API for Groups in Record Permission Sets

Managing permissions can be a real headache, especially for growing teams. That's why we're excited to introduce User Groups in Record Permission Sets, now available through our API.

With User Groups, you can now manage permissions for entire teams in one go. This feature marks a substantial step forward in how organisations can manage and scale their access control. This is particularly valuable in industries like healthcare or finance, where data sensitivity is paramount.

What this means: dive into the details with our new API endpoints and see how this capability can streamline your permission management like never before.

We've maintained support for all existing endpoints managing individual users, ensuring a smooth transition for your current systems, but we've also introduced new, more specific endpoints.

All actions previously performed with /api/object-records/{record_id}/permission-sets/{permission_set_id}/assignees/ will now also be available in /api/object-records/{record_id}/permission-sets/{permission_set_id}/assignees/users/. This means you can expect the same functionality for managing users, now neatly organised under the new users endpoint. It’s the same control you’re accustomed to, just with a more refined approach.

Assign User Groups

Use POST/api/object-records/{record_id}/permission-sets/{permission_set_id}/assignees/user-groups/ to assign User Groups by passing a list of group IDs. The payload should include a list of user group IDs:

[ <group_id1>, <group_id2>, ... ]

Only the User Groups you have permission to view can be assigned. If a group is already assigned, it will be ignored, so you don’t have to worry about duplicates.

Upon successful assignment, the API returns a response that includes the group ID, name, timestamp of the assignment, and the user who performed the action.

View assigned User Groups

If you need to check which User Groups are already assigned to a Record Permission Set, use GET/api/object-records/{record_id}/permission-sets/{permission_set_id}/assignees/user-groups/. This method retrieves the list of User Groups assigned to the specified permission set. This allows you to see exactly which groups have been added and manage them as needed.

Unassign User Groups

To unassign a User Group, use DELETE/api/object-records/{record_id}/permission-sets/{permission_set_id}/assignees/user-groups/. Similar to the POST method, you provide a list of group IDs to remove. Groups that aren’t assigned will simply be ignored.

Limits and behaviour

You can assign up to 10 User Groups at a time to each Record Permission Set, which ensures that the system remains performant even with large numbers of groups.

Every time a User Group is added or removed, the event is logged in the object’s history, giving you full traceability of permission changes.

By assigning User Groups to Record Permission Sets, you can effortlessly grant or revoke record permissions for all members of that group. When a user is added to a group, they automatically inherit the permissions associated with that group. Conversely, when a user is removed from a group, their permissions are revoked accordingly.

Summary

The new API endpoints transform permission management into a seamless, programmable experience. Development teams can now automate complex permission workflows, from bulk group assignments to real-time access updates, all through simple API calls. For enterprises handling thousands of records, this means turning days of manual permission updates into automated processes that execute in seconds.

Autologyx Classification: Unrestricted, Public