๐๏ธ Get permissions for a person
Retrieve the list of permissions granted to the specified person. It contains both assigned permissions and permissions from roles.
๐๏ธ Get additional permissions for a person
Retrieve the list of additional permissions assigned to person. This endpoint doesn't return permissions from roles.
๐๏ธ Set the permissions for a person
Grant the person the permissions specified in the request body, and revoke the person any other existing permissions. All permissions in the request body must already exist. Duplicate permissions in the request body will be ignored. If an empty list is supplied in the request body, the person will be revoked all permissions they currently have.
๐๏ธ Get roles for a person
Retrieve the list of roles granted to the specified person
๐๏ธ Set the roles for a person
Grant the person the roles specified in the request body, and revoke the person any other existing roles. All roles in the request body must already exist. Duplicate roles in the request body will be ignored. If an empty list is supplied in the request body, the person will be revoked all roles they currently have.
๐๏ธ Retrieve a list of persons
Retrieve the full list of persons in your organization.
๐๏ธ Get a list of permissions
List the names of all permissions that exist for your organization
๐๏ธ Create a permission
This endpoint creates a new permission with the given name. If the permission exists already, no action will be taken. A person can be assigned a permission through the [`POST /persons/:person_id/permissions`](/docs/api/put-persons-person-id-permissions) endpoint. Sub-organization can create permissions only when [`inherit_rbac_pools` is disabled](/docs/api/post-organizations-suborganizations). If `inherit_rbac_pools` is enabled, the permissions from the root organization will be inherited.
๐๏ธ Get a permission
Get the named permission
๐๏ธ Delete a permission
Remove a permission and revoke it for all users. A permission cannot be deleted as long as it's included in a role. Sub-organization can delete roles only when [`inherit_rbac_pools` is disabled](/docs/api/post-organizations-suborganizations).
๐๏ธ Update a permission
Update a permission
๐๏ธ Get a list of roles
List the names of all roles that exist for your organization
๐๏ธ Create a role
This endpoint creates a new role with the given name. If the Role exists already, no action will be taken.
๐๏ธ Get a role
Get the named role
๐๏ธ Delete a role
Remove a role and revoke it for all users.
๐๏ธ Update a role
Update an existing role.
๐๏ธ Check whether a person has a permission
Check whether the given person has the given permission. The service automatically takes into account permissions included in granted roles as well as permissions granted individually.
๐๏ธ Modify the organization's token template
Sets the token template for your organization. If a template already exists it will be overwritten and cannot be retrieved. The template must conform to the [mustache template syntax](https://mustache.github.io/mustache.5.html). The following tags are available: - `{{ organization }}`: provides information on the organization. Renders to ```json { 'id': '00000000-0000-0000-0000-000000000000', 'name': 'Your Org Name', 'ancestors': [ { 'id': '00000000-0000-0000-0000-111111111111', 'name': 'Parent Name' }, ... ] } ``` The following sub-tags are available: - `{{ organization.id }}`: the ID of the organization. Renders to `00000000-0000-0000-0000-000000000000` - `{{ organization.name }}`: the name of the organization. Renders to `Your Org Name` - `{{ organization.ancestors }}`: the list of ancestor organizations, starting from the parent up to the root. Renders to ```json [{'id': '00000000-0000-0000-0000-111111111111', 'name': 'Parent Name'}, ...] ``` - `{{ person.permissions }}`: provides information on the person's permissions (additional and from roles). Renders to ```json [ 'permission1', 'permission2' ] ```
๐๏ธ Create a suborganization
Create a new organization subordinate to your organization.