Permission Sets REST API

This function allows modifying permission sets with the SCIM API when creating and modifying roles.

Note: The API version supported by HID Authentication Service is 10.3.0.

To use the version-specific parameters/attributes, you must add api-version=N to the query parameter.

Previous versions of the API are also supported with the corresponding functionality. For details of the version updates, see SCIM API Revision History.

Method Details

HTTPS Method Entity Action Request URI Description

GET

Read

/scim/{tenant}/v2/PermissionSets

Get all permissions sets

GET

Read

/scim/{tenant}/v2/PermissionSets/{uid}

Get a permission set

PUT

Replace

/scim/{tenant}/v2/PermissionSets/{uid}

Replace the permission set

Required Permissions

Function Required Permissions

GET

Read reference data

PUT

Update predefined permission set

Get a Permission Set

[GET] /PermissionSets/{uid}

Where {uid} is the Permission Set Code.

Copy

Sample Request URI

[GET] /scim/{tenant}/v2/PermissionSets/FS_RLASG
Copy

Sample Response

{
    "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSet"],
    "id": "FS_RLASG",
    "meta": {
        "resourceType": "PermissionSet",
        "location": "https://[base-server-url]/scim/tenant/v2/PermissionSets/FS_RLASG",
        "version": "1"
    },
    "permissionSetItems": [
        {
            "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSetItem"],
            "id": "M_U_ROLES",
            "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR"
        },
        {
            "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSetItem"],
            "id": "R_ROLE",
            "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR"
        }
    ],
    "name": "Roles Assignment Functions",
    "resourceType": "GROUP"
}

Replace a Permission Set

[PUT] /PermissionSets/{uid}

Where {uid} is the Permission Set Code.

Accept: application/scim+json

Note: As a best practice, use GET to retrieve the current data for the resource before using PUT.
Copy

Sample Request URI

[PUT] /scim/{tenant}/v2/PermissionSets/FS_RLASG
Copy

Sample Request

{
    "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSet"],
    "permissionSetItems": [
        {
            "id": "M_U_ROLES",
            "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR|NEWROLE"
        },
        {
            "id": "R_ROLE",
            "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR|NEWROLE"
        }
    ]
}    

In this example, the Modify User Roles and Read Role permissions are assigned to the NEWROLE role.

Copy

Sample Response

{
    "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSet"],
    "id": "FS_RLASG",
    "meta": {
        "resourceType": "PermissionSet",
        "location": "https://[base-server-url]/scim/tenant/v2/PermissionSets/FS_RLASG",
        "version": "1"
    },
    "permissionSetItems": [
        {
            "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSetItem"],
            "id": "M_U_ROLES",
            "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR|NEWROLE"
        },
        {
            "schemas": ["urn:hid:scim:api:idp:2.0:PermissionSetItem"],
            "id": "R_ROLE",
            "parameter": "RL_DEVADM|RL_SYSTEM|RL_RFE|RL_USERADM|RL_AUDITV|RL_CONFIG|RL_HELPDSK|RL_SUSRADM|RL_SADMIN|RL_STPADM|RL_SSPADM|RL_RGWADM|RL_CFGMGR|NEWROLE"
        }
    ],
    "name": "Roles Assignment Functions",
    "resourceType": "GROUP"
}