Permission Sets REST API

This function allows modifying permission sets with the SCIM API when creating roles.

For the attributes of the base resource type, see urn:hid:scim:api:idp:2.0:PermissionSet.

Method Details

HTTPS Method Entity Action Request URI Description

GET

Read

/scim/{tenant}/v2/PermissionSets

Get all permissions sets

GET

Read

/scim/{tenant}/v2/PermissionSets/{uid}

Get a permission set

POST

Replace

/scim/{tenant}/v2/PermissionSets/{uid}

Replace the permission set

Required Permissions

Function Required Permissions

GET

Read reference data

PUT

Update predefined permission set

Get a Permission Set

[GET] /PermissionSets/{uid}

Where {uid} is the Permission Set Code.

Copy

Sample Request URI

[GET] /scim/{tenant}/v2/PermissionSets/FS_RLASG
Copy

Sample Response

{
    "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSet"],
    "id": "FS_RLASG",
    "meta": {
    "resourceType": "PermissionSet",
    "location": "https://[base-server-url]/scim/tenant/v2/PermissionSets/FS_RLASG",
    "version": "1"
    },
    "permissionSetItems": [
    {
    "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSetItem"],
    "id": "M_U_ROLES",
    "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR"
    },
    {
    "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSetItem"],
    "id": "R_ROLE",
    "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR"
    }
    ],
    "name": "Roles Assignment Functions",
    "resourceType": "GROUP"
}

Replace a Permission Set

[PUT] /PermissionSets/{uid}

Where {uid} is the Permission Set Code.

Accept: application/scim+json

Copy

Sample Request URI

[PUT] /scim/{tenant}/v2/PermissionSets/FS_RLASG
Copy

Sample Request

{
    "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSet"],
    "permissionSetItems": [
    {
    "id": "M_U_ROLES",
    "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR|RL_1"
    },
    {
    "id": "R_ROLE",
    "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR|RL_1"
    }
]
}

In this example, the RL_1 role is added to the list of roles for the Modify User Roles and Read Role permissions. Using the ActivID Management Console, this new role can be assigned to the relevant resource.

Copy

Sample Response

{
    "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSet"],
    "id": "FS_RLASG",
    "meta": {
    "resourceType": "PermissionSet",
    "location": "https://[base-server-url]/scim/tenant/v2/PermissionSets/FS_RLASG",
    "version": "1"
    },
    "permissionSetItems": [
    {
    "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSetItem"],
    "id": "M_U_ROLES",
    "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR|RL_1"
    },
    {
    "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSetItem"],
    "id": "R_ROLE",
    "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR|RL_1"
    }
    ],
    "name": "Roles Assignment Functions",
    "resourceType": "GROUP"
}