Permission Sets REST API

This function allows modifying permission sets with the SCIM API when creating and modifying roles.

Note: The API version supported by ActivID Appliance 8.6 is 3.0.

To use the version-specific parameters/attributes, you must add api-version=N to the query parameter.

Previous versions of the API are also supported with the corresponding functionality.

Method Details

HTTPS Method Entity Action Request URI Description

GET

Read

/scim/{tenant}/v2/PermissionSets

Get all permissions sets

GET

Read

/scim/{tenant}/v2/PermissionSets/{uid}

Get a permission set

POST

Replace

/scim/{tenant}/v2/PermissionSets/{uid}

Replace the permission set

Required Permissions

Function Required Permissions

GET

Read reference data

PUT

Update predefined permission set

Get a Permission Set

[GET] /PermissionSets/{uid}

Where {uid} is the Permission Set Code.

Copy

Sample Request URI

[GET] /scim/{tenant}/v2/PermissionSets/FS_RLASG
Copy

Sample Response

{
    "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSet"],
    "id": "FS_RLASG",
    "meta": {
        "resourceType": "PermissionSet",
        "location": "https://[base-server-url]/scim/tenant/v2/PermissionSets/FS_RLASG",
        "version": "1"
    },
    "permissionSetItems": [
        {
            "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSetItem"],
            "id": "M_U_ROLES",
            "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR"
        },
        {
            "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSetItem"],
            "id": "R_ROLE",
            "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR"
        }
    ],
    "name": "Roles Assignment Functions",
    "resourceType": "GROUP"
}

Replace a Permission Set

[PUT] /PermissionSets/{uid}

Where {uid} is the Permission Set Code.

Accept: application/scim+json

Note: As a best practice, use GET to retrieve the current data for the resource before using PUT.
Copy

Sample Request URI

[PUT] /scim/{tenant}/v2/PermissionSets/FS_RLASG
Copy

Sample Request

{
    "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSet"],
    "permissionSetItems": [
        {
            "id": "M_U_ROLES",
            "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR|NEWROLE"
        },
        {
            "id": "R_ROLE",
            "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR|NEWROLE"
        }
    ]
}    

In this example, the Modify User Roles and Read Role permissions are assigned to the NEWROLE role. Using the ActivID Management Console, this new role can be assigned to the relevant resource.

Copy

Sample Response

{
    "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSet"],
    "id": "FS_RLASG",
    "meta": {
        "resourceType": "PermissionSet",
        "location": "https://[base-server-url]/scim/tenant/v2/PermissionSets/FS_RLASG",
        "version": "1"
    },
    "permissionSetItems": [
        {
            "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSetItem"],
            "id": "M_U_ROLES",
            "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR|NEWROLE"
        },
        {
            "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSetItem"],
            "id": "R_ROLE",
            "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR|NEWROLE"
        }
    ],
    "name": "Roles Assignment Functions",
    "resourceType": "GROUP"
}