Service access permissions
Learn about the access permissions to assign to service resources and sub resources.
- CREATE
- READ
- UPDATE
- DELETE
- EXECUTE
Console User Management application (for details, see topic Creating a new Role).
Permissions Management (for details, see topic Permissions Management API).
- Permissions for
- The functionality the privileges provide access to, for example, Configuring metadata security permissions for Tenant Management API endpoints.
- Access rights (resource/ sub resource)
- The IDs of the resources and sub resources for the service.
- Access privileges (CREATE, READ, UPDATE, DELETE, EXECUTE)
- The actions authenticated users are permitted to take on that service resource and sub resource.
- API endpoint (HTTP method and URI)
- The method and endpoint to specify in the Permissions management to create a role with permissions for the resource and sub resource.
- UI label
The name of the functionality in the Console User Management application to create a role with permissions for the resource and sub resource.
Examples
This section shows you how to use the information in the Authorization service access permissions topic to create a custom role for the Export service with privileges for extracting activities data from a tenant.
In the Console User Management app, open the custom role you want to assign these permissions to.
Open an existing custom role or create a new one.
In the Create/edit role dialog box, search for or scroll down to the Export Service.
Select the check box for the Activities resource.
Select Save.
To assign the Export service access permissions using the API:
For the desired API endpoint (
POST /export/{tenantId}/activities
), find the:.resource and.sub resource IDs (
data.activities
)defined privileges (EXECUTE)
- Supply these values in the body of the Permissions Management:
POST {oauth_uri}/customers/{customerId}/roles/permissions Headers: Authorization: Bearer <Access-Token> Request Body: [{ "roleName": "ROLE_EXPORT_CUSTOM_ACTIVITIES", "servicePermissions": [ { "id": "export", "resourcePermissions": [ { "id": "data", "resourcePermissions": [ { "id": "activities", "allowedPrivileges": [ "EXECUTE" ] } ] } ] } ] }]