Permission Sets REST API
This function allows modifying permission sets with the SCIM API when creating and modifying roles.
To use the version-specific parameters/attributes, you must add api-version=N to the query parameter.
Previous versions of the API are also supported with the corresponding functionality.
Method Details
HTTPS Method | Entity Action | Request URI | Description |
---|---|---|---|
Read |
/scim/{tenant}/v2/PermissionSets |
Get all permissions sets |
|
Read |
/scim/{tenant}/v2/PermissionSets/{uid} |
Get a permission set |
|
Replace |
/scim/{tenant}/v2/PermissionSets/{uid} |
Replace the permission set |
Required Permissions
Function | Required Permissions |
---|---|
GET |
Read reference data |
PUT |
Update predefined permission set |
Get a Permission Set
[GET] /PermissionSets/{uid}
Where {uid} is the Permission Set Code.
Sample Response
{
"schemas": ["urn:hid:scim:api:idp:2.0:PermissionSet"],
"id": "FS_RLASG",
"meta": {
"resourceType": "PermissionSet",
"location": "https://[base-server-url]/scim/tenant/v2/PermissionSets/FS_RLASG",
"version": "1"
},
"permissionSetItems": [
{
"schemas": ["urn:hid:scim:api:idp:2.0:PermissionSetItem"],
"id": "M_U_ROLES",
"parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR"
},
{
"schemas": ["urn:hid:scim:api:idp:2.0:PermissionSetItem"],
"id": "R_ROLE",
"parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR"
}
],
"name": "Roles Assignment Functions",
"resourceType": "GROUP"
}
Replace a Permission Set
[PUT] /PermissionSets/{uid}
Where {uid} is the Permission Set Code.
Accept: application/scim+json
Sample Request
{
"schemas": ["urn:hid:scim:api:idp:2.0:PermissionSet"],
"permissionSetItems": [
{
"id": "M_U_ROLES",
"parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR|NEWROLE"
},
{
"id": "R_ROLE",
"parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR|NEWROLE"
}
]
}
In this example, the Modify User Roles and Read Role permissions are assigned to the NEWROLE role.
Sample Response
{
"schemas": ["urn:hid:scim:api:idp:2.0:PermissionSet"],
"id": "FS_RLASG",
"meta": {
"resourceType": "PermissionSet",
"location": "https://[base-server-url]/scim/tenant/v2/PermissionSets/FS_RLASG",
"version": "1"
},
"permissionSetItems": [
{
"schemas": ["urn:hid:scim:api:idp:2.0:PermissionSetItem"],
"id": "M_U_ROLES",
"parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR|NEWROLE"
},
{
"schemas": ["urn:hid:scim:api:idp:2.0:PermissionSetItem"],
"id": "R_ROLE",
"parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR|NEWROLE"
}
],
"name": "Roles Assignment Functions",
"resourceType": "GROUP"
}