Manage Profile Permissions

Prev Next

You can use the Britive API methods for managing profile permissions such as adding or deleting profile permissions and getting details of profile permissions in the system.

1. Add Permissions to a Profile

The POST method allows you to add profile permissions to the system.

POST{{url}}/api/paps/{{papID}}/permissions

Request Example 

An example request is shown here. The permissions are categorized into two types role and group. This type field is case-sensitive.

curl --location --request POST '{{url}}/api/paps/{{papID}}/permissions' \
--header 'Authorization: TOKEN {{token}}' \
--data-raw '{
    "op": "add",
    "permission": {
        "name": "S3fullaccess",
        "type": "role"
    }
}'

Response Example 

An example response is shown here.

{
    "papId": "pocahtoxoatg2dthkesw",
    "name": "S3fullaccess",
    "type": "role",
    "description": null,
    "checkStatus": "Success",
    "message": ""
}


2. Retrieve Assigned Profile Permissions 

Important Note:     
This is the latest API in place of the deprecated API "Details of Profile Permissions".

The GET method allows you to retrieve the list of all permissions that are assigned to a profile for the given profile ID. The API returns data in pages. Multiple API calls return the complete list of identities for the profile.

GET{{url}}/api/paps/{{papID}}/permissions?page=0&size=20&sort=name,asc&filter=name co Admin

Request Parameters

The request parameters used in this method are shown in the following table:

ParameterDescriptionData TypeRequired
papIDThe profile ID.stringMandatory

page

The page number starting from zero.

string

Mandatory

size

The number of records that are returned. 

Note: The total number of records can be used to calculate the number of pages. For example, 20.

string

Mandatory

sort

The column used for sorting the records.

string

Optional

filter

The filter that can filter the list of profile permissions based on name, status, or integrity checks. The supported operators are 'eq' and 'co'. 
The format is as follows:
 name co "Role1"

string

Optional

Request Example 

An example request is shown here:

Shell
curl --location --request GET '{{url}}/api/paps/{{papID}}/permissions?page=0&size=20&sort=name,asc&filter=name%20co%20Admin' \
--header 'Authorization: TOKEN {{token}}'

Response Example 

An example response is shown here:

JSON
{
  "count": 1,
  "page": 0,
  "size": 20,
  "sort": "name: ASC",
  "filter": "name co Admin",
  "data": [
    {
      "papId": "gswi3qsdi52bxdbcn8co",
      "name": "Admins",
      "type": "group",
      "description": null,
      "checkStatus": "Success",
      "message": "",
      "privileged": false
    }
  ]
}

(Deprecated) Details of Profile Permissions

Important Note:
The following API for "Details of Profile Permissions" is deprecated and will be removed in a future release.

The GET method allows you to retrieve the profile permissions available in the system.

GET{{url}}/api/paps/{{papID}}/permissions?filter=available

Request Example 

An example request is shown here:

Shell
curl --location --request GET '{{url}}/api/paps/{{papID}}/permissions?filter=available' \
--header 'Authorization: TOKEN {{token}}'

Response Example 

An example response is shown here:

JSON
[
    {
        "name": "AWSRole2",
        "type": "role",
        "nativeId": null,
        "appPermissionId": null,
        "description": "AWSRole2",
        "permissionScopes": [],
        "privileged": false
    },
    {
        "name": "S3FullAccess",
        "type": "role",
        "nativeId": null,
        "appPermissionId": null,
        "description": "S3 Full Access",
        "permissionScopes": [],
        "privileged": true
    },
    {
        "name": "Britive-AWS-CloudDirectory",
        "type": "role",
        "nativeId": null,
        "appPermissionId": null,
        "description": null,
        "permissionScopes": [],
        "privileged": true
    },
    {
        "name": "AmazonCognitoPowerUser",
        "type": "role",
        "nativeId": null,
        "appPermissionId": null,
        "description": "AmazonCognitoPowerUser",
        "permissionScopes": [],
        "privileged": false
    },
    {
        "name": "AdministratorRole",
        "type": "role",
        "nativeId": null,
        "appPermissionId": null,
        "description": "AdministratorRole",
        "permissionScopes": [],
        "privileged": true
    }
]

3. Delete Permissions to a Profile

The POST method allows you to delete profile permissions in the system.

POST{{url}}/api/paps/{{papID}}/permissions

Request Example 

An example request is shown here:

Shell
curl --location --request POST '{{url}}/api/paps/{{papID}}/permissions' \
--header 'Authorization: TOKEN {{token}}' \
--data-raw '{
    "op": "remove",
    "permission": {
        "name": "Application Administrator",
        "type": "role"
    }
}'

Response  

The profile permissions are deleted from the system.