openapi: 3.0.1 info: title: IAM Service description: | With Identity and Access Management (IAM) you can ensure that only users with the right identity credentials can access specified data, resources, or product areas. contact: name: Emporix url: 'https://emporix.com' email: documentation@emporix.com version: '' servers: - url: 'https://api.emporix.io' paths: '/iam/{tenant}/access-controls': get: tags: - Access Controls summary: Retrieving all access controls description: | Retrieves all access controls available for the tenant. The results can be filtered by using query parameters. You can expand the result by resolving the role and resource references. *** ### Required scopes * `iam.access_read` operationId: GET-iam-list-tenant-access-controls parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/trait_paged_pageNumber' - $ref: '#/components/parameters/trait_paged_pageSize' - $ref: '#/components/parameters/trait_metadataModifiedAt_query_param' - $ref: '#/components/parameters/roleId_query' - $ref: '#/components/parameters/trait_resourceId_query_param' - $ref: '#/components/parameters/trait_expand_query_param' - $ref: '#/components/parameters/X-Total-Count' - $ref: '#/components/parameters/trait_acceptLanguage_header' responses: '200': description: The request was successful. A list of access controls is returned. headers: X-Total-Count: description: Total number of retrieved access controls. schema: type: integer format: int32 content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessControlQueryDocument' examples: Fully expanded access control list: value: - id: I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname role: id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example role description de: Beispiel Berechtigungsbeschreibung permissions: - id: F243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - Q1233dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: F343dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' resource: id: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example resource description de: Beispiel Domainbeschreibung 2 code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' - id: PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 role: id: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 description: en: Example role description 2 de: Beispiel Berechtigungsbeschreibung 2 permissions: - id: M243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - N943dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' resource: id: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 description: en: Example resource description 2 de: Beispiel Domainbeschreibung 2 code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' Fully expanded access control list with Accept-Language 'en': value: - id: PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 role: id: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 description: en: Example role description 2 permissions: - id: M243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - N943dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' resource: id: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 description: en: Example resource description 2 code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' Access control list with role expand: value: - id: I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname role: id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example role description de: Beispiel Berechtigungsbeschreibung permissions: - id: F243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - Q1233dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: F343dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' - id: PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 role: id: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 description: en: Example role description 2 de: Beispiel Berechtigungsbeschreibung 2 permissions: - id: M243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - N943dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' Access control list with resource expand: value: - id: I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname resource: id: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example resource description de: Beispiel Domainbeschreibung 2 code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' - id: PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 resource: id: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 description: en: Example resource description 2 de: Beispiel Domainbeschreibung 2 code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' Access control list: value: - id: I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' - id: PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' Access control list empty: value: [] '400': $ref: '#/components/responses/Bad_request_400' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' security: - OAuth2: - iam.access_read parameters: - $ref: '#/components/parameters/tenant' '/iam/{tenant}/access-controls/{accessControlId}': get: tags: - Access Controls summary: Retrieving an access control description: | Retrieves details of a specified access control. You can expand the result by resolving the role and resource references. operationId: GET-iam-retrieve-access-control parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/access_control_Id' - $ref: '#/components/parameters/trait_acceptLanguage_header' - $ref: '#/components/parameters/trait_expand_query_param' responses: '200': description: The request was successful. Access control details are returned. content: application/json: schema: $ref: '#/components/schemas/AccessControlQueryDocument' examples: Fully expanded access control: value: id: I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname role: id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example role description de: Beispiel Berechtigungsbeschreibung permissions: - id: F243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - Q1233dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: F343dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' resource: id: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example resource description de: Beispiel Domainbeschreibung 2 code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' scopes: - resource.resource_permission metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' Fully expanded access control with Accept-Language 'en': value: id: I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name role: id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name description: en: Example role description permissions: - id: F243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - Q1233dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: F343dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' resource: id: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name description: en: Example resource description code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' scopes: - resource.resource_permission metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' Access control with role expanded: value: id: string roleId: string resourceId: string name: property1: string property2: string role: id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example role description de: Beispiel Berechtigungsbeschreibung permissions: - id: R143dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - Z243dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' resource: id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example resource description de: Beispiel Berechtigungsbeschreibung code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' scopes: - resource.resource_permission metadata: version: 0 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' Access control with resource expanded: value: id: I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname resource: id: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example resource description de: Beispiel Domainbeschreibung 2 code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' scopes: - resource.resource_permission metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' Access control: value: id: I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname scopes: - resource.resource_permission metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' '400': $ref: '#/components/responses/Bad_request_400' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' '404': description: Given resources cannot be found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: example: value: resourceId: 084bcaf6-66b8-4ddd-9489-65c5f6449e94 code: 404 status: Not Found message: Error while getting access control details: - Access control with id '084bcaf6-66b8-4ddd-9489-65c5f6449e94'not found security: - OAuth2: - iam.access_read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/access_control_Id' '/iam/{tenant}/groups': get: tags: - Groups summary: Retrieving all groups description: | Retrieves all groups of the tenant. You can filter the results by using query parameters. The `iam.group_read_own` scope allows customers to retrieve only groups of `CUSTOMER` type. operationId: GET-iam-list-tenant-user-groups parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/trait_paged_pageNumber' - $ref: '#/components/parameters/trait_paged_pageSize' - $ref: '#/components/parameters/trait_sort' - $ref: '#/components/parameters/trait_name_query_param' - $ref: '#/components/parameters/trait_q_query_param' - $ref: '#/components/parameters/trait_description_query_param' - $ref: '#/components/parameters/trait_metadataModifiedAt_query_param' - $ref: '#/components/parameters/trait_acceptLanguage_header' - $ref: '#/components/parameters/X-Total-Count' - schema: type: string in: query name: userType description: 'Search by the group user type. Possible values are: `CUSTOMER` and `EMPLOYEE`' responses: '200': description: The request was successful. A list of groups is returned. headers: X-Total-Count: description: Total number of retrieved groups. schema: type: integer format: int32 content: application/json: schema: type: array items: $ref: '#/components/schemas/GroupsQueryDocument' examples: Group list: value: - id: 1gr5e52e-6e27-4ac5-9471-2467d3fb7500 name: en: Customers de: Kunden description: en: Storefront users group de: Storefront-Benutzergruppe accessControls: - 2ac869fc-d548-4ec8-8e06-c01491314124 - 2ac869fc-d548-4ec8-8e06-c01491314143 - 2ac869fc-d548-4ec8-8e06-c01491314144 templates: - 2ac869fc-d548-4ec8-8e06-c01491314144 code: CUSTOMER userType: CUSTOMER b2b: legalEntityId: 0149b1314144a01491314z128 metadata: version: 1 createdAt: '2022-07-06T16:05:37.673Z' modifiedAt: '2022-07-06T16:05:37.673Z' - id: 1gr5e52e-6e27-4ac5-9471-2467d3fb7501 name: en: Backoffice users de: Backoffice Nutzer description: en: Backoffice users de: Backoffice Nutzer accessControls: - 4ac869fc-d548-4ec8-8e06-c01491314102 - 4ac869fc-d548-4ec8-8e06-c01491314119 templates: - 2ac869fc-d548-4ec8-8e06-c01491314144 code: BO_USER userType: EMPLOYEE b2b: legalEntityId: 0149b1314144a01491314z128 metadata: version: 1 createdAt: '2022-07-06T16:05:38.119Z' modifiedAt: '2022-07-06T16:05:38.119Z' Empty group list: value: [] '400': $ref: '#/components/responses/Bad_request_400' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' security: - OAuth2: - iam.group_read - iam.group_read_own post: tags: - Groups summary: Creating a new group description: | Creates a new group. When a group is created, you can assign particular users to it. Based on the group's access controls list, you can grant members specific system access. operationId: POST-iam-create-user-group parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/trait_contentLanguage_header' requestBody: content: application/json: schema: $ref: '#/components/schemas/GroupCreateRequest' examples: Customer group create request: value: name: en: Example group name de: Beispielname description: en: Example group description de: Beispiel Gruppenbeschreibung accessControls: - f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae - r243dc9e-a3f6-4573-zz01-a8ae21d2d4ae templates: - 2ac869fc-d548-4ec8-8e06-c01491314144 b2b: legalEntityId: 0149b1314144a01491314z128 userType: CUSTOMER Employee group create request: value: name: en: Example group name de: Beispielname description: en: Example group description de: Beispiel Gruppenbeschreibung accessControls: - f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae - r243dc9e-a3f6-4573-zz01-a8ae21d2d4ae templates: - 2ac869fc-d548-4ec8-8e06-c01491314144 b2b: legalEntityId: 0149b1314144a01491314z128 userType: EMPLOYEE required: true description: '' responses: '201': description: The request was successful. The group has been created. content: application/json: schema: $ref: '#/components/schemas/GroupIdResponse' examples: example-1: value: id: e243dc9e-a3f6-4573-bb01-a8ae21d2d4ae '400': $ref: '#/components/responses/Bad_request_400_cl' '401': $ref: '#/components/responses/Unauthorized_401' '403': description: Permission denied due to insufficient rights. This may happen when request does not contain sufficient scopes for given query values. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: example: value: code: 403 status: Forbidden message: You need a scope for this action. details: - 'Required scope(s): iam.group_manage' '409': $ref: '#/components/responses/Conflict_409' security: - OAuth2: - iam.group_read parameters: - $ref: '#/components/parameters/tenant' '/iam/{tenant}/groups/{groupId}': get: tags: - Groups summary: Retrieving a group description: | Retrieves a specified group's details. operationId: GET-iam-retrieve-users-group parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/groupId' - $ref: '#/components/parameters/trait_acceptLanguage_header' responses: '200': description: The request was successful. Group details are returned. content: application/json: schema: $ref: '#/components/schemas/GroupsQueryDocument' example: id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example group description de: Beispiel Berechtigungsbeschreibung accessControls: - f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae - r243dc9e-a3f6-4573-zz01-a8ae21d2d4ae b2b: legalEntityId: 0149b1314144a01491314z128 mixins: {} metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' '400': $ref: '#/components/responses/Bad_request_400' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' '404': description: Given resources cannot be found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: example: value: resourceId: 084bcaf6-66b8-4ddd-9489-65c5f6449e94 code: 404 status: Not Found message: Error while getting group details: - Group with id '084bcaf6-66b8-4ddd-9489-65c5f6449e94' not found security: - OAuth2: - iam.group_read delete: tags: - Groups summary: Deleting a group description: | Deletes a specified group. ***Important***: If you want to delete a group that has users assigned to it, you need to set the `forceDelete` query parameter to `true`. In this case, all user group assignments are deleted as well. The force flag requires the `iam.assignment_manage` scope. The `iam.assignment_manage` scope is only required if you want to delete a group that has users assigned to it. operationId: DELETE-iam-remove-user-group parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/groupId' - name: forceDelete in: query description: | * If set to `true` and the group has users assigned to it, both the group and the group assignments will be deleted. **Important**: To set this parameter to true, you must request an access token with the `iam.assignment_manage` scope. * If set to `false` or not specified and the group has users assigned to it, the endpoint will respond with the 400 error. schema: type: boolean example: false default: false responses: '204': description: The request was successful. The group has been deleted. '400': description: Bad Request content: application/json: schema: type: object properties: resourceId: type: string code: type: integer status: type: string message: type: string details: type: array items: type: string examples: Force delete not present: value: resourceId: 12fa14fas-753vs-naoirfau3123 code: 404 status: Bad Request message: Constraint validation failed details: - Could not delete a group with assigned users. Please use the 'forceDelete' query param with token containing the `iam.assignment_manage` scope to delete the group and group assignments or clean up the group assignments first. '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' security: - OAuth2: - iam.group_manage put: tags: - Groups summary: Upserting a group description: | Updates a user group, or creates a new one if a group with a specified if doesn't exist yet. If you provide the `metadata.version`, the optimistic locking is enabled and version is validated. operationId: PUT-iam-update-user-group parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/trait_contentLanguage_header' requestBody: content: application/json: schema: $ref: '#/components/schemas/GroupUpdateRequest' examples: Customer group update request: value: name: en: Example group name de: Beispielname description: en: Example group description de: Beispiel Gruppenbeschreibung accessControls: - f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae - r243dc9e-a3f6-4573-zz01-a8ae21d2d4ae templates: - 2ac869fc-d548-4ec8-8e06-c01491314144 b2b: legalEntityId: 0149b1314144a01491314z128 userType: CUSTOMER metadata: version: 1 Employee group update request: value: name: en: Example group name de: Beispielname description: en: Example group description de: Beispiel Gruppenbeschreibung accessControls: - f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae - r243dc9e-a3f6-4573-zz01-a8ae21d2d4ae templates: - 2ac869fc-d548-4ec8-8e06-c01491314144 b2b: legalEntityId: 0149b1314144a01491314z128 userType: EMPLOYEE metadata: version: 1 required: true description: '' responses: '201': description: The request was successful. The group has been created. content: application/json: schema: $ref: '#/components/schemas/GroupIdResponse' examples: example-1: value: id: e243dc9e-a3f6-4573-bb01-a8ae21d2d4ae '204': description: The request was successful. The group has been updated. '400': $ref: '#/components/responses/Bad_request_400' '401': $ref: '#/components/responses/Unauthorized_401' '403': description: Permission denied due to insufficient rights. This may happen when request does not contain sufficient scopes for given query values. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: example: value: code: 403 status: Forbidden message: You need a scope for this action. details: - 'Required scope(s): iam.group_manage' security: - OAuth2: - iam.group_read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/groupId' '/iam/{tenant}/groups/{groupId}/access-controls': get: tags: - Groups summary: Retrieving all access controls assigned to a group description: | Retrieves all access controls assigned to a specified group. Based on that list all users assigned to this group will receive specific system access. You can expand the result by resolving the role and resource references. operationId: GET-iam-list-group-access-controls parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/groupId' - $ref: '#/components/parameters/trait_paged_pageNumber' - $ref: '#/components/parameters/trait_paged_pageSize' - $ref: '#/components/parameters/X-Total-Count' - $ref: '#/components/parameters/trait_expand_query_param' - $ref: '#/components/parameters/trait_acceptLanguage_header' responses: '200': description: The request was successful. A list of group access controls is returned. headers: X-Total-Count: description: Total number of retrieved access controls. schema: type: integer format: int32 content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessControlQueryDocument' examples: Fully expanded access control list: value: - id: I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname role: id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example role description de: Beispiel Berechtigungsbeschreibung permissions: - id: F243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - Q1233dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: F343dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' resource: id: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example resource description de: Beispiel Domainbeschreibung 2 code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' - id: PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 role: id: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 description: en: Example role description 2 de: Beispiel Berechtigungsbeschreibung 2 permissions: - id: M243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - N943dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' resource: id: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 description: en: Example resource description 2 de: Beispiel Domainbeschreibung 2 code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' Fully expanded access control list with Accept-Language 'en': value: - id: I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name role: id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name description: en: Example role description permissions: - id: F243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - Q1233dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: F343dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' resource: id: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name description: en: Example resource description code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' - id: PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 role: id: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 description: en: Example role description 2 permissions: - id: M243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - N943dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' resource: id: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 description: en: Example resource description 2 code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' Access control list with role expand: value: - id: I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname role: id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example role description de: Beispiel Berechtigungsbeschreibung permissions: - id: F243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - Q1233dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: F343dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' - id: PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 role: id: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 description: en: Example role description 2 de: Beispiel Berechtigungsbeschreibung 2 permissions: - id: M243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - N943dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' Access control list with resource expand: value: - id: I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname resource: id: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example resource description de: Beispiel Domainbeschreibung 2 code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' - id: PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 resource: id: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 description: en: Example resource description 2 de: Beispiel Domainbeschreibung 2 code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' Access control list: value: - id: I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' - id: PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' Access control list empty: value: [] '400': $ref: '#/components/responses/Bad_request_400' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' '404': description: Given resources cannot be found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: example: value: resourceId: 084bcaf6-66b8-4ddd-9489-65c5f6449e94 code: 404 status: Not Found message: Error while getting group details: - Group with id '084bcaf6-66b8-4ddd-9489-65c5f6449e94' not found security: - OAuth2: - iam.access_read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/groupId' '/iam/{tenant}/groups/{groupId}/users': get: tags: - Groups summary: Retrieving users assigned to a group description: | Retrieves users assignments for a specified group. The `iam.user_read_own` scope allows customer to retrieve only users assignments from a specified group but only from the same company assignment operationId: GET-iam-list-group-users parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/groupId' - $ref: '#/components/parameters/trait_paged_pageNumber' - $ref: '#/components/parameters/trait_paged_pageSize' - $ref: '#/components/parameters/X-Total-Count' responses: '200': description: The request was successful. A list of user IDs is returned. headers: X-Total-Count: description: Total number of retrieved users. schema: type: integer format: int32 content: application/json: schema: type: array items: $ref: '#/components/schemas/AssignmentQueryDocument' examples: Customer group user list: value: - id: 665776bc-d548-4ec8-8e06-c01491311176 groupId: 1gr5e52e-6e27-4ac5-9471-2467d3fb7504 userId: 00u194ip48TiObqQW417 userType: CUSTOMER - id: 665776bc-d548-4ec8-8e06-c01491311177 groupId: 1gr5e52e-6e27-4ac5-9471-2467d3fb7502 userId: 00u194ip48TiObqQW411 userType: CUSTOMER Employee group user list: value: - id: 235776bc-d548-4ec8-8e06-c01491311176 groupId: 12gr5e52e-6e27-4ac5-9471-2467d3fb7504 userId: 0p9194ip48TiObqQW417 userType: EMPLOYEE - id: 325776bc-d548-4ec8-8e06-c01491311177 groupId: 12gr5e52e-6e27-4ac5-9471-2467d3fb7502 userId: 00u0p9ip48TiObqQW411 userType: EMPLOYEE No users assigned to a group: value: [] '400': $ref: '#/components/responses/Bad_request_400' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' '404': description: Given resources cannot be found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: example: value: resourceId: 084bcaf6-66b8-4ddd-9489-65c5f6449e94 code: 404 status: Not Found message: Error while getting group details: - Group with id '084bcaf6-66b8-4ddd-9489-65c5f6449e94' not found security: - OAuth2: - iam.user_read - iam.user_read_own post: tags: - Group Assignments summary: Adding a user to a group description: | Assigns a user to a specified group. The user gains all access controls (scopes) specified for this group. Groups assigned to employee users must share the same vendor identifier. The `iam.assignment_create_own` scope allows a customer to assign a user to a specified group only if the user is assigned to the same company. operationId: POST-iam-add-user-to-group parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/groupId' requestBody: content: application/json: schema: $ref: '#/components/schemas/AssignmentCreateRequest' required: true responses: '201': description: The request was successful. The user has been added to the group. content: application/json: schema: $ref: '#/components/schemas/AssignmentIdResponse' example: id: e243dc9e-a3f6-4573-bb01-a8ae21d2d4ae '400': description: Request was syntactically incorrect. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: Invalid assignment type: value: resourceId: 084bcaf6-66b8-4ddd-9489-65c5f6449e94 code: 400 status: Constraint validation failed message: ' ''invalidUserType'' is not supported' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' '404': description: Given resources cannot be found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: example: value: resourceId: 084bcaf6-66b8-4ddd-9489-65c5f6449e94 code: 404 status: Not Found message: User not found security: - OAuth2: - iam.assignment_manage - iam.assignment_create_own delete: tags: - Group Assignments summary: Removing all users from a group description: | Removes all users from a specified group. operationId: DELETE-iam-remove-all-users parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/groupId' responses: '204': description: The request was successful. All users have been deleted from the group. '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' security: - OAuth2: - iam.assignment_manage parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/groupId' '/iam/{tenant}/groups/{groupId}/users/{userType}/{userId}': put: tags: - Group Assignments summary: Upserting user assignment to a group description: | Creates user's assignment to a specified group. The user gains all access controls (scopes) specified for this group. In case the assignment already exists, nothing happens as the type of assignment cannot be changed. Groups assigned to employee users must share the same vendor identifier operationId: PUT-iam-update-user-to-group parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/groupId' - $ref: '#/components/parameters/userType' - $ref: '#/components/parameters/userId' responses: '201': description: The request was successful. The user has been added to the group. content: application/json: schema: $ref: '#/components/schemas/AssignmentIdResponse' '204': description: The request was successful. The user assignment already exists and has not been changed. '400': description: Request was syntactically incorrect. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: Invalid assignment type: value: resourceId: 084bcaf6-66b8-4ddd-9489-65c5f6449e94 code: 400 status: Constraint validation failed message: ' ''invalidUserType'' is not supported' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' '404': description: Given resources cannot be found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: example: value: resourceId: 084bcaf6-66b8-4ddd-9489-65c5f6449e94 code: 404 status: Not Found message: User not found security: - OAuth2: - iam.assignment_manage '/iam/{tenant}/groups/{groupId}/users/{userId}': delete: tags: - Group Assignments summary: Removing a user from a group description: | Removes a specified user from a specified group. The `iam.assignment_delete_own` scope allows a customer to remove user from a specified group only if the user is assigned to the same company. operationId: DELETE-iam-remove-user-from-group parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/groupId' - $ref: '#/components/parameters/userId' responses: '204': description: The request was successful. The user has been removed from the group. '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' security: - OAuth2: - iam.assignment_manage - iam.assignment_delete_own parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/groupId' - $ref: '#/components/parameters/userId' '/iam/{tenant}/permissions': get: tags: - Permissions summary: Retrieving all permissions description: | Retrieves all permissions available for the tenant. You can filter the results by using query parameters. operationId: GET-iam-list-all-tenant-permissions parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/trait_paged_pageNumber' - $ref: '#/components/parameters/trait_paged_pageSize' - $ref: '#/components/parameters/trait_sort' - $ref: '#/components/parameters/trait_name_query_param' - $ref: '#/components/parameters/trait_description_query_param' - $ref: '#/components/parameters/trait_metadataModifiedAt_query_param' - $ref: '#/components/parameters/trait_acceptLanguage_header' - $ref: '#/components/parameters/X-Total-Count' responses: '200': description: The request was successful. A list of permissions is returned. headers: X-Total-Count: description: Total number of retrieved permissions. schema: type: integer format: int32 content: application/json: schema: type: array items: $ref: '#/components/schemas/PermissionQueryDocument' examples: Permission list: value: - id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example permission description de: Beispiel Berechtigungsbeschreibung applicableResources: - SQ43dc9e-a3f6-4573-bb01-a8ae21d2d4ca - RE43dc9e-a3f6-4573-bb01-a8ae21d2d4g1 code: read metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' Empty permission list: value: [] '400': $ref: '#/components/responses/Bad_request_400' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' security: - OAuth2: - iam.permission_read parameters: - $ref: '#/components/parameters/tenant' '/iam/{tenant}/permissions/{permissionId}': get: tags: - Permissions summary: Retrieving a permission description: | Retrieves details of a specified permission. operationId: GET-iam-retrieve-permission-by-permissionId parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/permissionId' - $ref: '#/components/parameters/trait_acceptLanguage_header' responses: '200': description: The request was successful. Permission details are returned. content: application/json: schema: $ref: '#/components/schemas/PermissionQueryDocument' examples: example: value: id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example permission description de: Beispiel Berechtigungsbeschreibung applicableResources: - SQ43dc9e-a3f6-4573-bb01-a8ae21d2d4ca - RE43dc9e-a3f6-4573-bb01-a8ae21d2d4g1 code: read metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' '400': $ref: '#/components/responses/Bad_request_400' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' '404': description: Given resources cannot be found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: example: value: resourceId: 084bcaf6-66b8-4ddd-9489-65c5f6449e94 code: 404 status: Not Found message: Error while getting permission details: - Permission with id '084bcaf6-66b8-4ddd-9489-65c5f6449e94' not found security: - OAuth2: - iam.permission_read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/permissionId' '/iam/{tenant}/resources': get: tags: - Resources summary: Retrieving all resources description: | Retrieves all resources of a given tenant. You can filter the results by using query parameters. operationId: GET-iam-list-tenant-resources parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/trait_paged_pageSize' - $ref: '#/components/parameters/trait_paged_pageNumber' - $ref: '#/components/parameters/trait_sort' - $ref: '#/components/parameters/trait_name_query_param' - $ref: '#/components/parameters/trait_description_query_param' - $ref: '#/components/parameters/trait_metadataModifiedAt_query_param' - $ref: '#/components/parameters/trait_acceptLanguage_header' - $ref: '#/components/parameters/X-Total-Count' responses: '200': description: The request was successful. A list of resources is returned. headers: X-Total-Count: description: Total number of retrieved resources. schema: type: integer format: int32 content: application/json: schema: type: array items: $ref: '#/components/schemas/ResourceQueryDocument' examples: example: value: - id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4af name: en: Example name de: Beispielname description: en: Example resource description de: Beispiel Berechtigungsbeschreibung code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' '400': description: Request was syntactically incorrect. Details will be provided in the response payload content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: example: value: code: 400 status: Bad Request message: Accept-Language validation failed. details: - 'Following languages are not supported: ''ru''' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' security: - OAuth2: - iam.resource_read parameters: - $ref: '#/components/parameters/tenant' '/iam/{tenant}/resources/{resourceId}': get: tags: - Resources summary: Retrieving a resource description: | Retrieves details of a specified resource. operationId: GET-iam-retrieve-resource parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/resourceId' - $ref: '#/components/parameters/trait_acceptLanguage_header' responses: '200': description: The request was successful. Resource details are returned. content: application/json: schema: $ref: '#/components/schemas/ResourceQueryDocument' example: id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4af name: en: Example name de: Beispielname description: en: Example resource description de: Beispiel Berechtigungsbeschreibung code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' '400': $ref: '#/components/responses/Bad_request_400' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' '404': description: Given resources cannot be found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: example: value: resourceId: 084bcaf6-66b8-4ddd-9489-65c5f6449e94 code: 404 status: Not Found message: Error while getting resource details: - Resource with id '084bcaf6-66b8-4ddd-9489-65c5f6449e94' not found security: - OAuth2: - iam.resource_read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/resourceId' '/iam/{tenant}/templates': get: tags: - Access Control Templates summary: Retrieving all access control templates description: | Retrieves all access controls templates available for the tenant. A template contains a list of the most popular access controls combined together in order to provide convenient access to the system. operationId: GET-iam-list-access-control-templates parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/trait_paged_pageNumber' - $ref: '#/components/parameters/trait_paged_pageSize' - $ref: '#/components/parameters/trait_sort' - $ref: '#/components/parameters/trait_name_query_param' - $ref: '#/components/parameters/trait_description_query_param' - $ref: '#/components/parameters/trait_acceptLanguage_header' - $ref: '#/components/parameters/X-Total-Count' - schema: type: string example: accessControls enum: - accessControls in: query name: expand description: Adds expanded access controls with resource and role objects to the response. responses: '200': description: The request was successful. A list of role templates is returned. headers: X-Total-Count: description: Total number of retrieved role templates. schema: type: integer format: int32 content: application/json: schema: type: array items: $ref: '#/components/schemas/TemplateQueryDocument' examples: Templates list: value: - id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example role template description de: Beispiel Accessnbeschreibung accessControls: - f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae - Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae Expanded templates list: value: - id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: de: Katalogmanager en: Catalog Manager description: de: Vorlage für Katalogmanager-Zugriffskontrollen en: Template for Catalog Manager access controls accessControls: - 1ac869fc-d548-4ec8-8e06-c01491314117 - 4ac869fc-d548-4ec8-8e06-c01491314114 accessControlsDocuments: - id: 1ac869fc-d548-4ec8-8e06-c01491314117 roleId: 1rl5e52e-6e27-4ac5-9471-2467d3fb7500 resourceId: 1sr5e52e-6e27-4ac5-9471-2467d3fb7518 name: de: Konfiguration | Konfiguration viewer en: Configuration | Configuration viewer role: id: 1rl5e52e-6e27-4ac5-9471-2467d3fb7500 name: de: Zuschauer en: Viewer description: de: Zuschauerrolle en: Viewer role metadata: version: 1 createdAt: '2022-06-27T23:32:24.676Z' modifiedAt: '2022-06-27T23:32:24.676Z' resource: id: 1sr5e52e-6e27-4ac5-9471-2467d3fb7518 name: de: Konfiguration | Konfiguration Ressource en: Configuration | Configuration resource description: de: KonfigurationService with Konfigurationressource en: Configuration service with configuration resource code: configuration.configuration metadata: version: 1 createdAt: '2022-06-27T23:32:24.418Z' modifiedAt: '2022-06-27T23:32:24.418Z' metadata: version: 1 createdAt: '2022-06-27T23:32:25.539Z' modifiedAt: '2022-06-27T23:32:25.539Z' - id: 4ac869fc-d548-4ec8-8e06-c01491314113 roleId: 1rl5e52e-6e27-4ac5-9471-2467d3fb7502 resourceId: 1sr5e52e-6e27-4ac5-9471-2467d3fb7514 name: de: Katalog | Katalog manager en: Catalog | Catalog manager role: id: 1rl5e52e-6e27-4ac5-9471-2467d3fb7502 name: de: Manager en: Manager description: de: Managerrolle en: Administrator role metadata: version: 1 createdAt: '2022-06-27T23:32:24.704Z' modifiedAt: '2022-06-27T23:32:24.704Z' resource: id: 1sr5e52e-6e27-4ac5-9471-2467d3fb7514 name: de: Katalog | Katalog Ressource en: Catalog | Catalog resource description: de: Katalog Service with Katalog Ressource en: Catalog service with catalog resource code: catalog.catalog metadata: version: 1 createdAt: '2022-06-27T23:32:24.406Z' modifiedAt: '2022-06-27T23:32:24.406Z' metadata: version: 1 createdAt: '2022-06-27T23:32:25.148Z' modifiedAt: '2022-06-27T23:32:25.148Z' '400': $ref: '#/components/responses/Bad_request_400' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' security: - OAuth2: - iam.template_read parameters: - $ref: '#/components/parameters/tenant' '/iam/{tenant}/roles': get: tags: - Roles summary: Retrieving a list of roles description: | Retrieves all roles available for a specific tenant. You can filter the results by using query parameters. Each role contains a `permissions` list, and each permission is combined with the `applicablePermissionResources`field. This field allows you to allowlist resources that the permission is applicable to. The field can only contain resources specified in the permission document under `applicableResources`. operationId: GET-iam-list-tenant-roles parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/trait_paged_pageNumber' - $ref: '#/components/parameters/trait_paged_pageSize' - $ref: '#/components/parameters/trait_sort' - $ref: '#/components/parameters/trait_name_query_param' - $ref: '#/components/parameters/trait_description_query_param' - $ref: '#/components/parameters/trait_metadataModifiedAt_query_param' - $ref: '#/components/parameters/trait_acceptLanguage_header' - $ref: '#/components/parameters/X-Total-Count' responses: '200': description: The request was successful. A list of roles is returned. headers: X-Total-Count: description: Total number of retrieved roles. schema: type: integer format: int32 content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleQueryDocument' examples: Roles list: value: - id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example role description de: Beispiel Berechtigungsbeschreibung permissions: - id: R143dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - Z243dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' Empty roles list: value: [] '400': $ref: '#/components/responses/Bad_request_400' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' security: - OAuth2: - iam.role_read parameters: - $ref: '#/components/parameters/tenant' '/iam/{tenant}/roles/{roleId}': get: tags: - Roles summary: Retrieving a role description: | Retrieves details of a specified role. operationId: GET-iam-retrieve-role-by-roleId parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/roleId_path' - $ref: '#/components/parameters/trait_acceptLanguage_header' responses: '200': description: The request was successful. Role details are returned. content: application/json: schema: $ref: '#/components/schemas/RoleQueryDocument' '400': $ref: '#/components/responses/Bad_request_400' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' '404': description: Given resources cannot be found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: example: value: resourceId: 084bcaf6-66b8-4ddd-9489-65c5f6449e94 code: 404 status: Not Found message: Error while getting role details: - Role with id '084bcaf6-66b8-4ddd-9489-65c5f6449e94' not found security: - OAuth2: - iam.role_read parameters: - $ref: '#/components/parameters/roleId_path' - $ref: '#/components/parameters/tenant' '/iam/{tenant}/users/{userId}/access-controls': get: tags: - Users summary: Retrieving all access controls assigned to a user description: | Retrieves all access controls assigned to a specified user. You can expand the result by resolving the role and resource references. operationId: GET-iam-list-user-access-controls parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/userId' - $ref: '#/components/parameters/trait_paged_pageNumber' - $ref: '#/components/parameters/trait_paged_pageSize' - $ref: '#/components/parameters/X-Total-Count' - $ref: '#/components/parameters/trait_expand_query_param' - $ref: '#/components/parameters/trait_acceptLanguage_header' responses: '200': description: The request was successful. A list of user access controls is returned. headers: X-Total-Count: description: Total number of retrieved access controls. schema: type: integer format: int32 content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessControlQueryDocument' examples: Fully expanded access control list: $ref: '#/components/examples/fullyExpandedAccessControlList' Access control list with role expand: $ref: '#/components/examples/fullyExpandedAccessControlListEn' Access control list with resource expand: $ref: '#/components/examples/accessControlListWithResourceExpand' Access control list: $ref: '#/components/examples/accessControlList' Access control list empty: value: [] '400': $ref: '#/components/responses/Bad_request_400' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' '404': description: Given resources cannot be found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: example: value: resourceId: 084bcaf6-66b8-4ddd-9489-65c5f6449e94 code: 404 status: Not Found message: Error while getting user details: - User with id '084bcaf6-66b8-4ddd-9489-65c5f6449e94' not found security: - OAuth2: - iam.access_read parameters: - $ref: '#/components/parameters/userId' - $ref: '#/components/parameters/tenant' '/iam/{tenant}/users/{userId}/access-controls/{resourceId}': get: tags: - Users summary: Retrieving user access controls for a resource description: | Retrieves a specified user's access controls for a specified resource. operationId: GET-iam-retrieve-user-resource-access-controls parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/userId' - $ref: '#/components/parameters/resourceId' - $ref: '#/components/parameters/trait_expand_query_param' - $ref: '#/components/parameters/trait_acceptLanguage_header' responses: '200': description: The request was successful. A list of user access controls for the resource is returned. content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessControlQueryDocument' examples: Fully expanded access control list: value: - id: I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname role: id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example role description de: Beispiel Berechtigungsbeschreibung permissions: - id: F243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - Q1233dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: F343dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' resource: id: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ab name: en: Example name de: Beispielname description: en: Example resource description de: Beispiel Domainbeschreibung 2 code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' - id: PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 role: id: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 description: en: Example role description 2 de: Beispiel Berechtigungsbeschreibung 2 permissions: - id: M243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - N943dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' resource: id: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 description: en: Example resource description 2 de: Beispiel Domainbeschreibung 2 code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' Fully expanded access control list with Accept-Language 'en': value: - id: I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name role: id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name description: en: Example role description permissions: - id: F243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - Q1233dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: F343dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' resource: id: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name description: en: Example resource description code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' - id: PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 role: id: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 description: en: Example role description 2 permissions: - id: M243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - N943dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' resource: id: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 description: en: Example resource description 2 code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' Access control list with role expand: value: - id: I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname role: id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example role description de: Beispiel Berechtigungsbeschreibung permissions: - id: F243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - Q1233dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: F343dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' - id: PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 role: id: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 description: en: Example role description 2 de: Beispiel Berechtigungsbeschreibung 2 permissions: - id: M243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - N943dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' Access control list with resource expand: value: - id: I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname resource: id: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example resource description de: Beispiel Domainbeschreibung 2 code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' - id: PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 resource: id: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 description: en: Example resource description 2 de: Beispiel Domainbeschreibung 2 code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' Access control list: value: - id: I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' - id: PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' Access control list empty: value: [] '400': $ref: '#/components/responses/Bad_request_400' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' '404': description: Given resources cannot be found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: example: value: resourceId: 084bcaf6-66b8-4ddd-9489-65c5f6449e94 code: 404 status: Not Found message: Error while getting user details: - User with id '084bcaf6-66b8-4ddd-9489-65c5f6449e94' not found security: - OAuth2: - iam.access_read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/userId' - $ref: '#/components/parameters/resourceId' '/iam/{tenant}/users/{userId}/groups': get: tags: - Users summary: Retrieving all groups to which a user is assigned description: | Retrieves all groups to which a specified user is assigned. operationId: GET-iam-retrieve-user-groups parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/userId' - $ref: '#/components/parameters/trait_paged_pageNumber' - $ref: '#/components/parameters/trait_paged_pageSize' - $ref: '#/components/parameters/trait_sort' - $ref: '#/components/parameters/trait_acceptLanguage_header' - $ref: '#/components/parameters/X-Total-Count' responses: '200': description: The request was successful. A list of groups is returned. headers: X-Total-Count: description: Total number of retrieved groups. schema: type: integer format: int32 content: application/json: schema: type: array items: $ref: '#/components/schemas/GroupsQueryDocument' examples: Groups list: value: - id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example group description de: Beispiel Berechtigungsbeschreibung accessControls: - f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae - r243dc9e-a3f6-4573-zz01-a8ae21d2d4ae userType: CUSTOMER metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' Empty group list: value: [] '400': $ref: '#/components/responses/Bad_request_400' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' security: - OAuth2: - iam.group_read delete: tags: - Group Assignments summary: Removing a user from all groups description: | Removes a specified user from all groups. operationId: DELETE-iam-remove-user-from-all-groups parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/userId' responses: '204': description: The request was successful. The user has been removed from all groups. '401': $ref: '#/components/responses/Unauthorized_401' '403': description: Permission denied due to insufficient rights. This may happen when request does not contain sufficient scopes for given query values. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: example: value: code: 403 status: Forbidden message: You need a scope for this action. details: - 'Required scope(s): iam.assignment_manage' security: - OAuth2: - iam.assignment_manage parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/userId' '/iam/{tenant}/users/{userId}/groups/{groupId}': get: tags: - Users summary: Retrieving user group info description: | Retrieves user specific group. operationId: GET-iam-retrieve-user-group parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/userId' - $ref: '#/components/parameters/groupId' - $ref: '#/components/parameters/trait_acceptLanguage_header' responses: '200': description: The request was successful. The group is returned. content: application/json: schema: $ref: '#/components/schemas/GroupsQueryDocument' examples: Group definition: value: id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example group description de: Beispiel Berechtigungsbeschreibung accessControls: - f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae - r243dc9e-a3f6-4573-zz01-a8ae21d2d4ae userType: CUSTOMER metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' '400': $ref: '#/components/responses/Bad_request_400' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' '404': description: Given resources cannot be found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: example: value: resourceId: '123' code: 404 status: Not Found message: Error while getting assignment details: - Assignment with user id '0dfasf089124-12498fas-4214fa' and with group id '1iofa812-124kfa8-fasoi' not found security: - OAuth2: - iam.group_read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/userId' - $ref: '#/components/parameters/groupId' '/iam/{tenant}/users/{userId}/permissions/{resourceId}': get: tags: - Users summary: Retrieving user permissions for a resource description: | Retrieves a specified user's permissions for a specific resource. The permissions are calculated based on the user's group assignments and the access control lists of those groups. operationId: GET-iam-retrieve-user-resource-permissions parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/userId' - $ref: '#/components/parameters/resourceId' - $ref: '#/components/parameters/trait_acceptLanguage_header' responses: '200': description: The request was successful. A list of user permissions for the resource is returned. content: application/json: schema: type: array items: $ref: '#/components/schemas/PermissionQueryDocument' examples: Permission list: value: - id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example permission description de: Beispiel Berechtigungsbeschreibung applicableResources: - SQ43dc9e-a3f6-4573-bb01-a8ae21d2d4ca - RE43dc9e-a3f6-4573-bb01-a8ae21d2d4g1 code: read metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' Empty permission list: value: [] '400': $ref: '#/components/responses/Bad_request_400' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' security: - OAuth2: - iam.permission_read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/userId' - $ref: '#/components/parameters/resourceId' '/iam/{tenant}/users/{userId}/scopes': get: tags: - Users summary: Retrieving scopes of a specific user description: | Retrieves all scopes granted to a user specified by id. Those are calculated based on user group assignments. For each particular group all access controls are resolved to scopes based on defined role(s) and resource(s). operationId: GET-iam-retrieve-user-scopes parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/userId' responses: '200': description: The request was successful. A list of scopes is returned. content: application/json: schema: $ref: '#/components/schemas/UserScopesResponse' examples: User scopes: value: userId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae scopes: iam.group_read iam.roles_read tenant=yourtenant User has no scopes: value: userId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae scopes: tenant=yourtenant '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' security: - OAuth2: - iam.scope_read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/userId' '/iam/{tenant}/users/me/access-controls': get: tags: - Users summary: Retrieving all access controls assigned to a requested user description: | Retrieves all access controls assigned to a requested user. You can expand the result by resolving the role and resource references. operationId: GET-iam-retrieve-user-access-controls parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/trait_paged_pageNumber' - $ref: '#/components/parameters/trait_paged_pageSize' - $ref: '#/components/parameters/X-Total-Count' - $ref: '#/components/parameters/trait_expand_query_param' - $ref: '#/components/parameters/trait_acceptLanguage_header' responses: '200': description: The request was successful. A list of user access controls is returned. headers: X-Total-Count: description: Total number of retrieved access controls. schema: type: integer format: int32 content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessControlQueryDocument' examples: Fully expanded access control list: $ref: '#/components/examples/fullyExpandedAccessControlList' Access control list with role expand: $ref: '#/components/examples/fullyExpandedAccessControlListEn' Access control list with resource expand: $ref: '#/components/examples/accessControlListWithResourceExpand' Access control list: $ref: '#/components/examples/accessControlList' Access control list empty: value: [] '400': $ref: '#/components/responses/Bad_request_400' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' '404': description: Given resources cannot be found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: example: value: resourceId: 084bcaf6-66b8-4ddd-9489-65c5f6449e94 code: 404 status: Not Found message: Error while getting user details: - User with id '084bcaf6-66b8-4ddd-9489-65c5f6449e94' not found security: - OAuth2: [] parameters: - $ref: '#/components/parameters/tenant' '/iam/{tenant}/users/me/scopes': get: tags: - Users summary: Retrieving scopes of a requested user description: | Retrieves all own scopes granted to the user sending the request. Those are calculated based on user group assignments. For each particular group all access controls are resolved to scopes based on defined role(s) and resource(s). operationId: GET-iam-retrieve-own-user-scopes parameters: - $ref: '#/components/parameters/tenant' responses: '200': description: The request was successful. A list of scopes is returned. content: application/json: schema: $ref: '#/components/schemas/UserScopesResponse' examples: User scopes: value: userId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae scopes: iam.group_read iam.roles_read tenant=yourtenant User has no scopes: value: userId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae scopes: tenant=yourtenant '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' security: - OAuth2: [] '/iam/{tenant}/users': parameters: - $ref: '#/components/parameters/tenant' get: summary: Retrieving a list of users tags: - Management Dashboard Users responses: '200': description: The request was successful a list of users is returned. headers: X-Total-Count: description: Total number of retrieved users. schema: type: integer format: int32 content: application/json: schema: type: array items: $ref: '#/components/schemas/UserResponse' examples: Employee list with extended groups: value: - id: 00u4ukrqkmEP1opFf417 firstName: John lastName: Doe backofficeUserNumber: 00u4ukrqkmEP1opFf417 preferredSite: main preferredCurrency: PLN preferredLanguage: en department: departmentName validFrom: '2022-08-19T10:41:28Z' isAccountLocked: true contactEmail: user2@gmail.com status: ACTIVE groupIds: - 1gr5e52e-6e27-4ac5-9471-2467d3fb7503 groups: - id: 1gr5e52e-6e27-4ac5-9471-2467d3fb7503 name: de: Backoffice Manager en: Backoffice managers description: de: Backoffice Manager en: Backoffice managers code: BO_MANAGER userType: EMPLOYEE - id: 00u4ukqvzlEP31sCk417 firstName: John lastName: Doe backofficeUserNumber: 00u4ukqvzlEP31sCk417 preferredSite: main preferredCurrency: PLN preferredLanguage: en department: departmentName validFrom: '2022-08-19T10:41:10Z' isAccountLocked: true contactEmail: user1@gmail.com status: PROVISIONED groupIds: - 1gr5e52e-6e27-4ac5-9471-2467d3fb7503 groups: - id: 1gr5e52e-6e27-4ac5-9471-2467d3fb7503 name: de: Backoffice Manager en: Backoffice managers description: de: Backoffice Manager en: Backoffice managers code: BO_MANAGER userType: EMPLOYEE No employees found: value: [] Employee list: value: - id: 00u4ukrqkmEP1opFf417 firstName: John 2 lastName: Doe backofficeUserNumber: 00u4ukrqkmEP1opFf417 preferredSite: main preferredCurrency: PLN preferredLanguage: en department: departmentName validFrom: '2022-08-19T10:41:28Z' isAccountLocked: true contactEmail: user2@gmail.com status: ACTIVE groupIds: - 1gr5e52e-6e27-4ac5-9471-2467d3fb7503 - id: 00u4ukqvzlEP31sCk417 firstName: John lastName: Doe backofficeUserNumber: 00u4ukqvzlEP31sCk417 preferredSite: main preferredCurrency: PLN preferredLanguage: en department: departmentName validFrom: '2022-08-19T10:41:10Z' isAccountLocked: true contactEmail: user1@gmail.com status: PROVISIONED groupIds: - 1gr5e52e-6e27-4ac5-9471-2467d3fb7503 application/xml: schema: type: array items: {} '400': description: Bad Request content: application/json: schema: type: object properties: code: type: integer status: type: string message: type: string details: type: array items: type: string examples: Wrong user type: value: code: 400 status: Bad Request message: This user type is not supported yet for the user search details: - Wrong user type. '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' operationId: GET-iam-list-users-with-groups description: |- Retrieves all users for the given tenant with the assigned groups. The user type can be specified as `EMPLOYEE` or `CUSTOMER`. parameters: - schema: type: string in: query description: Page number to be retrieved. The number of the first page is 1. name: pageNumber - schema: type: string in: query name: pageSize description: Number of items to be retrieved per page. - schema: type: string enum: - groups example: groups in: query name: expand description: Adds expanded groups objects to the response result. - schema: type: string enum: - EMPLOYEE example: EMPLOYEE in: query name: userType description: 'The user type of the returned users. Supported types: `EMPLOYEE` and `CUSTOMER`.' - $ref: '#/components/parameters/trait_XTotalCount_header' security: - OAuth2: - iam.user_read post: summary: Create a new user of `EMPLOYEE` type tags: - Management Dashboard Users operationId: POST-iam-create-user responses: '201': description: The request was successful. The user has been created. content: application/json: schema: $ref: '#/components/schemas/UserIdResponse' examples: New employee id: value: id: e243dc9e-a3f6-4573-bb01-a8ae21d2d4at '400': $ref: '#/components/responses/Bad_request_400' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' '404': description: Given resource cannot be found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: Employee not found: value: resourceId: 1gr5e52e-6e27-4ac5-9471-2467d3fb7503 code: 404 status: Not Found message: Error while getting groups provided in request. description: | Creates a new Management Dashboard user for a given tenant. The user will be able to log in to the Management Dashboard right after they confirm their email and set up a password. If a user with a given email already exists in the system, the assignment is created and no further steps are needed. security: - OAuth2: - iam.user_create requestBody: content: application/json: schema: $ref: '#/components/schemas/UserCreateRequest' examples: User creation request: value: lastName: Doe firstName: John preferredSite: main contactEmail: example@emporix.com preferredCurrency: PLN preferredLanguage: en department: departmentName groupIds: - 1gr5e52e-6e27-4ac5-9471-2467d3fb7503 - 1gr5e52e-6e27-4ac5-9471-2467d3fb7504 required: true description: User creation sample '/iam/{tenant}/users/{userId}': parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/userId' get: summary: Retrieving a user of the `EMPLOYEE` type tags: - Management Dashboard Users responses: '200': description: The request was successful and user is returned. content: application/json: schema: $ref: '#/components/schemas/UserResponse' examples: Employee with extended groups: value: id: 00u4ukqvzlEP31sCk417 firstName: John lastName: Doe backofficeUserNumber: 00u4ukqvzlEP31sCk417 preferredSite: main preferredCurrency: PLN preferredLanguage: en department: departmentName validFrom: '2022-08-19T10:41:10Z' isAccountLocked: true contactEmail: user1@gmail.com status: ACTIVE groupIds: - 1gr5e52e-6e27-4ac5-9471-2467d3fb7503 groups: - id: 1gr5e52e-6e27-4ac5-9471-2467d3fb7503 name: de: Backoffice Manager en: Backoffice managers description: de: Backoffice Manager en: Backoffice managers code: BO_MANAGER userType: EMPLOYEE Employee definition: value: id: 00u4ukqvzlEP31sCk417 firstName: John lastName: Doe backofficeUserNumber: 00u4ukqvzlEP31sCk417 preferredSite: main preferredCurrency: PLN preferredLanguage: en department: departmentName validFrom: '2022-08-19T10:41:10Z' isAccountLocked: true contactEmail: user1@gmail.com status: ACTIVE groupIds: - 1gr5e52e-6e27-4ac5-9471-2467d3fb7503 '400': $ref: '#/components/responses/Bad_request_400' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' '404': description: Given resource cannot be found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: Employee not found: value: resourceId: 084bcaf6-66b8-4ddd-9489-65c5f6449e94 code: 404 status: Not Found message: Error while getting user details: - User with id '084bcaf6-66b8-4ddd-9489' not found operationId: GET-iam-retrieve-user-and-groups description: |- For a specific tenant, retrieves user by ID along with the groups this user belongs to. The user type can be specified as `EMPLOYEE` or `CUSTOMER`. parameters: - schema: type: string enum: - groups example: groups in: query name: expand description: Adds expanded groups objects to the response result. security: - OAuth2: - iam.user_read put: summary: Updating a user of the `EMPLOYEE` type tags: - Management Dashboard Users operationId: PUT-iam-update-user responses: '204': description: The request was successful. The user has been updated. '400': $ref: '#/components/responses/Bad_request_400' '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' '404': description: Given resource cannot be found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: Employee not found: value: resourceId: 084bcaf6-66b8-4ddd-9489-65c5f6449e94 code: 404 status: Not Found message: Error while getting user details: - User with id '084bcaf6-66b8-4ddd-9489' not found requestBody: content: application/json: schema: $ref: '#/components/schemas/UserUpdateRequest' examples: User update request sample: value: lastName: Doe firstName: John preferredSite: main preferredCurrency: PLN preferredLanguage: en backofficeUserNumber: 00u4ujmuyhhfJodyS417 department: departmentName groupIds: - 1gr5e52e-6e27-4ac5-9471-2467d3fb7503 - 1gr5e52e-6e27-4ac5-9471-2467d3fb7504 required: true description: User creation sample description: | Updating a user of the `EMPLOYEE` type. The user is deleted from all groups and assigned to a given group list based on the `groupIds` field. security: - OAuth2: - iam.user_update delete: summary: Deleting a user from the Management Dashboard tags: - Management Dashboard Users operationId: DELETE-iam-remove-user-from-md responses: '204': description: User has been deleted successfully. '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' description: |- Removes a specified user from all groups. This operation blocks user access to Management Dashboard, but the Developer Portal account access remains the same. security: - OAuth2: - iam.user_delete parameters: - schema: type: boolean default: false example: false in: query name: forceDelete description: | Indicates whether user will be deleted from Developer Portal as well. **NOTE:** Only Developer Portal admin can perform force delete. '/iam/{tenant}/users/vendors/{vendorId}': parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/vendorId' get: summary: Retrieving a list of vendor users tags: - Management Dashboard Users responses: '200': description: The request was successful a list of users is returned. headers: X-Total-Count: description: Total number of retrieved users. schema: type: integer format: int32 content: application/json: schema: type: array items: $ref: '#/components/schemas/UserResponse' examples: Employee list with extended groups: value: - id: 00u4ukrqkmEP1opFf417 firstName: John 2 lastName: Doe backofficeUserNumber: 00u4ukrqkmEP1opFf417 preferredSite: main preferredCurrency: PLN preferredLanguage: en department: departmentName validFrom: '2022-08-19T10:41:28Z' isAccountLocked: true contactEmail: user2@gmail.com status: ACTIVE groupIds: - 1gr5e52e-6e27-4ac5-9471-2467d3fb7503 groups: - id: 1gr5e52e-6e27-4ac5-9471-2467d3fb7503 name: de: Raw Materials Vendor Order manager en: Raw Materials Bestellmanager Lieferant userType: EMPLOYEE - id: 00u4ukqvzlEP31sCk417 firstName: John lastName: Doe backofficeUserNumber: 00u4ukqvzlEP31sCk417 preferredSite: main preferredCurrency: PLN preferredLanguage: en department: departmentName validFrom: '2022-08-19T10:41:10Z' isAccountLocked: true contactEmail: user1@gmail.com status: PROVISIONED groupIds: - 1gr5e52e-6e27-4ac5-9471-2467d3fb7503 groups: - id: 1gr5e52e-6e27-4ac5-9471-2467d3fb7503 name: de: Raw Materials Vendor Order manager en: Raw Materials Bestellmanager Lieferant userType: EMPLOYEE No employees found: value: [ ] Employee list: value: - id: 00u4ukrqkmEP1opFf417 firstName: John 2 lastName: Doe backofficeUserNumber: 00u4ukrqkmEP1opFf417 preferredSite: main preferredCurrency: PLN preferredLanguage: en department: departmentName validFrom: '2022-08-19T10:41:28Z' isAccountLocked: true contactEmail: user2@gmail.com status: ACTIVE groupIds: - 1gr5e52e-6e27-4ac5-9471-2467d3fb7503 - id: 00u4ukqvzlEP31sCk417 firstName: John lastName: Doe backofficeUserNumber: 00u4ukqvzlEP31sCk417 preferredSite: main preferredCurrency: PLN preferredLanguage: en department: departmentName validFrom: '2022-08-19T10:41:10Z' isAccountLocked: true contactEmail: user1@gmail.com status: PROVISIONED groupIds: - 1gr5e52e-6e27-4ac5-9471-2467d3fb7503 application/xml: schema: type: array items: { } '401': $ref: '#/components/responses/Unauthorized_401' '403': $ref: '#/components/responses/Forbidden_403' operationId: GET-iam-list-users-with-groups-vendor description: |- Retrieves all users for the given vendor with the assigned groups. security: - OAuth2: - iam.user_read components: schemas: AccessControlMetadataQueryDocument: required: - createdAt - version type: object properties: version: required: - 'true' type: integer description: Access control document version. format: int32 createdAt: required: - 'true' type: string description: Timestamp indicating when the access control was created. format: date-time modifiedAt: type: string description: Timestamp indicating when the access control was last modified. format: date-time description: Access control metadata. AccessControlQueryDocument: type: object description: Definition of access control properties: id: type: string description: Assignment unique identifier generated when the assignment is created. roleId: type: string description: Role unique identifier associated with this access control. resourceId: type: string description: Resource unique identifier associated with this access control. name: type: object additionalProperties: type: string description: Localized resource name in the form of a map of translations. role: $ref: '#/components/schemas/RoleQueryDocument' resource: $ref: '#/components/schemas/ResourceQueryDocument' metadata: $ref: '#/components/schemas/AccessControlMetadataQueryDocument' scopes: type: array description: A list of resolved scopes for a particular access control. items: type: string TemplateQueryDocument: type: object properties: id: type: string description: Role template unique identifier generated when the role template is created. name: type: object additionalProperties: type: string description: Localized role template name in the form of a map of translations. description: type: object additionalProperties: type: string description: Localized role template description in the form of a map of translations. accessControls: type: array description: Access controls unique identifiers associated with this role template. items: type: string accessControlsDocuments: type: array description: Expanded Access controls documents items: $ref: '#/components/schemas/AccessControlQueryDocument' description: Definition of role template # example: # id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4aa # name: # en: Example name # de: Beispielname # description: # en: Example role template description # de: Beispiel Accessnbeschreibung # accessControls: # - f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae # - Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae AssignmentCreateRequest: type: object example: userId: f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae userType: CUSTOMER properties: userId: type: string description: User unique identifier generated when the user is created. Might be customer ID or Management Dashboard user ID. userType: type: string example: CUSTOMER enum: - CUSTOMER - EMPLOYEE default: EMPLOYEE description: 'Assignment type, possible values: CUSTOMER, EMPLOYEE' required: - userId AssignmentIdResponse: type: object properties: id: type: string description: ID of generated document. # example: # id: e243dc9e-a3f6-4573-bb01-a8ae21d2d4ae AssignmentQueryDocument: type: object properties: id: type: string description: Assignment unique identifier generated when the assignment is created. groupId: type: string description: User unique identifiers associated with this assignment. userId: type: string description: Group unique identifiers associated with this assignment. userType: type: string description: 'User type that may be one of: ''CUSTOMER'', ''EMPLOYEE''' description: Definition of assignments # example: # userId: f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae # type: customer ErrorResponse: required: - code - message - status type: object properties: resourceId: type: string nullable: true code: type: integer format: int32 status: type: string message: type: string details: type: array items: type: string GroupCreateRequest: type: object example: name: en: Example name de: Beispielname description: en: Example group description de: Beispiel Gruppenbeschreibung accessControls: - f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae - r243dc9e-a3f6-4573-zz01-a8ae21d2d4ae mixins: {} b2b: legalEntityId: 0149b1314144a01491314z128 properties: id: type: string description: Custom group's identifier. If not provided, it is automatically generated vendorId: type: string description: An identifier of a vendor to whom the group belongs. Can only be set during creation and is immutable thereafter. A group with vendorId can only be assigned to users of type `EMPLOYEE` readOnly: true name: minItems: 1 type: object additionalProperties: type: string description: Localized group name in the form of a map of translations. description: type: object additionalProperties: type: string description: Localized group description in the form of a map of translations. mixins: type: object additionalProperties: true description: Custom group attributes that need to be included directly in the `mixins` object. accessControls: type: array description: Access control unique identifiers associated with this group. Required to perform the request. nullable: true items: type: string userType: type: string description: 'The type of the group. Possible values: ''CUSTOMER'', ''EMPLOYEE''. Default value ''EMPLOYEE'' if not provided.' example: CUSTOMER default: EMPLOYEE enum: - CUSTOMER - EMPLOYEE nullable: true templates: type: array description: Template unique identifier associated with this group. Required to perform the request. nullable: true items: type: string b2b: type: object description: Additional properties for B2B. properties: legalEntityId: type: string description: Identifier of the assigned legal entity. required: - name GroupUpdateRequest: type: object # example: # name: # en: Example name # de: Beispielname # description: # en: Example group description # de: Beispiel Gruppenbeschreibung # accessControls: # - f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae # - r243dc9e-a3f6-4573-zz01-a8ae21d2d4ae # mixins: {} # templates: # - g443dc9e-a3f6-4573-bb01-a8ae21d2d4ae # b2b: # legalEntityId: 0149b1314144a01491314z128 # metadata: # version: 1 properties: name: minItems: 1 type: object additionalProperties: type: string description: Localized group name in the form of a map of translations. description: type: object additionalProperties: type: string description: Localized group description in the form of a map of translations. mixins: type: object additionalProperties: true description: Custom group attributes that need to be included directly in the `mixins` object. accessControls: type: array description: Access control unique identifiers associated with this group. Required to perform the request. nullable: true items: type: string userType: type: string description: 'The type of the group. Possible values: ''CUSTOMER'', ''EMPLOYEE''. Default value ''EMPLOYEE'' if not provided' example: CUSTOMER default: EMPLOYEE enum: - CUSTOMER - EMPLOYEE nullable: true templates: type: array description: Template unique identifier associated with this group. Required to perform the request. nullable: true items: type: string b2b: type: object description: additional properties for B2B properties: legalEntityId: type: string description: identifier of the assigned legal entity metadata: type: object properties: version: type: integer format: int32 description: Version of the entity, If provided optimistic locking is enabled and its version must match the version of the document in the database. description: Metadata of the updated group. required: - name GroupIdResponse: type: object properties: id: type: string description: ID of the generated document. # example: # id: e243dc9e-a3f6-4573-bb01-a8ae21d2d4ae UserIdResponse: type: object example: id: e243dc9e-a3f6-4573-bb01-a8ae21d2d4ae properties: id: type: string description: ID of the generated/updated user. GroupsMetadataQueryDocument: required: - createdAt - version type: object properties: version: required: - 'true' type: integer description: Group document version. format: int32 createdAt: required: - 'true' type: string description: Timestamp indicating when the group was created. format: date-time modifiedAt: type: string description: Timestamp indicating when the group was last modified. format: date-time description: Group metadata. GroupsQueryDocument: type: object properties: id: type: string description: Group unique identifier generated when the group is created. name: type: object additionalProperties: type: string description: Localized group name in the form of a map of translations. description: type: object additionalProperties: type: string description: Localized group description in the form of a map of translations. vendorId: type: string description: An identifier of a vendor to whom the group belongs. Can only be set during creation and is immutable thereafter. A group with vendorId can only be assigned to users of type `EMPLOYEE` readOnly: true accessControls: type: array description: Access control unique identifiers associated with this group. items: type: string templates: type: array description: Template unique identifiers associated with this group. items: type: string code: type: string userType: type: string description: The group type determines if the group can consist of users of the `CUSTOMER` or the `EMPLOYEE` type. b2b: type: object description: additional properties for B2B properties: legalEntityId: type: string description: identifier of the assigned legal entity mixins: type: object additionalProperties: type: string description: Custom group attributes that need to be included directly in the `mixins` object. metadata: $ref: '#/components/schemas/GroupsMetadataQueryDocument' description: Definition of groups # example: # id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae # name: # en: Example name # de: Beispielname # description: # en: Example group description # de: Beispiel Berechtigungsbeschreibung # accessControls: # - f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae # - r243dc9e-a3f6-4573-zz01-a8ae21d2d4ae # b2b: # legalEntityId: 0149b1314144a01491314z128 # mixins: {} # metadata: # version: 1 # createdAt: '2022-01-04 10:44:51.871Z' # modifiedAt: '2022-01-05 12:44:51.456Z' PermissionQueryDocument: type: object properties: id: type: string description: Permission unique identifier generated when the permission is created. code: type: string description: Permission code identifier used for scopes mapping. name: type: object additionalProperties: type: string description: Localized permission name in the form of a map of codes. description: type: object additionalProperties: type: string description: Localized permission description in the form of a map of translations. applicableResources: type: array description: Applicable domains list declared for this permission. items: type: string metadata: $ref: '#/components/schemas/PermissionsMetadataQueryDocument' description: Definition of permissions # example: # id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae # name: # en: Example name # de: Beispielname # description: # en: Example permission description # de: Beispiel Berechtigungsbeschreibung # applicableResources: # - SQ43dc9e-a3f6-4573-bb01-a8ae21d2d4ca # - RE43dc9e-a3f6-4573-bb01-a8ae21d2d4g1 # code: read # metadata: # version: 1 # createdAt: '2022-01-04 10:44:51.871Z' # modifiedAt: '2022-01-05 12:44:51.456Z' PermissionsMetadataQueryDocument: required: - createdAt - version type: object properties: version: required: - 'true' type: integer description: Permission document version. format: int32 createdAt: required: - 'true' type: string description: Timestamp indicating when the permission was created. format: date-time modifiedAt: type: string description: Timestamp indicating when the permission was last modified. format: date-time description: Permission metadata. ResourceQueryDocument: type: object properties: id: type: string description: Resource unique identifier generated when the resource is created. name: type: object additionalProperties: type: string description: Localized resource name in the form of a map of translations. description: type: object additionalProperties: type: string description: Localized resource description in the form of a map of translations. code: type: string description: Resource unique code identifier. metadata: $ref: '#/components/schemas/ResourcesMetadataQueryDocument' description: Resource definition associated with this access control. # example: # id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4af # name: # en: Example name # de: Beispielname # description: # en: Example resource description # de: Beispiel Berechtigungsbeschreibung # code: serviceName.resource # metadata: # version: 1 # createdAt: '2022-01-04 10:44:51.871Z' # modifiedAt: '2022-01-05 12:44:51.456Z' ResourcesMetadataQueryDocument: required: - createdAt - version type: object properties: version: required: - 'true' type: integer description: Resource document version. format: int32 createdAt: required: - 'true' type: string description: Timestamp indicating when the resource was created. format: date-time modifiedAt: type: string description: Timestamp indicating when the resource was last modified. format: date-time description: Resource metadata. RolePermissionsDocument: type: object description: Role permissions list. title: '' properties: applicablePermissionResources: type: array description: | Allows you to allowlist resources that the permission is applicable to. Can only contain resources specified in the permission document under `applicableResources`. items: type: string id: type: string description: Reference to the permission document with specific resources defined. required: - id RoleQueryDocument: type: object description: Role definition associated with this access control. example: id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example role description de: Beispiel Berechtigungsbeschreibung permissions: - id: R143dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - Z243dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' properties: id: type: string description: Role unique identifier generated when the role is created. name: type: object additionalProperties: type: string description: Localized role name in the form of a map of translations. description: type: object additionalProperties: type: string description: Localized role description in the form of a map of translations. permissions: type: array description: Permissions unique identifier list declared for this role. items: $ref: '#/components/schemas/RolePermissionsDocument' metadata: $ref: '#/components/schemas/RolesMetadata' RolesMetadata: required: - createdAt - version type: object properties: version: required: - 'true' type: integer description: Role document version. format: int32 createdAt: required: - 'true' type: string description: Timestamp indicating when the role was created. format: date-time modifiedAt: type: string description: Timestamp indicating when the role was last modified. format: date-time UserScopesResponse: type: object properties: userId: type: string description: User unique identifier. scopes: type: string description: User scopes. vendorId: type: string description: An identifier of a vendor to whom the user belongs. Calculated based on groups assignment readOnly: true description: Definition of user scopes example: id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae scopes: iam.group_read iam.roles_read UserResponse: type: object description: User response schema properties: id: type: string description: User unique identifier generated when the group is created. firstName: type: string description: User first name. lastName: type: string description: User last name. backofficeUserNumber: type: string description: 'For a new user, the value is the same as Id. For an existing user, the value is an internal number. This field should be used when retrieving user details and for user update and deletion.' preferredSite: type: string description: User preferred site preferredCurrency: type: string description: User preferred currency preferredLanguage: type: string description: User preferred language department: type: string description: User department validFrom: type: string description: Account creation date isAccountLocked: type: boolean description: Indicates whether user is able to log in to Management Dashboard. contactEmail: type: string description: User contact email status: type: string description: Indicates user status. May be 'Active' or 'Provisioned' in case user does not confirm their email. groupIds: type: array description: Group ids where user is assigned to. items: type: string groups: type: array description: 'Group extended definition, may be fetched when `extend` param is used' items: type: object properties: id: type: string description: Group unique identifier generated when the group is created. name: additionalProperties: type: string description: Localized group name in the form of a map of translations. description: type: object additionalProperties: type: string description: Localized group description in the form of a map of translations. code: type: string description: Internal code of a group. userType: type: string description: The group type determines if the group can consist of users of the `CUSTOMER` or the `EMPLOYEE` type. required: - id - firstName - lastName - backofficeUserNumber - preferredSite - preferredCurrency - preferredLanguage - department - validFrom - isAccountLocked - contactEmail - status - groupIds UserUpdateRequest: type: object description: User update schema properties: firstName: type: string description: User first name. lastName: type: string description: User last name. preferredSite: type: string description: User preferred site preferredCurrency: type: string description: User preferred currency preferredLanguage: type: string description: User preferred language department: type: string description: User department backofficeUserNumber: type: string description: 'User backoffice user number. For new users, it is the same as ID. For existing users, it may be different.' groupIds: type: array description: Groups unique identifier attached to this user. Required to perform the request. items: type: string required: - firstName - lastName - preferredSite - preferredCurrency - preferredLanguage - department - backofficeUserNumber - groupIds UserCreateRequest: type: object properties: firstName: type: string description: User first name. lastName: type: string description: User last name. preferredSite: type: string description: User preferred site preferredCurrency: type: string description: User preferred currency preferredLanguage: type: string description: User preferred language department: type: string description: User department contactEmail: type: string description: User contact email groupIds: type: array description: Unique identifier of a group associated with to this user. Required to perform the request. items: type: string required: - firstName - lastName - preferredSite - preferredCurrency - preferredLanguage - department - contactEmail - groupIds securitySchemes: OAuth2: type: oauth2 flows: clientCredentials: tokenUrl: 'https://api.emporix.io/oauth/token' scopes: iam.access_read: '' iam.assignment_create_own: '' iam.assignment_manage: '' iam.assignment_delete_own: '' iam.permission_read: '' iam.permission_create: '' iam.permission_update: '' iam.permission_delete: '' iam.role_read: '' iam.role_create: '' iam.role_update: '' iam.role_delete: '' iam.group_read: '' iam.group_read_own: '' iam.user_read: '' iam.user_read_own: '' iam.user_create: '' iam.user_update: '' iam.user_delete: '' iam.scope_read: '' iam.scope_read_own: '' iam.resource_read: '' iam.template_read: '' parameters: tenant: name: tenant in: path required: true description: | Your Emporix tenant name. **Note**: The tenant name should always be written in lowercase. schema: pattern: '^[a-z][a-z0-9]+$' minLength: 3 maxLength: 16 type: string trait_XTotalCount_header: in: header name: X-Total-Count required: false description: 'In order to get information how many entities meet a filter requirements, X-Total-Count header has been introduced. The header is optional and its default value is false. It the header is provided and it is true then total count is returned in the X-Total-Count response header. In both cases (X-Total-Count true, false or not provided), the response body has the same format (array of entities). In other words, the information about total count is returned on demand, depending of an existence of X-Total-Count header in a request. Therefore, the X-Total-Count header is not returned if an API consumer didn''t ask for it.' schema: default: false type: boolean trait_paged_pageNumber: name: pageNumber in: query description: | Page number to be retrieved. The number of the first page is 1. schema: default: 1 minimum: 1 type: integer trait_sort: name: sort in: query description: |- List of properties used to sort the results, separated by colons. The order of properties indicates their priority in sorting. Possible values: * `{fieldName}` * `{fieldName}:asc` * `{fieldName}:desc` **Note:** If you want to sort the results by localized properties, the possible values are as follows: * `{fieldName}.{language}` * `{fieldName}.{language}:asc` * `{fieldName}.{language}:desc` If the sorting direction is not specified, the fields are sorted in ascending order. schema: type: string trait_paged_pageSize: name: pageSize in: query description: | Number of items to be retrieved per page. schema: default: 60 minimum: 1 type: integer trait_contentLanguage_header: in: header name: Content-Language required: true description: The Content-Language request HTTP header defines language(s) of the payload. schema: type: string example: de trait_acceptLanguage_header: name: Accept-Language in: header required: false schema: type: string description: | List of language codes acceptable for the response. You can specify factors that indicate which language should be retrieved if the one with a higher factor was not found in the localized fields. If the value is specified, then it must be present in the tenant configuration. * If the header is set to a particular language or a list of languages, all localized fields are retrieved as strings. * If the header is set to `*`, all localized fields are retrieved as maps of translations, where the keys are language codes and values are the fields in their respective languages. * If the header is empty, localized fields are retrieved in the default language defined in the Configuration Service. X-Total-Count: name: X-Total-Count in: header required: false schema: type: boolean example: true default: false description: | Flag indicating whether the total number of retrieved items should be returned. trait_resourceId_query_param: name: resourceId in: query required: false schema: type: string description: | Search by the id of a given resource. trait_name_query_param: name: name in: query required: false schema: type: string description: | Search by the name of a given resource. The value is conformed against all of the specified accepted languages. trait_q_query_param: name: q in: query required: false schema: type: string example: id:in(exampleId1,exampleId2) description: | Standard query parameter used to search for specific values. * Searching for an item by string property: `q=id:31065d5b-b62e`, where `id` is the field name and `31065d5b-b62e` is its required value. * Searching for an item by localized field property: `q=name.en:T-s` where `name` is the name of the field, `en` is a language code and `T-s` is a required value of this field. This query works only for localized fields, which are stored in a Map format where `key` is a language code and `value` is translation to particular language. + Searching for items by date property. All numer-based property queries are valid also for dates. In that case the date should be placed within double quotes: `q=metadata.createdAt:(>="2021-05-18T07:27:27.455Z" AND <"2021-05-20T07:27:27.455Z")` + Searching for items with non existing or empty property: `q=name.en:null` where `name.en` is a name of fields that has value `null`. + Searching for items with existing property: `q=attributes:exists` where `attributes` is a name of field that has `non null` value. + Searching for items by multiple specific values: `q=id:(5c3325baa9812100098ff48f,5c3325d1a9812100098ff494)` where `id` is name of field and strings within a bracket are it''s required value. + Searching for items by multiple fields: `q=id:5c3325baa9812100098ff48f name.en:T-s` where `id` and ''name.en'' are the names of fields. All documents that contain given values of these fields are returned. Multiple fields separated by space can be specified. Multiple values for each field can be also specified in a format presented above. + Searching for items with string fields conforming to a regex: `q=name.en:~ABCD12` or `q=name.en:(~AB CD)` - in case of searching for strings with space, where `name` is the name of field and `ABCD12` or `AB CD` is it''s querying regex.' trait_metadataModifiedAt_query_param: name: metadataModifiedAt in: query required: false schema: type: string example: '2022-01-01' description: | Search by given resources that contain the `metadata.modifiedAt` date field with a date later than the specified value. The format is as follows: ''yyyy-MM-dd''. trait_expand_query_param: name: expand in: query required: false schema: type: string example: 'role,resource' enum: - 'role,resource' - 'resource,role' - role - resource description: Adds expanded resource and/or role objects to the response. trait_description_query_param: name: description in: query required: false schema: type: string description: 'Search by the description of the the given resource, it is conformed against all of the specified accepted-languages.' userId: name: userId in: path required: true schema: type: string description: 'User unique identifier, generated when the user is created.' groupId: name: groupId in: path required: true schema: type: string description: 'Unique identifier of a group, generated when the group is created.' userType: name: userType in: path required: true schema: type: string description: 'User type that may be one of: ''CUSTOMER'', ''EMPLOYEE''' vendorId: name: vendorId in: path required: true schema: type: string description: 'Unique identifier of a vendor' resourceId: name: resourceId in: path required: true schema: type: string description: Unique identifier of a resource. access_control_Id: name: accessControlId in: path description: 'Unique identifier of an access control, generated when the access control is created.' required: true schema: type: string example: 084bcaf6-66b8-4ddd-9489-65c5f6449e94 permissionId: name: permissionId in: path description: | Unique identifier of a permission, generated when the permission is created. required: true schema: type: string example: 084bcaf6-66b8-4ddd-9489-65c5f6449e94 roleId_path: name: roleId in: path description: | Unique identifier of a role, generated when the role is created. required: true schema: type: string example: 084bcaf6-66b8-4ddd-9489-65c5f6449e94 roleId_query: name: roleId in: query description: Search by access controls with the `roleId` field equal to the specified value. schema: type: string example: 1rl5e52e-6e27-4ac5-9471-2467d3fb7503 examples: fullyExpandedAccessControlList: value: - id: I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname role: id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example role description de: Beispiel Berechtigungsbeschreibung permissions: - id: F243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - Q1233dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: F343dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' resource: id: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example resource description de: Beispiel Domainbeschreibung 2 code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' - id: PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 role: id: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 description: en: Example role description 2 de: Beispiel Berechtigungsbeschreibung 2 permissions: - id: M243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - N943dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' resource: id: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 description: en: Example resource description 2 de: Beispiel Domainbeschreibung 2 code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' fullyExpandedAccessControlListEn: value: - id: I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name role: id: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name description: en: Example role description permissions: - id: F243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - Q1233dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: F343dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' resource: id: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name description: en: Example resource description code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' - id: PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 role: id: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 description: en: Example role description 2 permissions: - id: M243dc9e-a3f6-4573-bb01-a8ae21d2d4ae applicablePermissionResources: - N943dc9e-a3f6-4573-bb01-a8ae21d2d43g - id: Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' resource: id: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 description: en: Example resource description 2 code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' accessControlListWithResourceExpand: value: - id: I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname resource: id: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname description: en: Example resource description de: Beispiel Domainbeschreibung 2 code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' - id: PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 resource: id: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 description: en: Example resource description 2 de: Beispiel Domainbeschreibung 2 code: serviceName.resource metadata: version: 1 createdAt: '2022-01-04 10:44:51.871Z' modifiedAt: '2022-01-05 12:44:51.456Z' metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' accessControlList: value: - id: I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name de: Beispielname metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' - id: PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae roleId: Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae resourceId: L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae name: en: Example name 2 de: Beispielname 2 metadata: version: 1 createdAt: '2019-08-24T14:15:22Z' modifiedAt: '2019-08-24T14:15:22Z' responses: Forbidden_403: description: 'Scope validation failed, details will be provided in response message' content: application/json: schema: type: object properties: code: type: integer message: type: string status: type: string details: type: array items: type: string examples: 'Scope is missing ': value: code: 403 message: Scope validation failed status: Forbidden details: - 'Missing required scopes ''[scope_name]''' Conflict_409: description: 'Resource with given id already exists' content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: example: value: resourceId: 084bcaf6-66b8-4ddd-9489-65c5f6449e94 code: 409 status: Conflict message: Duplicated key details: - Group with id '084bcaf6-66b8-4ddd-9489-65c5f6449e94' already exists Unauthorized_401: description: Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path. content: application/json: schema: type: object properties: fault: type: object properties: faultstring: type: string detail: type: object properties: errorcode: type: string examples: Invalid Access Token: value: fault: faultstring: Invalid Access Token detail: errorcode: keymanagement.service.invalid_access_token Unauthorized: value: {} Bad_request_400: description: Unsupported language provided. content: application/json: schema: type: object properties: code: type: integer status: type: string message: type: string details: type: array items: type: string examples: Unsupported language: value: code: 400 status: Bad Request message: Language header validation failed details: - 'Following languages are not supported: ''ru''' Bad_request_400_cl: description: Unsupported content language provided. content: application/json: schema: type: object properties: code: type: integer status: type: string message: type: string details: type: array items: type: string examples: example-1: value: code: 400 status: Bad Request message: Language header validation failed details: - 'Following languages are not supported: ''ru''' security: - OAuth2: [] tags: - name: Access Controls - name: Group Assignments - name: Groups - name: Permissions - name: Resources - name: Roles - name: Access Control Templates - name: Users - name: Management Dashboard Users