Skip to content

Permissions

Permissions in DatAscend rule the actions which a role can execute on an specific object.

Definition and Purpose of Permissions within the System.

Section titled “Definition and Purpose of Permissions within the System.”

The following are the definitions for what actions can permissions handle and what objects can be managed with permissions.

Actions define what operations can be performed on objects.

ActionDescription
ManageAllows management of existing objects.
CreateAllows the creation of new objects.
GetAllows viewing of existing objects.
UpdateAllows modification of existing objects.
DeleteAllows removal of existing objects.
Get OwnAllows viewing only of existing objects created by the user
Update OwnAllows modification only of existing objects created by the user.
Delete OwnAllows removal only of existing objects created by the user.

Objects represent the resources or entities within the system that users can interact with, such as:

  • Category Menus
  • Relationships
  • Datasources
  • Structure
  • Entities
  • Domains
  • Reports

How they are used to control access to resources, actions, or UI element?

Section titled “How they are used to control access to resources, actions, or UI element?”

Assigning an action to an object creates a permissions. Ej:

Assigning the Get action and the Entity object allows the role with that permission to view all entities of the system.

Relationship between permissions, roles, and users.

Section titled “Relationship between permissions, roles, and users.”

Users are assigned roles, and that role has permissions, which consist of an action on an object

Which Endpoints Interact with Permissions?

Section titled “Which Endpoints Interact with Permissions?”

Retrieve the permissions by object and role id.

Endpoint:

GET /api/v1/data-studio/:roleId/permission/:objectId

parameters:

NameTypeFromDescription
roleIdnumberpathid of the role
objectIdstringpathid of the object

Response example:

{
"error": false,
"status": 200,
"message": "string",
"errors": [{}],
"data": [
{
"id": "0",
"description": "(manage users on system)",
"active": true,
"objectId": "1",
"actionId": "1",
"actionItem": "Manage",
"objectItem": "user",
"objectType": "System",
"allowed": true,
"allowedSdate": "2024-10-23T06:00:00.000Z",
"allowedEdate": "2024-10-23T06:00:00.000Z"
}
],
"pagination": {
"hasPreviousPage": true,
"hasNextPage": true,
"previousPage": 0,
"nextPage": 0,
"recordsTotal": 0,
"currentPage": 0,
"startIndex": 0,
"numPages": 0,
"limit": 0
}
}

Create permissions stored on role in studio by given object

Section titled “Create permissions stored on role in studio by given object”

Create permissions stored on a role in studio by a given object.

Endpoint:

POST /api/v1/data-studio/:roleId/permission

parameters:

NameTypeFromDescription
roleIdnumberpathid of the role

Request example:

{
"permissions": [
{
"id": "1",
"description": "(manage users on system)",
"active": true,
"objectId": 3196,
"actionId": 2,
"actionItem": "Manage",
"objectItem": "user",
"objectType": "System"
}
]
}
  • id: id of the permission
  • description: description of the permission
  • active: If the permission is active
  • objectId: id of the object
  • actionId: id of the action
  • actionItem: description of the action
  • objectItem: item of the object
  • objectType: type of the object

Response example:

{
"error": false,
"status": 200,
"message": "string",
"errors": [{}],
"data": [
{
"id": "0",
"description": "(manage users on system)",
"active": true,
"objectId": "1",
"actionId": "1",
"actionItem": "Manage",
"objectItem": "user",
"objectType": "System",
"allowed": true,
"allowedSdate": "2024-10-23T06:00:00.000Z",
"allowedEdate": "2024-10-23T06:00:00.000Z"
}
],
"pagination": {
"hasPreviousPage": true,
"hasNextPage": true,
"previousPage": 0,
"nextPage": 0,
"recordsTotal": 0,
"currentPage": 0,
"startIndex": 0,
"numPages": 0,
"limit": 0
}
}

Endpoint:

GET /api/v1/entities/{entity}/permissions

parameters:

NameTypeFromDescription
entitystringpathid of the entity
versionstringqueryversion of the application

Endpoint:

POST /api/v1/entities/{entity}/permissions

parameters:

NameTypeFromDescription
entitystringpathid of the entity
versionstringqueryversion of the application

Request Body:

[
{
"permissionId": "string",
"actionItem": "string",
"actionId": "string",
"roleItem": "string",
"roleId": "string",
"active": true
}
]

Example Response:

{
"status": 201,
"error": false,
"entityName": "string",
"data": [
{
"permissionId": "string",
"actionItem": "string",
"actionId": "string",
"roleItem": "string",
"roleId": "string",
"active": true
}
]
}

Get permissions stored on role by given object

Section titled “Get permissions stored on role by given object”

Retrieve permissions stored on a role in studio by a given object.

Endpoint:

/api/v1/permissions/:roleId

Parameters:

NameTypeFromDescription
roleId`numberpathid of the role

Response example:

{
error": false,
status": 200,
message": "string",
errors": [{}],
data": [
{
"name": "action",
"permission": true
}]
,
pagination": {
"hasPreviousPage": true,
"hasNextPage": true,
"previousPage": 0,
"nextPage": 0,
"recordsTotal": 0,
"currentPage": 0,
"startIndex": 0,
"numPages": 0,
"limit": 0
}}

Endpoint:

/api/v1/permissions/all/:roleId

Parameters:

NameTypeFromDescription
roleIdnumberpathid of the role

Response example:

{
error": false,
status": 200,
message": "string",
errors": [{}],
data": [
{
"id": "1",
"description": "(manage users on system)",
"active": true,
"objectId": "1",
"actionId": "1",
"actionItem": "Manage",
"objectItem": "user",
"objectType": "System",
"allowed": true,
"allowedSdate": "2024-10-23T06:00:00.000Z",
"allowedEdate": "2024-10-23T06:00:00.000Z"
}],
pagination": {
"hasPreviousPage": true,
"hasNextPage": true,
"previousPage": 0,
"nextPage": 0,
"recordsTotal": 0,
"currentPage": 0,
"startIndex": 0,
"numPages": 0,
"limit": 0}}

Get all available permissions stored on object

Section titled “Get all available permissions stored on object”

Retrieve all available permissions stored on a specific object.

Endpoint:

/api/v1/roles/permissions/:objectType/:objectItem

Parameters:

NameTypeFromDescription
objectTypestringpathtype of the object
objectItemstringpathid/name of the object
limitnumberquerylimit for pagination
pagenumberquerypage for pagination

Response example:

{
error": false,
status": 200,
message": "string",
errors": [{}],
data": [
{
"id": "1",
"actionId": "1",
"objectId": "1",
"active": true,
"description": "admin"
}],
pagination": {
"hasPreviousPage": true,
"hasNextPage": true,
"previousPage": 0,
"nextPage": 0,
"recordsTotal": 0,
"currentPage": 0,
"startIndex": 0,
"numPages": 0,
"limit": 0
}}

Get permissions stored on role by given object

Section titled “Get permissions stored on role by given object”

Retrieve permissions stored on a role for a given object.

Endpoint:

/api/v1/roles/:roleId/permissions/:objectType/:objectItem

Parameters:

NameTypeFromDescription
roleIdnumberpathid of the role
objectTypestringpathtype of the object
objectItemstringpathid/name of the object
limitnumberquerylimit for pagination
pagenumberquerypage for pagination

Response example:

{
error": false,
status": 200,
message": "string",
errors": [{}],
data": [
{
"roleId": "1",
"objectItem": "cattle",
"objectType": "Table",
"permissions": "1"
}],
pagination": {
"hasPreviousPage": true,
"hasNextPage": true,
"previousPage": 0,
"nextPage": 0,
"recordsTotal": 0,
"currentPage": 0,
"startIndex": 0,
"numPages": 0,
"limit": 0
}}

Overwrite permissions stored on role by given object

Section titled “Overwrite permissions stored on role by given object”

Overwrite permissions stored on a role for a given object.

Endpoint:

/api/v1/roles/:roleId/permissions

Parameters:

NameTypeFromDescription
roleIdnumberpathid of the role

Request example:

{
objectItem": "cattle",
objectType": "Table",
permissions": 1
}

**Response example:**

{
error": false,
status": 200,
message": "string",
errors": [{}],
data": [
{
"roleId": "1",
"objectItem": "cattle",
"objectType": "Table",
"permissions": "1",
"id": "1",
"actionId": "1",
"objectId": "1",
"active": true,
"description": "Permission applied in object"
}]
,
pagination": {
"hasPreviousPage": true,
"hasNextPage": true,
"previousPage": 0,
"nextPage": 0,
"recordsTotal": 0,
"currentPage": 0,
"startIndex": 0,
"numPages": 0,
"limit": 0
}}

Get information about current user (including permissions)

Section titled “Get information about current user (including permissions)”

Endpoint:

/api/v1/users/me

Response example:

{
error": false,
status": 200,
message": "string",
errors": [{}],
data": {
"id": "1",
"contactId": 1,
"email": "email@email.co",
"username": "Administrador",
"createdAt": "2022-01-05T16:27:16.560Z",
"updatedAt": "2022-01-05T16:27:16.560Z",
"active": true,
"login": true,
"loginInfo": {
"message": "status_messages.user_logged_in_successfully",
"remoteAddr": "127.0.0.1",
"userAgent": "Mozilla/5.0"
},
"roles": [
{
"id": "1",
"name": "Administrador",
"dashboardCustomQuery": "2"
}
],
"permissions": [
{
"actionItem": "string",
"domain": "string",
"objectItem": "string",
"role": "string",
"roleId": "string"
}
],
"domains": [
{
"id": 0,
"name": "Any domain",
"description": "Any description",
"subDomains": ["string"],
"parentId": 0,
"createdAt": "1970-01-01T00:00:00Z",
"updatedAt": "1970-01-01T00:00:00Z",
"active": true
}
],
"isAdmin": true,
"menu": [
{
"category": "category",
"menuOptions": [
{
"menuId": "2",
"menuName": "test",
"entity": "animal"
}
]
}
]
,
pagination": {
"hasPreviousPage": true,
"hasNextPage": true,
"previousPage": 0,
"nextPage": 0,
"recordsTotal": 0,
"currentPage": 0,
"startIndex": 0,
"numPages": 0,
"limit": 0}}}