5.337 Fields: User's Permissions
See the associated Permissions resource section for more information on how to use this resource and supported operations.
Additional references
| Type | Value | Additional information |
|---|---|---|
| Permissions resource | permissions/users | Permissions |
| Hooks filename | permissions.users.groovy | Pre- and Post-Processing Hooks |
| Distinct query-supported | Yes | Distinct |
API version 3
| Field Name | Type | Description |
|---|---|---|
| id | String |
The unique ID of the cached user permission. |
| name | String |
The unique name of the user. |
| permissions | List<Permission> |
The list of permissions. |
Represents a permission
| Field Name | Type | Description |
|---|---|---|
| id | String |
The unique ID of this role. |
| action | String |
The action that can be performed on the resource. |
| administrator | Boolean |
If true, grants full rights over the given resource for the given action. For example, if resource is "jobs" and action is "update" and administrator is true, then this permission allows the user to update any job, not just jobs owned by the user. |
| description | String |
A description of this permission. |
| fieldPath | String |
Field level ACL control, if null or '*', all fields are accessible, otherwise requests must match dot delimited path. Currently only checked when doing writable actions. Example - attributes.*: create|update |
| label | String |
A human readable label for this permission. |
| resource | String |
The resource the permission applies to. |
| resourceFilter | Map<String, Map> |
A map used to limit which resource instances this permission applies to. If this is null then the permission will apply to all instances of the resource. For api permissions the filter uses mongo query syntax. |
| scope | PrivilegeScope |
Whether this permission applies to the principal's tenant-associated resources or globally |
| type | String |
The type of the permission. Only 'api' type permissions are enforced. |
Some permissions and roles ignore tenants and apply globally. Others apply only to the resources associated with the principal's tenants.
API version 2
| Field Name | Type | Description |
|---|---|---|
| id | String |
The unique ID of the cached user permission. |
| name | String |
The unique name of the user. |
| permissions | List<Permission> |
The list of permissions. |
Represents a permission
| Field Name | Type | Description |
|---|---|---|
| id | String |
The unique ID of this role. |
| action | String |
The action that can be performed on the resource. |
| administrator | Boolean |
If true, grants full rights over the given resource for the given action. For example, if resource is "jobs" and action is "update" and administrator is true, then this permission allows the user to update any job, not just jobs owned by the user. |
| description | String |
A description of this permission. |
| fieldPath | String |
Field level ACL control, if null or '*', all fields are accessible, otherwise requests must match dot delimited path. Currently only checked when doing writable actions. Example - attributes.*: create|update |
| label | String |
A human readable label for this permission. |
| resource | String |
The resource the permission applies to. |
| resourceFilter | Map<String, Map> |
A map used to limit which resource instances this permission applies to. If this is null then the permission will apply to all instances of the resource. For api permissions the filter uses mongo query syntax. |
| scope | PrivilegeScope |
Whether this permission applies to the principal's tenant-associated resources or globally |
| type | String |
The type of the permission. Only 'api' type permissions are enforced. |
Some permissions and roles ignore tenants and apply globally. Others apply only to the resources associated with the principal's tenants.
Related Topics