Are you an LLM? You can read better optimized documentation at /api/catalyst/resources/object-records/object-record-permission-sets.md for this page in Markdown format
Object Records Permission Sets
This document describes API endpoints for managing Object Record Permission Sets. Theirs setup is configurable at Object Class level.
Endpoints for assigning users for Object Record Permission Set of specific Object Record are described in separated document.
Permissions
| Permission | Manageable via Roles | Manageable via other ways | Description |
|---|---|---|---|
| object_class.view | true | view by Object Class or Object Record permission sets | Allows access list |
| object_class.edit_perm_set | false |
Permissions for Object Record Permission Sets can be checked by:
| Context | Endpoint | Location | Available perms |
|---|---|---|---|
| Specific Object Class | GET /api/object-classes/{object_class_id}/ | _meta.permissions | view, edit_perm_set |
References
GET /api/object-classes/object_class_id/record-permission-sets/
Returns list of Object Record Permission Sets for specific Object Class.
Permissions
Requires authentication and object_class.view permission.
Request
- Headers
Content-Type: application/json
Authorization: JWT access_token- Schema
json
GET /api/object-classes/`object_class_id`/record-permission-sets/Response
| Key | Type | Notes |
|---|---|---|
| limit | int | |
| offset | int | |
| total_count | int | Total number of results visible to the user (based on permissions). |
| filtered_count | int | Number of results visible to the user (based on permissions) with filters applied. |
| next | url | Next page URL (null if there is no next page) |
| previous | url | Previous page URL (null if there is no previous page) |
| results | Array | List of results. Described in the next table. |
Response results array
| Key | Type | Notes |
|---|---|---|
| id | int | |
| name | string | |
| permissions | Object | Complex object containing enabled permissions for resources. |
| created_at | datetime | |
| created_by | user | |
| modified_at | datetime | |
| modified_by | user |
- Successful status
200 OK - Response body schema
json
{
"limit": <int>,
"offset": <int>,
"filtered_count": <int>,
"total_count": <int>,
"next": <str>,
"previous": <str>,
"results": [
{
"id": <int>,
"name": <str>,
"permissions": {
"object_records": [<str>],
"tasks": [<str>]
},
"created_at": <datetime>,
"created_by": <user>,
"modified_at": <datetime>,
"modified_by": <user>
}
]
}Sorting
Not available. Results are sorted by {id} ascending.
Filtering
Not available.
Errors
| Error | Response code | Message |
|---|---|---|
| Object Class for {object_class_id} not found. | 404 Not found | |
| Insufficient permissions | 403 Forbidden | "detail": "You do not have permission to perform this action." |
POST /api/object-classes/object_class_id/record-permission-sets/
Creates single Object Record Permission Set.
Permissions
Requires authentication and object_class.edit_perm_set permission.
Request
- URL parameters
| Key | Notes |
|---|---|
| object_class_id | Object Class ID |
- Body parameters
| Key | Type | Notes |
|---|---|---|
| name | string | Unique (case insensitive) for the given Object Class. |
| permissions | Object | Optional. Complex object containing configuration for resources' permissions to be enabled. |
Available resources for permissions:
object_recordstasks
object_records, tasks keys contain list of actions. By default, permissions are disabled if not given in request's body.
Valid actions for resources:
| object_records | tasks |
|---|---|
Sent permissions are converted with dependencies described in technical doc.
- Headers
Content-Type: application/json
Authorization: JWT access_token- Schema
json
POST /api/object-classes/`object_class_id`/record-permission-sets/
{
"name": <str>,
"permissions": {
"object_records": [<str>],
"tasks": [<str>]
}
}- Request example
json
{
"name": "PermSet",
"permissions": {
"object_records": ["edit"],
"tasks": ["edit", "create"]
}
}Validations
- name
- Max length: 100
- Unique: for specific Object Class
- Maximum number of Object Record Permission Sets per specific Object Class: 10.
Response
| Key | Type | Notes |
|---|---|---|
| id | int | Automatically generated by the backend. |
| name | string | |
| permissions | Object | Complex object contains saved permissions' configuration. |
| created_at | datetime | |
| created_by | user | |
| modified_at | datetime | |
| modified_by | user |
- Successful status
201 Created - Response body schema
json
{
"id": <int>,
"name": <str>,
"permissions": {
"object_records": [<str>],
"tasks": [<str>]
},
"created_at": <datetime>,
"created_by": <user>,
"modified_at": <datetime>,
"modified_by": <user>
}Errors
| Error | Response code | Message |
|---|---|---|
| "name" is missing | 400 Bad Request | "name": [ "This field is required." ] |
| "name" is empty string | 400 Bad Request | "name": [ "This field may not be blank." ] |
| "name" is null | 400 Bad Request | "name": [ "This field may not be null." ] |
| "name" has > 100 chars | 400 Bad Request | "name": [ "Ensure this field has no more than 100 characters." ] |
| "name" is not unique for specific Object Class | 400 Bad Request | "name": [ "This field must be unique." ] |
Given NULL for permissions | 400 Bad Request | "permissions": ["This field may not be null."] |
Given wrong resource name for permissions | 400 Bad Request | "permissions": ["Invalid resource \"{given_wrong_resource_name}\"."] |
Given NULL for resource in permissions | 400 Bad Request | "permissions": {"{resource_name}": ["This field may not be null."] } |
Given wrong value for resource in permissions | 400 Bad Request | "permissions": {"{resource_name}": ["Invalid actions \"{given_wrong_value}\"."] } |
| Max 10 Permission Sets per class exceeded | 400 Bad Request | "detail": "Limit of 10 Object Class Permission Sets has been exceeded.", "error_code": "ERR_LIMIT_EXCEEDED" |
| Object Class with {object_class_id} does not exist | 404 Not found | |
| Insufficient permissions | 403 Forbidden | "detail": "You do not have permission to perform this action." |
PATCH /api/object-classes/object_class_id/record-permission-sets/id/
Updates single Object Record Permission Set.
Permissions
Requires authentication and object_class.edit_perm_set permission.
Request
- URL parameters
| Key | Notes |
|---|---|
| object_class_id | Object Class ID |
| id | Object Record Permission Set ID |
- Body parameters
| Key | Type | Notes |
|---|---|---|
| name | string | Unique (case insensitive) for the given Object Class. Max length = 100 (configurable) |
| permissions | Object | Complex object containing configuration for resources' permissions to be enabled. |
Any parameter not listed above are silently ignored if passed.
Available resource keys for permissions:
object_recordstasks
object_records, tasks keys contain list of actions. All are optional. If some resource is omitted then permissions for it will not be modified.
Valid actions for resources:
| object_records | tasks |
|---|---|
Sent permissions are converted with dependencies described in technical doc.
⚠️ If less actions will be sent than are already in setup, not mentioned actions will be removed if they do not depend on other enabled actions.
For instance:
Current actions:
["view", "edit"]. Sent actions:["view"]. Result actions:["view"].
- Headers
Content-Type: application/json
Authorization: JWT access_token- Schema
json
PATCH /api/object-classes/`object_class_id`/record-permission-sets/`id`/
{
"name": <str>,
"permissions": {
"object_records": [<str>],
"tasks": [<str>]
}
}- Request example
json
{
"name": "PermSet",
"permissions": {
"object_records": ["edit"],
"tasks": ["edit", "create"]
}
}Response
| Key | Type | Notes |
|---|---|---|
| id | int | |
| name | string | |
| permissions | Object | |
| created_at | datetime | |
| created_by | user | |
| modified_at | datetime | |
| modified_by | user |
- Successful status
200 OK - Response body schema:
json
{
"id": <int>,
"name": <str>,
"permissions": {
"object_records": [<str>],
"tasks": [<str>]
},
"created_at": <datetime>,
"created_by": <user>,
"modified_at": <datetime>,
"modified_by": <user>
}Errors
| Error | Response code | Message |
|---|---|---|
| "name" is empty string | 400 Bad Request | "name": [ "This field may not be blank." ] |
| "name" is null | 400 Bad Request | "name": [ "This field may not be null." ] |
| "name" has > 100 chars | 400 Bad Request | "name": [ "Ensure this field has no more than 100 characters." ] |
| "name" is not unique for specific Object Class | 400 Bad Request | "name": [ "This field must be unique." ] |
Given NULL for permissions | 400 Bad Request | "permissions": ["This field may not be null."] |
Given wrong resource name for permissions | 400 Bad Request | "permissions": ["Invalid resource \"{given_wrong_resource_name}\"."] |
Given NULL for resource in permissions | 400 Bad Request | "permissions": {"{resource_name}": ["This field may not be null."] } |
Given wrong action value for resource in permissions | 400 Bad Request | "permissions": {"{resource_name}": ["Invalid actions \"{given_wrong_value}\"."] } |
| Object Class with {object_class_id} does not exist | 404 Not Found | |
| Object Record Permission Set with {id} does not exist | 404 Not Found | |
| Insufficient permissions | 403 Forbidden | "detail": "You do not have permission to perform this action." |
DELETE /api/object-classes/object_class_id/record-permission-sets/id/
Deletes single Object Record Permission Set.
Permissions
Requires authentication and object_class.edit_perm_set permission.
Request
- URL parameters
| Key | Notes |
|---|---|
| object_class_id | Object Class ID |
| id | Object Record Permission Set ID |
- Headers
Content-Type: application/json
Authorization: JWT access_token- Schema
json
DELETE /api/object-classes/`object_class_id`/record-permission-sets/`id`/Response
- Successful status
204 No Content
Errors
| Error | Response code | Message |
|---|---|---|
| Object Class with "{object_class_id}" does not exist | 404 Not found | |
| Object Record Permission Set with "{id}" does not exist | 404 Not Found | |
| Insufficient permissions | 403 Forbidden | "detail": "You do not have permission to perform this action." |
OPTIONS /api/object-classes/object_class_id/record-permission-sets/
Permissions
Requires authentication only.
Request
- URL parameters
| Key | Notes |
|---|---|
| object_class_id | Object Class ID |
- Headers
Content-Type: application/json
Authorization: JWT access_token- Schema
json
OPTIONS /api/object-classes/`object_class_id`/record-permission-sets/Response
- Successful status
200 OK - Response body:
json
{
"list": {
"columns": [
{
"alias": "id",
"type": "int",
"predicates": [],
"sort_ok": false
},
{
"alias": "name",
"type": "string",
"predicates": [],
"sort_ok": false
},
{
"alias": "permissions",
"type": "permissions",
"predicates": [],
"sort_ok": false
},
{
"alias": "created_at",
"type": "datetime",
"predicates": [],
"sort_ok": false
},
{
"alias": "created_by",
"type": "user",
"predicates": [],
"sort_ok": false
},
{
"alias": "modified_at",
"type": "datetime",
"predicates": [],
"sort_ok": false
},
{
"alias": "modified_by",
"type": "user",
"predicates": [],
"sort_ok": false
}
]
},
"details": {
"schema": [
{
"alias": "name",
"type": "string",
"required": true,
"validators": [
{
"type": "min_length",
"length": 1
},
{
"type": "max_length",
"length": 100
}
]
},
{
"alias": "permissions",
"type": "permissions",
"required": false,
"schema": [
{
"resource": "object_records",
"actions": [
"view",
"edit",
"delete"
]
},
{
"resource": "tasks",
"actions": [
"view",
"edit",
"delete",
"create",
"complete",
"assign"
]
}
]
}
]
},
"restrictions": {
"limit_items": 10
}
}Errors
| Error | Response code | Message |
|---|---|---|
Object Class for object_class_id not found. | 404 Not Found |
Not allowed endpoints
GET /api/object-classes/object_class_id/record-permission-sets/id/
Response
- Status
405 Method Not Allowed