Users | Documentation Portal

Retrieving all access controls assigned to a user

get

Retrieves all access controls assigned to a specified user. You can expand the result by resolving the role and resource references.

Required scopes

iam.access_read

Authorizations

Path parameters

userIdstringRequired

User's unique identifier, generated when the user is created.

tenantstring · min: 3 · max: 16Required

Your Emporix tenant's name.

Note: The tenant name should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

Query parameters

pageNumberinteger · min: 1Optional

Page number to be retrieved. The number of the first page is 1.

Default: 1

pageSizeinteger · min: 1Optional

Number of items to be retrieved per page.

Default: 60

expandstring · enumOptional

Adds expanded resource and/or role objects to the response.

Example: role,resourcePossible values:

Header parameters

X-Total-CountbooleanOptional

Flag indicating whether the total number of retrieved items should be returned.

Default: falseExample: true

Accept-LanguagestringOptional

List of language codes acceptable for the response. You can specify factors that indicate which language should be retrieved if the one with a higher factor was not found in the localized fields. If the value is specified, then it must be present in the tenant configuration.

If the header is set to a particular language or a list of languages, all localized fields are retrieved as strings.
If the header is set to *, all localized fields are retrieved as maps of translations, where the keys are language codes and values are the fields in their respective languages.
If the header is empty, localized fields are retrieved in the default language defined in the Configuration Service.

Responses

200

The request was successful. A list of user access controls is returned.

application/json

400

Unsupported language provided.

application/json

401

Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.

application/json

403

Scope validation failed, details will be provided in response message

application/json

404

Given resources cannot be found.

application/json

get

GET /iam/{tenant}/users/{userId}/access-controls HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

[
  {
    "id": "I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
    "roleId": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
    "resourceId": "S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
    "name": {
      "en": "Example name",
      "de": "Beispielname"
    },
    "role": {
      "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
      "name": {
        "en": "Example name",
        "de": "Beispielname"
      },
      "description": {
        "en": "Example role description",
        "de": "Beispiel Berechtigungsbeschreibung"
      },
      "permissions": [
        {
          "id": "F243dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
          "applicablePermissionResources": [
            "Q1233dc9e-a3f6-4573-bb01-a8ae21d2d43g"
          ]
        },
        {
          "id": "F343dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
        }
      ],
      "metadata": {
        "version": 1,
        "createdAt": "2022-01-04 10:44:51.871Z",
        "modifiedAt": "2022-01-05 12:44:51.456Z"
      }
    },
    "resource": {
      "id": "S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
      "name": {
        "en": "Example name",
        "de": "Beispielname"
      },
      "description": {
        "en": "Example resource description",
        "de": "Beispiel Domainbeschreibung 2"
      },
      "code": "serviceName.resource",
      "metadata": {
        "version": 1,
        "createdAt": "2022-01-04 10:44:51.871Z",
        "modifiedAt": "2022-01-05 12:44:51.456Z"
      }
    },
    "metadata": {
      "version": 1,
      "createdAt": "2019-08-24T14:15:22Z",
      "modifiedAt": "2019-08-24T14:15:22Z"
    }
  },
  {
    "id": "PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
    "roleId": "Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
    "resourceId": "L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
    "name": {
      "en": "Example name 2",
      "de": "Beispielname 2"
    },
    "role": {
      "id": "Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
      "name": {
        "en": "Example name 2",
        "de": "Beispielname 2"
      },
      "description": {
        "en": "Example role description 2",
        "de": "Beispiel Berechtigungsbeschreibung 2"
      },
      "permissions": [
        {
          "id": "M243dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
          "applicablePermissionResources": [
            "N943dc9e-a3f6-4573-bb01-a8ae21d2d43g"
          ]
        },
        {
          "id": "Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
        }
      ],
      "metadata": {
        "version": 1,
        "createdAt": "2022-01-04 10:44:51.871Z",
        "modifiedAt": "2022-01-05 12:44:51.456Z"
      }
    },
    "resource": {
      "id": "L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
      "name": {
        "en": "Example name 2",
        "de": "Beispielname 2"
      },
      "description": {
        "en": "Example resource description 2",
        "de": "Beispiel Domainbeschreibung 2"
      },
      "code": "serviceName.resource",
      "metadata": {
        "version": 1,
        "createdAt": "2022-01-04 10:44:51.871Z",
        "modifiedAt": "2022-01-05 12:44:51.456Z"
      }
    },
    "metadata": {
      "version": 1,
      "createdAt": "2019-08-24T14:15:22Z",
      "modifiedAt": "2019-08-24T14:15:22Z"
    }
  }
]

Retrieving user access controls for a resource

get

Retrieves a specified user's access controls for a specified resource.

Required scopes

iam.access_read

Authorizations

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant's name.

Note: The tenant name should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

userIdstringRequired

User's unique identifier, generated when the user is created.

resourceIdstringRequired

Unique identifier of a resource.

Query parameters

expandstring · enumOptional

Adds expanded resource and/or role objects to the response.

Example: role,resourcePossible values:

Header parameters

Accept-LanguagestringOptional

List of language codes acceptable for the response. You can specify factors that indicate which language should be retrieved if the one with a higher factor was not found in the localized fields. If the value is specified, then it must be present in the tenant configuration.

If the header is set to a particular language or a list of languages, all localized fields are retrieved as strings.
If the header is set to *, all localized fields are retrieved as maps of translations, where the keys are language codes and values are the fields in their respective languages.
If the header is empty, localized fields are retrieved in the default language defined in the Configuration Service.

Responses

200

The request was successful. A list of user access controls for the resource is returned.

application/json

400

Unsupported language provided.

application/json

401

Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.

application/json

403

Scope validation failed, details will be provided in response message

application/json

404

Given resources cannot be found.

application/json

get

GET /iam/{tenant}/users/{userId}/access-controls/{resourceId} HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

[
  {
    "id": "I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
    "roleId": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
    "resourceId": "S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
    "name": {
      "en": "Example name",
      "de": "Beispielname"
    },
    "role": {
      "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
      "name": {
        "en": "Example name",
        "de": "Beispielname"
      },
      "description": {
        "en": "Example role description",
        "de": "Beispiel Berechtigungsbeschreibung"
      },
      "permissions": [
        {
          "id": "F243dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
          "applicablePermissionResources": [
            "Q1233dc9e-a3f6-4573-bb01-a8ae21d2d43g"
          ]
        },
        {
          "id": "F343dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
        }
      ],
      "metadata": {
        "version": 1,
        "createdAt": "2022-01-04 10:44:51.871Z",
        "modifiedAt": "2022-01-05 12:44:51.456Z"
      }
    },
    "resource": {
      "id": "S843dc9e-a3f6-4573-bb01-a8ae21d2d4ab",
      "name": {
        "en": "Example name",
        "de": "Beispielname"
      },
      "description": {
        "en": "Example resource description",
        "de": "Beispiel Domainbeschreibung 2"
      },
      "code": "serviceName.resource",
      "metadata": {
        "version": 1,
        "createdAt": "2022-01-04 10:44:51.871Z",
        "modifiedAt": "2022-01-05 12:44:51.456Z"
      }
    },
    "metadata": {
      "version": 1,
      "createdAt": "2019-08-24T14:15:22Z",
      "modifiedAt": "2019-08-24T14:15:22Z"
    }
  },
  {
    "id": "PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
    "roleId": "Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
    "resourceId": "S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
    "name": {
      "en": "Example name 2",
      "de": "Beispielname 2"
    },
    "role": {
      "id": "Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
      "name": {
        "en": "Example name 2",
        "de": "Beispielname 2"
      },
      "description": {
        "en": "Example role description 2",
        "de": "Beispiel Berechtigungsbeschreibung 2"
      },
      "permissions": [
        {
          "id": "M243dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
          "applicablePermissionResources": [
            "N943dc9e-a3f6-4573-bb01-a8ae21d2d43g"
          ]
        },
        {
          "id": "Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
        }
      ],
      "metadata": {
        "version": 1,
        "createdAt": "2022-01-04 10:44:51.871Z",
        "modifiedAt": "2022-01-05 12:44:51.456Z"
      }
    },
    "resource": {
      "id": "S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
      "name": {
        "en": "Example name 2",
        "de": "Beispielname 2"
      },
      "description": {
        "en": "Example resource description 2",
        "de": "Beispiel Domainbeschreibung 2"
      },
      "code": "serviceName.resource",
      "metadata": {
        "version": 1,
        "createdAt": "2022-01-04 10:44:51.871Z",
        "modifiedAt": "2022-01-05 12:44:51.456Z"
      }
    },
    "metadata": {
      "version": 1,
      "createdAt": "2019-08-24T14:15:22Z",
      "modifiedAt": "2019-08-24T14:15:22Z"
    }
  }
]

Retrieving all groups to which a user is assigned

get

Retrieves all groups to which a specified user is assigned.

Required scopes

iam.group_read

Authorizations

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant's name.

Note: The tenant name should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

userIdstringRequired

User's unique identifier, generated when the user is created.

Query parameters

pageNumberinteger · min: 1Optional

Page number to be retrieved. The number of the first page is 1.

Default: 1

pageSizeinteger · min: 1Optional

Number of items to be retrieved per page.

Default: 60

sortstringOptional

List of properties used to sort the results, separated by colons. The order of properties indicates their priority in sorting.

Possible values:

{fieldName}
{fieldName}:asc
{fieldName}:desc

Note: If you want to sort the results by localized properties, the possible values are as follows:

{fieldName}.{language}
{fieldName}.{language}:asc
{fieldName}.{language}:desc

If the sorting direction is not specified, the fields are sorted in ascending order.

Header parameters

Accept-LanguagestringOptional

List of language codes acceptable for the response. You can specify factors that indicate which language should be retrieved if the one with a higher factor was not found in the localized fields. If the value is specified, then it must be present in the tenant configuration.

If the header is set to a particular language or a list of languages, all localized fields are retrieved as strings.
If the header is set to *, all localized fields are retrieved as maps of translations, where the keys are language codes and values are the fields in their respective languages.
If the header is empty, localized fields are retrieved in the default language defined in the Configuration Service.

X-Total-CountbooleanOptional

Flag indicating whether the total number of retrieved items should be returned.

Default: falseExample: true

Responses

200

The request was successful. A list of groups is returned.

application/json

400

Unsupported language provided.

application/json

401

Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.

application/json

403

Scope validation failed, details will be provided in response message

application/json

get

GET /iam/{tenant}/users/{userId}/groups HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

[
  {
    "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
    "name": {
      "en": "Example name",
      "de": "Beispielname"
    },
    "description": {
      "en": "Example group description",
      "de": "Beispiel Berechtigungsbeschreibung"
    },
    "accessControls": [
      "f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
      "r243dc9e-a3f6-4573-zz01-a8ae21d2d4ae"
    ],
    "userType": "CUSTOMER",
    "metadata": {
      "version": 1,
      "createdAt": "2022-01-04 10:44:51.871Z",
      "modifiedAt": "2022-01-05 12:44:51.456Z"
    }
  }
]

Retrieving user group info

get

Retrieves user specific group.

Required scopes

iam.group_read

Authorizations

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant's name.

Note: The tenant name should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

userIdstringRequired

User's unique identifier, generated when the user is created.

groupIdstringRequired

Unique identifier of a group, generated when the group is created.

Header parameters

Accept-LanguagestringOptional

List of language codes acceptable for the response. You can specify factors that indicate which language should be retrieved if the one with a higher factor was not found in the localized fields. If the value is specified, then it must be present in the tenant configuration.

If the header is set to a particular language or a list of languages, all localized fields are retrieved as strings.
If the header is set to *, all localized fields are retrieved as maps of translations, where the keys are language codes and values are the fields in their respective languages.
If the header is empty, localized fields are retrieved in the default language defined in the Configuration Service.

Responses

200

The request was successful. The group is returned.

application/json

400

Unsupported language provided.

application/json

401

Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.

application/json

403

Scope validation failed, details will be provided in response message

application/json

404

Given resources cannot be found.

application/json

get

GET /iam/{tenant}/users/{userId}/groups/{groupId} HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

{
  "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
  "name": {
    "en": "Example name",
    "de": "Beispielname"
  },
  "description": {
    "en": "Example group description",
    "de": "Beispiel Berechtigungsbeschreibung"
  },
  "accessControls": [
    "f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
    "r243dc9e-a3f6-4573-zz01-a8ae21d2d4ae"
  ],
  "userType": "CUSTOMER",
  "metadata": {
    "version": 1,
    "createdAt": "2022-01-04 10:44:51.871Z",
    "modifiedAt": "2022-01-05 12:44:51.456Z"
  }
}

Retrieving user permissions for a resource

get

Retrieves a specified user's permissions for a specific resource. The permissions are calculated based on the user's group assignments and the access control lists of those groups.

Required scopes

iam.permission_read

Authorizations

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant's name.

Note: The tenant name should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

userIdstringRequired

User's unique identifier, generated when the user is created.

resourceIdstringRequired

Unique identifier of a resource.

Header parameters

Accept-LanguagestringOptional

List of language codes acceptable for the response. You can specify factors that indicate which language should be retrieved if the one with a higher factor was not found in the localized fields. If the value is specified, then it must be present in the tenant configuration.

If the header is set to a particular language or a list of languages, all localized fields are retrieved as strings.
If the header is set to *, all localized fields are retrieved as maps of translations, where the keys are language codes and values are the fields in their respective languages.
If the header is empty, localized fields are retrieved in the default language defined in the Configuration Service.

Responses

200

The request was successful. A list of user permissions for the resource is returned.

application/json

400

Unsupported language provided.

application/json

401

Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.

application/json

403

Scope validation failed, details will be provided in response message

application/json

get

GET /iam/{tenant}/users/{userId}/permissions/{resourceId} HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

[
  {
    "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
    "name": {
      "en": "Example name",
      "de": "Beispielname"
    },
    "description": {
      "en": "Example permission description",
      "de": "Beispiel Berechtigungsbeschreibung"
    },
    "applicableResources": [
      "SQ43dc9e-a3f6-4573-bb01-a8ae21d2d4ca",
      "RE43dc9e-a3f6-4573-bb01-a8ae21d2d4g1"
    ],
    "code": "read",
    "metadata": {
      "version": 1,
      "createdAt": "2022-01-04 10:44:51.871Z",
      "modifiedAt": "2022-01-05 12:44:51.456Z"
    }
  }
]

Retrieving scopes of a specific user

get

Retrieves all scopes granted to a user specified by id. Those are calculated based on user group assignments. For each particular group all access controls are resolved to scopes based on defined role(s) and resource(s).

Required scopes

iam.scope_read

Authorizations

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant's name.

Note: The tenant name should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

userIdstringRequired

User's unique identifier, generated when the user is created.

Responses

200

The request was successful. A list of scopes is returned.

application/json

401

Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.

application/json

403

Scope validation failed, details will be provided in response message

application/json

get

GET /iam/{tenant}/users/{userId}/scopes HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

{
  "userId": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
  "scopes": "iam.group_read iam.roles_read tenant=yourtenant"
}

Retrieving all access controls assigned to a requested user

get

Retrieves all access controls assigned to a requested user. You can expand the result by resolving the role and resource references.

Authorizations

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant's name.

Note: The tenant name should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

Query parameters

pageNumberinteger · min: 1Optional

Page number to be retrieved. The number of the first page is 1.

Default: 1

pageSizeinteger · min: 1Optional

Number of items to be retrieved per page.

Default: 60

expandstring · enumOptional

Adds expanded resource and/or role objects to the response.

Example: role,resourcePossible values:

Header parameters

X-Total-CountbooleanOptional

Flag indicating whether the total number of retrieved items should be returned.

Default: falseExample: true

Accept-LanguagestringOptional

List of language codes acceptable for the response. You can specify factors that indicate which language should be retrieved if the one with a higher factor was not found in the localized fields. If the value is specified, then it must be present in the tenant configuration.

If the header is set to a particular language or a list of languages, all localized fields are retrieved as strings.
If the header is set to *, all localized fields are retrieved as maps of translations, where the keys are language codes and values are the fields in their respective languages.
If the header is empty, localized fields are retrieved in the default language defined in the Configuration Service.

Responses

200

The request was successful. A list of user access controls is returned.

application/json

400

Unsupported language provided.

application/json

401

Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.

application/json

403

Scope validation failed, details will be provided in response message

application/json

404

Given resources cannot be found.

application/json

get

GET /iam/{tenant}/users/me/access-controls HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

[
  {
    "id": "I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
    "roleId": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
    "resourceId": "S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
    "name": {
      "en": "Example name",
      "de": "Beispielname"
    },
    "role": {
      "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
      "name": {
        "en": "Example name",
        "de": "Beispielname"
      },
      "description": {
        "en": "Example role description",
        "de": "Beispiel Berechtigungsbeschreibung"
      },
      "permissions": [
        {
          "id": "F243dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
          "applicablePermissionResources": [
            "Q1233dc9e-a3f6-4573-bb01-a8ae21d2d43g"
          ]
        },
        {
          "id": "F343dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
        }
      ],
      "metadata": {
        "version": 1,
        "createdAt": "2022-01-04 10:44:51.871Z",
        "modifiedAt": "2022-01-05 12:44:51.456Z"
      }
    },
    "resource": {
      "id": "S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
      "name": {
        "en": "Example name",
        "de": "Beispielname"
      },
      "description": {
        "en": "Example resource description",
        "de": "Beispiel Domainbeschreibung 2"
      },
      "code": "serviceName.resource",
      "metadata": {
        "version": 1,
        "createdAt": "2022-01-04 10:44:51.871Z",
        "modifiedAt": "2022-01-05 12:44:51.456Z"
      }
    },
    "metadata": {
      "version": 1,
      "createdAt": "2019-08-24T14:15:22Z",
      "modifiedAt": "2019-08-24T14:15:22Z"
    }
  },
  {
    "id": "PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
    "roleId": "Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
    "resourceId": "L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
    "name": {
      "en": "Example name 2",
      "de": "Beispielname 2"
    },
    "role": {
      "id": "Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
      "name": {
        "en": "Example name 2",
        "de": "Beispielname 2"
      },
      "description": {
        "en": "Example role description 2",
        "de": "Beispiel Berechtigungsbeschreibung 2"
      },
      "permissions": [
        {
          "id": "M243dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
          "applicablePermissionResources": [
            "N943dc9e-a3f6-4573-bb01-a8ae21d2d43g"
          ]
        },
        {
          "id": "Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
        }
      ],
      "metadata": {
        "version": 1,
        "createdAt": "2022-01-04 10:44:51.871Z",
        "modifiedAt": "2022-01-05 12:44:51.456Z"
      }
    },
    "resource": {
      "id": "L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
      "name": {
        "en": "Example name 2",
        "de": "Beispielname 2"
      },
      "description": {
        "en": "Example resource description 2",
        "de": "Beispiel Domainbeschreibung 2"
      },
      "code": "serviceName.resource",
      "metadata": {
        "version": 1,
        "createdAt": "2022-01-04 10:44:51.871Z",
        "modifiedAt": "2022-01-05 12:44:51.456Z"
      }
    },
    "metadata": {
      "version": 1,
      "createdAt": "2019-08-24T14:15:22Z",
      "modifiedAt": "2019-08-24T14:15:22Z"
    }
  }
]

Retrieving scopes of a requested user

get

Retrieves all own scopes granted to the user sending the request. Those are calculated based on user group assignments. For each particular group all access controls are resolved to scopes based on defined role(s) and resource(s).

Authorizations

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant's name.

Note: The tenant name should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

Responses

200

The request was successful. A list of scopes is returned.

application/json

401

Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.

application/json

403

Scope validation failed, details will be provided in response message

application/json

get

GET /iam/{tenant}/users/me/scopes HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

{
  "userId": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
  "scopes": "iam.group_read iam.roles_read tenant=yourtenant"
}