# 2026-02-11: IAM Service - restrictions and restrictionAware properties

## Overview

### restrictions property for groups

The `Group` object was extended with a new `restrictions` property. This property limits the visibility of permission-aware entities for users based on scope permissions.

### restrictionAware property for access controls

The `AccessControl` object was extended with a new `restrictionAware` property. This property determines whether an access control generates scopes with restriction suffixes when assigned to a group that has restrictions defined.

When `restrictionAware` is set to `true`, the generated scopes will include restrictions (e.g., `order.order_manage--DE`) based on the group's restrictions list. When `false`, scopes are generated without restriction suffixes regardless of the group's restrictions.

## Updated endpoints

### Groups

| Endpoint                                                                                                                                                  | Description                                  |
| --------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------- |
| [Creating a new group](https://developer.emporix.io/api-references/api-guides/users-and-permissions/iam/api-reference/groups#post-iam-tenant-groups)      | Property `restrictions` has been introduced. |
| [Upserting a group](https://developer.emporix.io/api-references/api-guides/users-and-permissions/iam/api-reference/groups#put-iam-tenant-groups-groupid)  | Property `restrictions` has been introduced. |
| [Retrieving all groups](https://developer.emporix.io/api-references/api-guides/users-and-permissions/iam/api-reference/groups#get-iam-tenant-groups)      | Property `restrictions` has been introduced. |
| [Retrieving a group](https://developer.emporix.io/api-references/api-guides/users-and-permissions/iam/api-reference/groups#get-iam-tenant-groups-groupid) | Property `restrictions` has been introduced. |

### Access Controls

| Endpoint                                                                                                                                                                                                      | Description                                                                  |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- |
| [Retrieving all access controls](https://developer.emporix.io/api-references/api-guides/users-and-permissions/iam/api-reference/access-controls#get-iam-tenant-access-controls)                               | Property `restrictionAware` has been introduced.                             |
| [Retrieving an access control](https://developer.emporix.io/api-references/api-guides/users-and-permissions/iam/api-reference/access-controls#get-iam-tenant-access-controls-accesscontrolid)                 | Property `restrictionAware` has been introduced.                             |
| [Retrieving all access controls assigned to a group](https://developer.emporix.io/api-references/api-guides/users-and-permissions/iam/api-reference/groups#get-iam-tenant-groups-groupid-access-controls)     | Property `restrictionAware` has been introduced.                             |
| [Retrieving all access controls assigned to a user](https://developer.emporix.io/api-references/api-guides/users-and-permissions/iam/api-reference/users#get-iam-tenant-users-userid-access-controls)         | Property `restrictionAware` has been introduced.                             |
| [Retrieving user access controls for a resource](https://developer.emporix.io/api-references/api-guides/users-and-permissions/iam/api-reference/users#get-iam-tenant-users-userid-access-controls-resourceid) | Property `restrictionAware` has been introduced.                             |
| [Retrieving all access controls assigned to the current user](https://developer.emporix.io/api-references/api-guides/users-and-permissions/iam/api-reference/users#get-iam-tenant-users-me-access-controls)   | Property `restrictionAware` has been introduced.                             |
| [Retrieving all access control templates](https://developer.emporix.io/api-references/api-guides/users-and-permissions/iam/api-reference/access-control-templates#get-iam-tenant-templates)                   | Property `restrictionAware` has been introduced in expanded access controls. |

## Known problems

There are no known problems.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://developer.emporix.io/changelog/2026/2026-02-11-iam.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.