Permissions

GET /v2/permissions - Retrieves a list of Permissions according to a given query.

Filter

All attributes to filter by are optional, but at least one should be selected.

Supported filter attributes:

userUniqueIdentifier: Supports the equal operator only. Must be in the form of 'domain\user'. If the domain is empty, must be in the form of 'user' only.
Description: The parameter can be used to specify the user. This is the domain\user representation in each Identity Collector type:
Active Directory: domain is the Netbios name of the domain, user is the samAccountName
Azure Active Directory: domain is the fqdn of the Azure AD domain, user is the user upn
NIS: domain is empty, user is the user name in the NIS server
Google Drive: domain is empty, user is the user email
Box: domain is the Box domain, user is the user email
Dropbox: domain is the Dropbox Team name, user is the user email
groupUniqueIdentifier: The domain\groupname representation of the identity group.
Operators supported: equal
Constraint: The filter cannot contain both the filters userUniqueIdentifier and groupUniqueIdentifier.
classificationCategory: Use this filter attribute to get permissions that have classification categories assigned to their business resource.
Supports: the operators present and equals.
fullPath: Can be used to filter by the permission’s business resource full path.
Supports: the equal operator only. Must be sent with the applicationId attribute filter.
applicationId: Can be used to filter by the permission’s business resource application id.
Supports: the equal operator only. To query permissions in DFS applications, you must use this attribute with the DFS application id.
permissionTypeName: Use this filter attribute to get permissions with a specific permission type (Read, Write, etc.).
Supports: the equals operator only.
inherited: Use this filter attribute to get permissions by their inheritance value.
Supports: the equals operator only and the values “false” (default), “true” or "both".

Attributes

Returns all attribute values by default except for the classificationCategories attribute of business resource.
The classificationCategories attribute value is returned if it was specifically requested in the attributes parameter.

Paging

startIndex
The 1-based index of the first result in the current set of list results (starts from 1).
count
The number of objects returned in a list response per page.
Max page size = 200.
Only the first 100,000 results are returned in pages. If the requested page exceeds 100,000 results, an error of tooMany will be returned.

Results are ordered by the Id of Groups’ Permissions and then by the Id of Users’ Permissions.

Sample Requests

/identityiqfamapi/scim/v2/Permissions?filter=applicationId eq "1"
/identityiqfamapi/scim/v2/Permissions?filter=classificationCategory pr
/identityiqfamapi/scim/v2/Permissions?filter=fullPath eq "\\server\share\folder1" and applicationId eq "2"&count=200&startIndex=1
/identityiqfamapi/scim/v2/Permissions?filter=permissionTypeName eq "Full Control"&attributes=classificationCategories
/identityiqfamapi/scim/v2/Permissions?filter=inherited eq "both"

Parameters

filter [string] (query)
To filter results, use the following syntax: attributeName operator
attributes [string] (query)
To retrieve specific attributes values, add the attributeName to the attributes query part.
startIndex [int($int32)] (query)
An integer indicating the 1-based index of the first query result.
count [int($int32)] (query)
An integer indicating the desired maximum number of query results per page.

DELETE /v2/users/{userId}

GET /v2/users

Parameters

filter [string] (query)
To filter results, use the following syntax: attributeName operator
attributes [string] (query)
To retrieve specific attributes values, add the attributeName to the attributes query part.
startIndex [int($int32)] (query)
An integer indicating the 1-based index of the first query result.
count [int($int32)] (query)
An integer indicating the desired maximum number of query results per page.