Contents x
    Manage Profile Permissions
      • Print
      • PDF
      Contents

      Manage Profile Permissions

        • Print
        • PDF
        Article Summary

        You can use the Britive API methods for managing profile permissions such as adding or deleting profile permissions and getting details of profile permissions in the system.

        1. Add Permissions to a Profile

        The POST method allows you to add profile permissions to the system.

        POST{{url}}/api/paps/{{papID}}/permissions

        Request Example 

        An example request is shown here. The permissions are categorized into two types role and group. This type field is case-sensitive.

        curl --location --request POST '{{url}}/api/paps/{{papID}}/permissions' \
--header 'Authorization: TOKEN {{token}}' \
--data-raw '{
    "op": "add",
    "permission": {
        "name": "S3fullaccess",
        "type": "role"
    }
}'

        Response Example 

        An example response is shown here.

        {
    "papId": "pocahtoxoatg2dthkesw",
    "name": "S3fullaccess",
    "type": "role",
    "description": null,
    "checkStatus": "Success",
    "message": ""
}


        2. Retrieve Assigned Profile Permissions 

        Important Note:     
        This is the latest API in place of the deprecated API "Details of Profile Permissions".

        The GET method allows you to retrieve the list of all permissions that are assigned to a profile for the given profile ID. The API returns data in pages. Multiple API calls return the complete list of identities for the profile.

        GET{{url}}/api/paps/{{papID}}/permissions?page=0&size=20&sort=name,asc&filter=name co Admin

        Request Parameters

        The request parameters used in this method are shown in the following table:

        ParameterDescriptionData TypeRequired
        papIDThe profile ID.stringMandatory

        page

        The page number starting from zero.

        string

        Mandatory

        size

        The number of records that are returned. 

        Note: The total number of records can be used to calculate the number of pages. For example, 20.

        string

        Mandatory

        sort

        The column used for sorting the records.

        string

        Optional

        filter

        		The filter that can filter the list of profile permissions based on name, status, or integrity checks. The supported operators are 'eq' and 'co'. 
        The format is as follows:
         name co "Role1"

        string

        Optional

        Request Example 

        An example request is shown here:

        Shell
        curl --location --request GET '{{url}}/api/paps/{{papID}}/permissions?page=0&size=20&sort=name,asc&filter=name%20co%20Admin' \
--header 'Authorization: TOKEN {{token}}'

        Response Example 

        An example response is shown here:

        JSON
        {
  "count": 1,
  "page": 0,
  "size": 20,
  "sort": "name: ASC",
  "filter": "name co Admin",
  "data": [
    {
      "papId": "gswi3qsdi52bxdbcn8co",
      "name": "Admins",
      "type": "group",
      "description": null,
      "checkStatus": "Success",
      "message": "",
      "privileged": false
    }
  ]
}

        (Deprecated) Details of Profile Permissions

        Important Note:
        The following API for "Details of Profile Permissions" is deprecated and will be removed in a future release.

        The GET method allows you to retrieve the profile permissions available in the system.

        GET{{url}}/api/paps/{{papID}}/permissions?filter=available

        Request Example 

        An example request is shown here:

        Shell
        curl --location --request GET '{{url}}/api/paps/{{papID}}/permissions?filter=available' \
--header 'Authorization: TOKEN {{token}}'

        Response Example 

        An example response is shown here:

        JSON
        [
    {
        "name": "AWSRole2",
        "type": "role",
        "nativeId": null,
        "appPermissionId": null,
        "description": "AWSRole2",
        "permissionScopes": [],
        "privileged": false
    },
    {
        "name": "S3FullAccess",
        "type": "role",
        "nativeId": null,
        "appPermissionId": null,
        "description": "S3 Full Access",
        "permissionScopes": [],
        "privileged": true
    },
    {
        "name": "Britive-AWS-CloudDirectory",
        "type": "role",
        "nativeId": null,
        "appPermissionId": null,
        "description": null,
        "permissionScopes": [],
        "privileged": true
    },
    {
        "name": "AmazonCognitoPowerUser",
        "type": "role",
        "nativeId": null,
        "appPermissionId": null,
        "description": "AmazonCognitoPowerUser",
        "permissionScopes": [],
        "privileged": false
    },
    {
        "name": "AdministratorRole",
        "type": "role",
        "nativeId": null,
        "appPermissionId": null,
        "description": "AdministratorRole",
        "permissionScopes": [],
        "privileged": true
    }
]

        3. Delete Permissions to a Profile

        The POST method allows you to delete profile permissions in the system.

        POST{{url}}/api/paps/{{papID}}/permissions

        Request Example 

        An example request is shown here:

        Shell
        curl --location --request POST '{{url}}/api/paps/{{papID}}/permissions' \
--header 'Authorization: TOKEN {{token}}' \
--data-raw '{
    "op": "remove",
    "permission": {
        "name": "Application Administrator",
        "type": "role"
    }
}'

        Response  

        The profile permissions are deleted from the system.


        Was this article helpful?
        What's Next

        © 2021 Britive Inc. All Rights Reserved.