Permission Sets REST API

This function allows modifying permission sets with the SCIM API when creating and modifying roles.

Note: To use the version-specific parameters/attributes, you must add api-version=N to the query parameter (that is, first digit only, for example, POST /scim/{tenant}/v2/Users?api-version=10).

The API version supported by HID Authentication Service is 10.3.0.

Previous versions of the API are also supported with the corresponding functionality. For details of the version updates, see SCIM API Revision History.

Method Details

HTTPS Method Entity Action Request URI Description

GET

Read

/scim/{tenant}/v2/PermissionSets

Get all permissions sets

GET

Read

/scim/{tenant}/v2/PermissionSets/{uid}

Get a permission set

PUT

Replace

/scim/{tenant}/v2/PermissionSets/{uid}

Replace the permission set

Get a Permission Set

[GET] /PermissionSets/{uid}

Where {uid} is the Permission Set Code.

Copy

Sample Request URI

[GET] /scim/{tenant}/v2/PermissionSets/FS_RLASG
Copy

Sample Response

{
    "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSet"],
    "id": "FS_RLASG",
    "meta": {
        "resourceType": "PermissionSet",
        "location": "https://[base-server-url]/scim/tenant/v2/PermissionSets/FS_RLASG",
        "version": "1"
    },
    "permissionSetItems": [
        {
            "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSetItem"],
            "id": "M_U_ROLES",
            "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR"
        },
        {
            "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSetItem"],
            "id": "R_ROLE",
            "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR"
        }
    ],
    "name": "Roles Assignment Functions",
    "resourceType": "GROUP"
}

Replace a Permission Set

[PUT] /PermissionSets/{uid}

Where {uid} is the Permission Set Code.

Accept: application/scim+json

Note: As a best practice, use GET to retrieve the current data for the resource before using PUT.
Copy

Sample Request URI

[PUT] /scim/{tenant}/v2/PermissionSets/FS_RLASG
Copy

Sample Request

{
    "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSet"],
    "permissionSetItems": [
        {
            "id": "M_U_ROLES",
            "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR|NEWROLE"
        },
        {
            "id": "R_ROLE",
            "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR|NEWROLE"
        }
    ]
}    

In this example, the Modify User Roles and Read Role permissions are assigned to the NEWROLE role.

Copy

Sample Response

{
    "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSet"],
    "id": "FS_RLASG",
    "meta": {
        "resourceType": "PermissionSet",
        "location": "https://[base-server-url]/scim/tenant/v2/PermissionSets/FS_RLASG",
        "version": "1"
    },
    "permissionSetItems": [
        {
            "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSetItem"],
            "id": "M_U_ROLES",
            "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR|NEWROLE"
        },
        {
            "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSetItem"],
            "id": "R_ROLE",
            "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR|NEWROLE"
        }
    ],
    "name": "Roles Assignment Functions",
    "resourceType": "GROUP"
}