups linked to given permission

Requires 'Read' on Security
POST/Consumer/Permissions/{permissionId}/ManagementGroups/{managementGroupId}

Minimum API version 3.3

Links given Management Group to given Permission.

  • permissionId - Id of the Permission
  • managementGroupId - Id of the Management Group

Return payload is empty.

Requires 'Write' on Security
POST/Consumer/Permissions/ManagementGroups

Minimum API version 3.3

Links given Management Groups to given Permission

Sample Request payload
{
	"PermissionId": 1,
	"ManagementGroupIds": [1,2,3]
}

Return payload is empty.

Requires 'Write' on Security
DELETE/Consumer/Permissions/{permissionId}/ManagementGroups/{managementGroupId}

Minimum API version 3.3

Removes a link between given Management Group from given Permission.

  • permissionId - Id of the Permission
  • managementGroupId - Id of the Management Group

Return payload is empty.

Requires 'Write' on Security
DELETE/Consumer/Permissions/ManagementGroups

Minimum API version 3.3

Removes a link between given Management Groups from given Permission

Sample Request payload
{
	"PermissionId": 1,
	"ManagementGroupIds": [1,2,3]
}

Return payload is empty.

Requires 'Write' on Security
PUT/Consumers/Permissions/refreshForces internal permissions cache to be refreshed.None