Permissions
GET /v2/permissions - Retrieves a list of Permissions according to a given query.
Filter
All attributes to filter by are optional, but at least one should be selected.
Supported filter attributes:
- userUniqueIdentifier: Supports the equal operator only. Must be in the form of 'domain\user'. If the domain is empty, must be in the form of 'user' only.
Description: The parameter can be used to specify the user. This is the domain\user representation in each Identity Collector type: - Active Directory: domain is the Netbios name of the domain, user is the samAccountName
- Azure Active Directory: domain is the fqdn of the Azure AD domain, user is the user upn
- NIS: domain is empty, user is the user name in the NIS server
- Google Drive: domain is empty, user is the user email
- Box: domain is the Box domain, user is the user email
-
Dropbox: domain is the Dropbox Team name, user is the user email
-
groupUniqueIdentifier: The domain\groupname representation of the identity group.
Operators supported: equal
Constraint: The filter cannot contain both the filters userUniqueIdentifier and groupUniqueIdentifier. -
classificationCategory: Use this filter attribute to get permissions that have classification categories assigned to their business resource.
Supports: the operatorspresent
andequals
. -
fullPath: Can be used to filter by the permission’s business resource full path.
Supports: the equal operator only. Must be sent with theapplicationId
attribute filter. -
applicationId: Can be used to filter by the permission’s business resource application id.
Supports: the equal operator only. To query permissions in DFS applications, you must use this attribute with the DFS application id. -
permissionTypeName: Use this filter attribute to get permissions with a specific permission type (Read, Write, etc.).
Supports: the equals operator only. -
inherited: Use this filter attribute to get permissions by their inheritance value.
Supports: the equals operator only and the values “false” (default), “true” or "both".
Attributes
Returns all attribute values by default except for the classificationCategories
attribute of business resource.
The classificationCategories
attribute value is returned if it was specifically requested in the attributes parameter.
Paging
-
startIndex
The 1-based index of the first result in the current set of list results (starts from 1). -
count
The number of objects returned in a list response per page.
Max page size = 200.
Only the first 100,000 results are returned in pages. If the requested page exceeds 100,000 results, an error oftooMany
will be returned.
Results are ordered by the Id of Groups’ Permissions and then by the Id of Users’ Permissions.
Sample Requests
/identityiqfamapi/scim/v2/Permissions?filter=applicationId eq "1"
/identityiqfamapi/scim/v2/Permissions?filter=classificationCategory pr
/identityiqfamapi/scim/v2/Permissions?filter=fullPath eq "\\server\share\folder1" and applicationId eq "2"&count=200&startIndex=1
/identityiqfamapi/scim/v2/Permissions?filter=permissionTypeName eq "Full Control"&attributes=classificationCategories
/identityiqfamapi/scim/v2/Permissions?filter=inherited eq "both"
Parameters
-
filter [string] (query)
To filter results, use the following syntax:attributeName operator
-
attributes [string] (query)
To retrieve specific attributes values, add theattributeName
to the attributes query part. -
startIndex [int($int32)] (query)
An integer indicating the 1-based index of the first query result. -
count [int($int32)] (query)
An integer indicating the desired maximum number of query results per page.
DELETE /v2/users/{userId}
GET /v2/users
Parameters
-
filter [string] (query)
To filter results, use the following syntax:attributeName operator
-
attributes [string] (query)
To retrieve specific attributes values, add theattributeName
to the attributes query part. -
startIndex [int($int32)] (query)
An integer indicating the 1-based index of the first query result. -
count [int($int32)] (query)
An integer indicating the desired maximum number of query results per page.