Skip to main content
Version: v5.0

Permission profiles REST API

Use the Permission Profiles REST API to get permission profiles by id or for the current user, as well as add, edit, and delete permission profiles. A user's ability to complete these actions depends on the authorisation actions.

Get Permissions

For documentation on each of these REST API methods, see the Permission Profiles REST API.

Permissions profile REST API authorisation actions#

Permission profiles have their own CRUD REST APIs that support the following authorisation actions on permission profiles:

  • CREATE: Allows a user to create a permissions profile.
  • READ: Allows a user to read the permissions profile.
  • EDIT: Allows a user to edit the permissions profile.
  • DELETE: Allows a user to delete a permissions profile. If you delete a permissions profile, all the permissions created from that permission profile also delete.
  • SHARE: Allows a user to provide other users access to the permissions profile.
  • ASSIGN: Allows a user to assign a permissions profile to an orchestrator. For more information, see Permission profile assignment for orchestrators.

Permission profile schema#

To create a permissions profile, define a permission profile object:

{  _name: "viewer_orch_perms1",  _userType: "viewer_orch_perms",  _namespaces: [    "GeneralMedical_wLxTn9rZ"  ],  _permissions: [    {      _actions: [        "READ",        "SHARE"      ],      _namespace: "GeneralMedical_wLxTn9rZ",      _resourceDesc: {        _irn: "passportsvc:workspace:c1d75502-a851-a599-98e5-ea89c9b24ca5",      }
    },    {      _actions: [        "READ",        "SHARE",        "DELETE"      ],      _namespace: "GeneralMedical_wLxTn9rZ",      _resourceDesc: {        _irn: "itemsvc:nameduseritem:*",      }    }  ]}
ParameterTypeDescriptionRequired
_nameStringEnter a unique name for the permission profile.Required
_userTypeStringEnter a unique or shared string to identify the permission profile.Required
_namespacesArray of StringPass one or more namespaces for the permission profile's context.Required
_permissionsArray of ObjectPass one or more namespaces for the permission profile's context.Required
_permissions[n]._actionsArray of StringPass an array of permission actions you want to define for the permissions profile. For more information, see Permissions profile REST API authorisation actionsRequired
_permissions[n]._namespaceStringEnter the namespace that the resource pertains to.Required
_permissions[n]._resourceDesc._irnStringEnter the resource's path. For the resource path, concetenate the service name, resource type, and resource's id with colons, for example, filesvc:file:6336c490017d84b0a506e453 for a file, or filesvc:file:* for all files in the file service.Required

This permissions profile creates the following two permissions:

{  "_id": "e0f75508-d85c-4593-88e5-ea89c9b24ed4",  "_name": "viewer_orch_perms1",  "_userType": "viewer_orch_perms",  "_namespaces": [    "GeneralMedical_wLxTn9rZ"  ],  "_permissions": [    {      "_actions": [        "READ",        "SHARE"      ],      "_namespace": "GeneralMedical_wLxTn9rZ",      "_resourceDesc": {        "_irn": "passportsvc:workspace:c1d75502-a851-a599-98e5-ea89c9b24ca5"      }    }  ]}
{  "_id": "a0f75503-2a5c-8f93-a8e5-5b89c9b24e6c",  "_name": "viewer_orch_perms1",  "_userType": "viewer_orch_perms",  "_namespaces": [    "GeneralMedical_wLxTn9rZ"  ],  "_permissions": [    {      "_actions": [        "READ",        "SHARE",        "DELETE"      ],      "_namespace": "GeneralMedical_wLxTn9rZ",      "_resourceDesc": {        "_irn": "itemsvc:nameduseritem:*"      }    }  ]}