I want to break the roleinheritance with the SharePoint REST API on a single list item. This can be done using http:///_api/Web/Lists(guid'listid')/Items(itemid)/breakroleinheritance(false).
I am using false as parameter in order not to copy the permissions from the list.
The next goal is to assign reader permission to couple of groups and users (I have the Ids of the users and the groups)
But the next step is more complicated. I must use POST requests in order to update/add permissions and cannot find examples on this.
Any ideas are much appreciated.
Thanks.
Related
I am looking for a way to use the Azure DevOps API to get membership of permission groups. The data I am looking for is in the following location on the front end:
I had the same requirement to get team membership within Azure DevOps and was able to do so using the following URI:
https://dev.azure.com/{organization}/_apis/projects/hrs/teams/{teamname}/members?api-version=6.0
I could not find a similar URI to get permission groups and need a way to pull this information using the API.
I've tried many of the API endpoints on the official api documentation (below) focusing on any that seem like they may pull security group related information. In all cases I came up short either because the endpoint did not provide me with what I was looking for, or the documentation for an endpoint wasn't clear on how parameters need to be structured for more advanced use cases.
https://learn.microsoft.com/en-us/rest/api/azure/devops/graph/groups/get?view=azure-devops-rest-7.0&tabs=HTTP
I also tried asking this question to ChatGPT however the endpoints the chatbot provided me with did not work either.
I found a way to get what I am looking for, but I am not a big fan of the approach.
You can use the graph API to list all permission groups
once you have the permission groups, you can write a script to filter for the group object within the API response you want to get the members of.
The group object has the appropriate API endpoint to hit to get the member objects within the _links.memberships property.
Call the API with the memberships link from above. It will return an array of descriptors which can be used in further API calls.
For each descriptor, hit the appropriate API endpoint to resolve the object for that descriptor. If the descriptor starts with aad then it is a user and you can use the user get api. If the descriptor starts with aadgp then it is a group and you use the group get api.
This strategy is rather complicated and requires an API call for each member of the group. I'd hope there is a better solution.
I'm new to the world of REST and devops.
My goal is to list all the permissions in a specific project (new projects have 7 permissions, the important ones to me are the project admins and project valid users).
My end goal is to list, add or remove Azure AD groups to these permission groups.
I can successfully query a list of projects and all teams. I can list the members of a team.
But I can't find how to interact with the permissions.
I was expecting to find it in the GroupEntitlements or MemberEntitlements.
Can someone help me in the right direction?
A second question I will have after this, is how to add an AAD security group to a permission? How do I find out what the correct identifiers are?
I also don't really grasp the concept of a team; if you can put everyone in a permission?
Check the following apis:
Get the list of groups in a Project
GET https://vssps.dev.azure.com/{organization}/_apis/graph/groups?scopeDescriptor={scopeDescriptor}&api-version=6.0-preview.1
List the Security Namespaces
GET https://dev.azure.com/{organization}/_apis/securitynamespaces?api-version=6.0
Get ACL/Tokens
GET https://dev.azure.com/{organization}/_apis/accesscontrollists/{securityNamespaceId}?api-version=6.0
Edit/Set Group Permissions
POST https://dev.azure.com/{organization}/_apis/accesscontrolentries/{securityNamespaceId}?api-version=6.0
Unset/Delete Group Permissions
DELETE https://dev.azure.com/{organization}/_apis/accesscontrolentries/{securityNamespaceId}?api-version=6.0
Here is a useful documentation you can refer to:
https://documenter.getpostman.com/view/10072318/SzfAyS4s
I want to retrieve all the individual users mapped to a Confluence space along with the permission granted to them. Is there a method to achieve the same via REST API?
Right now there is no way to get permission info on a space using the REST API.
An option would be to write your own Rest Service (using the Atlassian API diretly or via Scriptrunner) and query that.
A 2nd option, yet a bit cumbersome would be to call the permissions page of the space admin, and use webscraping to get the users and groups, and then expand the groups to get all users in these groups.
Please keep in mind that you might get all confluence users for some spaces which might cause a problem.
Why do you need this information? Maybe there is another way to solve your problem?
I need to set group permissions by inheriting from another already existing group but it has to be coded. I've managed to create a group but I haven't found a way to edit their permissions, is there any way to do it using either Client libraries or the API resources?
I believe it should be possible to do it using SecurityHttpClient's function SetAccessControlListsAsync() or something similar to it but I'm not sure how to implement it.
It seems you are looking for Access Control Entries - Set Access Control Entries API, which is used to add or update ACEs in the ACL for the provided token.
More details, you can refer to the documentation below:
https://learn.microsoft.com/en-us/rest/api/azure/devops/security/?view=azure-devops-rest-5.0
I don't think it is possible for the APIs at the moment. I also can not find APIs which are used to set the permission for the group.
#Cece Dong - MSFT, in your response, the API is for security namespace of the organization, but it is not for a group. In another word, I can not find any relationship with the security namespace and group. I created a group in my project, but when i use this API to query all the security namespaces, i can not get the relative group info.
I am trying to read out the list of users, incl the user permissions, using the API call documented at https://developers.google.com/analytics/devguides/config/mgmt/v3/mgmtReference/management/accountUserLinks/list
I get the list of users as expected, but not the permissions. (Actually, for "some" users the permissions is listed, but not for the most)
The GA setup has a number of properties, and the users have permissions set on property level in most cases.
My guess is that the "property level permissions" is not reported properly through the API response for the users which in the UI/console have their permissions listed as "None (user has permissions on a lower level)"
As the next intended step is not only to read out the user list, incl permissions, but also do scripted CRUD operations I'd like to understand what the "intended way" to deal with this via the API is.
Anyone that is working with CRUD operations of users via the Analytics management API?
Ah, finally I found the API call https://developers.google.com/analytics/devguides/config/mgmt/v3/mgmtReference/management/webpropertyUserLinks/list which solves the problem.
(Sorry for not RTFM, but it is actually a bit confusing when this API call is at the end of API list, and the other call is in the beginning...)