# 2026-02-11: IAM Service - restrictions and restrictionAware properties ## Overview ### restrictions property for groups The `Group` object was extended with a new `restrictions` property. This property limits the visibility of permission-aware entities for users based on scope permissions. ### restrictionAware property for access controls The `AccessControl` object was extended with a new `restrictionAware` property. This property determines whether an access control generates scopes with restriction suffixes when assigned to a group that has restrictions defined. When `restrictionAware` is set to `true`, the generated scopes will include restrictions (e.g., `order.order_manage--DE`) based on the group's restrictions list. When `false`, scopes are generated without restriction suffixes regardless of the group's restrictions. ## Updated endpoints ### Groups | Endpoint | Description | | --------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------- | | [Creating a new group](https://developer.emporix.io/api-references/api-guides/users-and-permissions/iam/api-reference/groups#post-iam-tenant-groups) | Property `restrictions` has been introduced. | | [Upserting a group](https://developer.emporix.io/api-references/api-guides/users-and-permissions/iam/api-reference/groups#put-iam-tenant-groups-groupid) | Property `restrictions` has been introduced. | | [Retrieving all groups](https://developer.emporix.io/api-references/api-guides/users-and-permissions/iam/api-reference/groups#get-iam-tenant-groups) | Property `restrictions` has been introduced. | | [Retrieving a group](https://developer.emporix.io/api-references/api-guides/users-and-permissions/iam/api-reference/groups#get-iam-tenant-groups-groupid) | Property `restrictions` has been introduced. | ### Access Controls | Endpoint | Description | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- | | [Retrieving all access controls](https://developer.emporix.io/api-references/api-guides/users-and-permissions/iam/api-reference/access-controls#get-iam-tenant-access-controls) | Property `restrictionAware` has been introduced. | | [Retrieving an access control](https://developer.emporix.io/api-references/api-guides/users-and-permissions/iam/api-reference/access-controls#get-iam-tenant-access-controls-accesscontrolid) | Property `restrictionAware` has been introduced. | | [Retrieving all access controls assigned to a group](https://developer.emporix.io/api-references/api-guides/users-and-permissions/iam/api-reference/groups#get-iam-tenant-groups-groupid-access-controls) | Property `restrictionAware` has been introduced. | | [Retrieving all access controls assigned to a user](https://developer.emporix.io/api-references/api-guides/users-and-permissions/iam/api-reference/users#get-iam-tenant-users-userid-access-controls) | Property `restrictionAware` has been introduced. | | [Retrieving user access controls for a resource](https://developer.emporix.io/api-references/api-guides/users-and-permissions/iam/api-reference/users#get-iam-tenant-users-userid-access-controls-resourceid) | Property `restrictionAware` has been introduced. | | [Retrieving all access controls assigned to the current user](https://developer.emporix.io/api-references/api-guides/users-and-permissions/iam/api-reference/users#get-iam-tenant-users-me-access-controls) | Property `restrictionAware` has been introduced. | | [Retrieving all access control templates](https://developer.emporix.io/api-references/api-guides/users-and-permissions/iam/api-reference/access-control-templates#get-iam-tenant-templates) | Property `restrictionAware` has been introduced in expanded access controls. | ## Known problems There are no known problems.