API Documentation v1
REST API Access Manager 2024.2.0.0 Manual for Developers
Glossary
Term | Meaning |
---|---|
AM | BAYOOSOFT Access Manager |
API | Application Programming Interface |
REST | REpresentational State Transfer |
HTTP | Hypertext Transfer Protocol |
URI | Uniform Resource Identifier |
JSON | JavaScript Object Notation |
Introduction
The Access Manager API allows external software products to control functions of Access Manager. The API is HTTP-based RESTful API which adhere the REST architectural constraints.
General
Paths
All paths in the API start with {Domain}/api/{version}. The current version of the API is v1.
An access to an API resource is thus for example via the URL
http://{domain}/api/v1/resource
.
Special characters in query parameters must be encoded if necessary.
In some cases it may be necessary to replace a blank character by
%20
,
a backslash \
by %5C
and the forward slash /
by %2F
.
For example, \\\\server\\name\\share name\\folder name
becomes %5C%5Cserver%20name%5Cshare%20name%5Cfolder%20name
.
Validation
All actions, that can be performed using the API, can also be performed via the AM web frontends. However, input data is validated less strictly by the API than it is by the web frontends. Meaning, a request that causes a validation error by the web frontend could still be valid for the API.
System generated IDs
Throughout the AM API, artificial IDs, generated by the system, are used to identify resources. A resource ID returned by the API will remain valid as long as the resource exists but may become invalid if certain aspects of the resource (e.g.its name) change. Also, it cannot be guaranteed that resource IDs remain compatible over several versions of AM.
Error messages
The error messages provided by the AM API are only informational.
HTTP Messages
The client and server talk to each other via messages. Clients send a request to the server, and the server replies with a response. Apart from the actual data, these messages also contain some metadata about the message. It is important to have some background knowledge about the HTTP 1.1 request and response formats.
HTTP Request
An HTTP request has the format which consists of:
<VERB> is one of the HTTP methods like GET
, PUT
, POST
, DELETE
etc.
<URI> is the URI of the resource on which the operation is going to be performed.
<HTTP Version> is the version of HTTP, generally HTTP v1.1
.
<Request Header> contains the metadata as a collection of key-value pairs of headers and their values. These settings contain information about the message and its sender like client type, the formats the client supports, format type of the message body, cache settings for the response, and many more information.
<Request Body> is the actual message content. In this API, if the content has been provided in request body to any method of the service, it should always be in JSON format.
HTTP Response
An HTTP Response has the format which consists of:
The server returns <Response Code>, which contains the status of the request. This response code is generally the 3-digit HTTP status code.
Status codes indicate the result of the HTTP request.
Code | Meaning |
---|---|
1XX | Informational |
2XX | Success |
3XX | Redirection |
4XX | Client Error |
5XX | Server Error |
<Response Header> contains the metadata and settings about the response message.
<Response Body> contains the representation of data if returned by the method.
Authentication
To access the API, the user must have been assigned the role API User. The user rights can be assigned or updated under Administrator / Settings / System Roles.
Authentication in AM API is always done against active directory users. A technical service account should be created in order to access the API. The available authentication methods depend on IIS configuration. The following methods have been tested to work:
- Windows Authentication (NTLM)
- Windows Authentication (Negotiate / Kerberos)
- Digest Authentication
- Basic Authentication
The used method depends on the client's capabilities and operating system. Basic Authentication guarantees maximum compatibility, but please make sure to use TLS / SSL secured connection because credentials are transmitted in clear text.
Token-based authentication using OAuth or OAuth2 mechanism is currently not supported.
Resources and Methods
The following chapters describe all resources provided by the Access Manager API and their applicable methods.
The following modules of Access Manager are relevant:
- Fileserver Management (API module string:
FolderManagement
) - SharePoint Management (API module string:
SharePoint
) - 3rd Party Management (API module string:
ThirdParty
) - Profile Management (API module string:
Profile
)
Dependent on the module, some parameters can only have values as shown in the table below.
module |
location |
permission |
---|---|---|
FolderManagement |
Full UNC directory path (e.g., \\server\share\folder) | read , write |
SharePoint |
URL (e.g., https://example.com/site) | read , write , design |
ThirdParty |
Item Collection/Item (e.g., Printers/Inkjet) | See Permission Set of Location. |
Profile |
Profile name (e.g., Marketing) | profilemembership |
In addition to the possible error responses described in each of the following chapters, every API method can return the error response 400 Bad Request. This response indicates that the request was malformed and should not be repeated without modifications. Possible reasons for a 400 response include:
- The request body was not valid JSON
- A non-optional parameter was omitted
- A parameter had a value of the wrong type
- A parameter had an invalid value that cannot be made valid by changing the system status, e.g., the parameter
module
had a value other thanFolderManagement
,SharePoint
,ThirdParty
orProfile
Permissions
With the resource Permissions, access rights or permissions for supported locations can be managed.
It can be accessed by the path /permissions
.
The JSON representation of a permission object is defined below:
{
"module": "FolderManagement or SharePoint or ThirdParty or Profile",
"location": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName or ProfileName",
"subject_type": "User or Profile",
"user_id": "DOMAIN\\account.name or DOMAIN\\groupname or [email protected] or UserProfileName",
"permission": "read or write or design or owner or member or visitor or profilemembership", // See permission set of location
"valid_from": "YYYY-MM-DD", // optional date
"valid_through": "YYYY-MM-DD" // optional date
}
{
"id": "Zm0tNDItYXUtRE9NQUlOXGFjY291bnQubmFtZQ", // System generated permission id
"module": "FolderManagement or SharePoint or ThirdParty or Profile",
"location": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName or ProfileName",
"subject_type": "User or Profile",
"user_id": "DOMAIN\\account.name or DOMAIN\\groupname or [email protected] or UserProfileName",
"permission": "read or write or design or owner or member or visitor or profilemembership", // See permission set of location
"valid_from": "YYYY-MM-DD", // optional date
"valid_through": "YYYY-MM-DD" // optional date
}
Get Permissions by URL Parameters
GET /api/v1/permissions
Gets a list of permissions filtered by user_id
or location
.
This method only returns individual (direct) permissions or permissions via profiles on a location.
To get the effective permissions on a location, use Get Effective Permissions of a Location on the Locations resource.
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
module | query | TargetType | false | Can be one or more valid module strings, separated by commas. If omitted, falls back to FolderManagement . |
location | query | string | false | Either location or user_id is required. |
subject_type | query | SubjectType | false | Can be User or Profile or both, separated by comma. If omitted, falls back to User . |
user_id | query | string | false | Either location or user_id is required. |
permission | query | string | false | none |
valid_from | query | string(date) | false | none |
valid_through | query | string(date) | false | none |
Detailed descriptions
subject_type: Can be User
or Profile
or both, separated by comma. If omitted, falls back to User
.
If user_id
is supplied, the combination of both User
and Profile
is not allowed.
When using User
, user_id
must be an active directory user or group name.
When using Profile
, user_id
must be a profile name.
Enumerated Values
Parameter | Value |
---|---|
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
subject_type | User |
subject_type | Profile |
Example responses
200 Response
[
{
"id": "Zm0tNDItYXUtRE9NQUlOXGFjY291bnQubmFtZQ",
"module": "FolderManagement",
"location": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName or ProfileName",
"subject_type": "User",
"user_id": "DOMAIN\\account.name or DOMAIN\\groupname or [email protected] or ProfileName",
"permission": "read or write or design or owner or member or visitor or profilemembership",
"valid_from": "2024-07-26",
"valid_through": "2024-07-26",
"comment": "string"
}
]
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | A (possibly empty) list of permissions. | Inline |
409 | Conflict | If neither user_id nor location are provided, the message "At least one of the filter parameters location or user_id is required." is returned. |
ErrorResponseModel |
Response Schema
Status Code 200
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
anonymous | [PermissionResponseModel] | false | none | none |
» id | string | true | none | System generated permission id. |
» module | TargetType | true | none | Determines the type of location . For RenewAccessSettingsDataModel : Determines the type of path . If omitted, falls back to FolderManagement . |
» location | string | true | none | Must be a UNC path, URL, 3rd-Party-Item location or profile name, depending on module . |
» subject_type | SubjectType | false | none | Determines the type of user_id . If omitted, falls back to User . When using User , user_id must be an active directory user or group name. When using Profile , user_id must be a profile name. |
» user_id | string | true | none | Must be an Active Directory user sAMAccountName or group name with NetBIOS domain name prefix, a Microsoft Entra user principal name, or a profile name, depending on subject_type . |
» permission | string | true | none | See Permission Set of Location. |
» valid_from | string(date)¦null | false | none | Optional start date, only valid for profile permissions. |
» valid_through | string(date)¦null | false | none | Optional expiration date. |
» comment | string¦null | false | none | Optional permission comment |
Enumerated Values
Property | Value |
---|---|
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
subject_type | User |
subject_type | Profile |
Add Permission
POST /api/v1/permissions
Adds new privileges to a user or a profile on a certain location.
The request body must be a JSON object containing the module
, location
, subject_type
, user_id
, the permission
to grant, and optional start (valid_from
) and expiration (valid_through
) dates.
If the supplied location
uses supplementary permissions,
and the supplied user_id
already has different permissions on the location,
the supplied permission
is added to the user’s permissions and
the start (valid_from
) and expiration (valid_through
) dates are replaced on all of the user’s permissions on the location
.
Body parameter
{
"module": "FolderManagement",
"location": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName or ProfileName",
"subject_type": "User",
"user_id": "DOMAIN\\account.name or DOMAIN\\groupname or [email protected] or ProfileName",
"permission": "read or write or design or owner or member or visitor or profilemembership",
"valid_from": "2024-07-26",
"valid_through": "2024-07-26",
"comment": "string"
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
body | body | CreatePermissionModel | true | none |
Example responses
201 Response
{
"id": "Zm0tNDItYXUtRE9NQUlOXGFjY291bnQubmFtZQ",
"module": "FolderManagement",
"location": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName or ProfileName",
"subject_type": "User",
"user_id": "DOMAIN\\account.name or DOMAIN\\groupname or [email protected] or ProfileName",
"permission": "read or write or design or owner or member or visitor or profilemembership",
"valid_from": "2024-07-26",
"valid_through": "2024-07-26",
"comment": "string"
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
201 | Created | Response Header: Location: /api/v1/permissions/{permissionId} |
PermissionResponseModel |
400 | Bad Request | If the request model is invalid, the message "The request is invalid." is returned. | ErrorResponseModel |
409 | Conflict | If the given user_id does not exist in the identity store identified by subject_type , the message "The request is invalid." is returned. If location is invalid, the message "Location not found." is returned. If permission is invalid, the message "Invalid permission." is returned. If the user, group or profile is already permitted, the message "Subject already permitted." is returned. If the user, group or profile cannot be permitted on the supplied location because of mismatching Active Directory domains or Microsoft Entra tenants, the message "The domain or tenant of the supplied subject and location do not match." is returned. |
ErrorResponseModel |
Get Permission by PermissionId
GET /api/v1/permissions/{permissionId}
Gets the permission details of the provided permissionId
.
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
permissionId | path | string | true | System generated permission id. |
Example responses
200 Response
{
"id": "Zm0tNDItYXUtRE9NQUlOXGFjY291bnQubmFtZQ",
"module": "FolderManagement",
"location": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName or ProfileName",
"subject_type": "User",
"user_id": "DOMAIN\\account.name or DOMAIN\\groupname or [email protected] or ProfileName",
"permission": "read or write or design or owner or member or visitor or profilemembership",
"valid_from": "2024-07-26",
"valid_through": "2024-07-26",
"comment": "string"
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | A single permission for locations using exclusive permissions or a list of permissions for locations using supplementary permissions. | PermissionResponseModel |
404 | Not Found | If the given permissionId does not exist in AM, the message "Permission not found." is returned. |
ErrorResponseModel |
Remove Permission
DELETE /api/v1/permissions/{permissionId}
Removes the permission identified by permissionId
.
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
permissionId | path | string | true | System generated permission id. |
permission | query | string | false | If the location uses supplementary permissions, the permission to be deleted can be identified using the optional query parameter permission . |
comment | query | string | false | Optional permission comment |
Detailed descriptions
permission: If the location uses supplementary permissions, the permission
to be deleted can be identified using the optional query parameter permission
.
If the permission
parameter is omitted, all permissions of the user on the location are deleted.
Example responses
404 Response
{
"message": "The request is invalid.",
"model_state": {
"model_property": [
"Error description."
]
}
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
204 | No Content | No Content | None |
404 | Not Found | If the given permissionId does not exist in AM, the message "Permission not found." is returned. |
ErrorResponseModel |
409 | Conflict | If permission is invalid, the message "Invalid permission." is returned. |
ErrorResponseModel |
Update Permission
PUT /api/v1/permissions/{permissionId}
Updates the access rights (permission
) or also start (valid_from
) and expiry (valid_through
) dates of a user or a profile to access a particular location.
The permission must already exist in the system.
It cannot be used to create new permissions.
The request body must be a JSON object containing the permission
to update and optional start (valid_from
) and expiry (valid_through
) dates.
The permissionId
must be passed in the URL.
If the start (valid_from
) or expiry (valid_through
) date is null or not provided in the request, it will be removed from AM.
If the location uses supplementary permissions, the permission
parameter must contain the value *
.
Only valid_from
and valid_through
are updated on all permissions of the user on the location.
Body parameter
{
"permission": "read or write or design or owner or member or visitor or profilemembership",
"valid_from": "2024-07-26",
"valid_through": "2024-07-26",
"comment": "string"
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
permissionId | path | string | true | System generated permission id. |
body | body | UpdatePermissionModel | true | none |
Example responses
200 Response
{
"id": "Zm0tNDItYXUtRE9NQUlOXGFjY291bnQubmFtZQ",
"module": "FolderManagement",
"location": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName or ProfileName",
"subject_type": "User",
"user_id": "DOMAIN\\account.name or DOMAIN\\groupname or [email protected] or ProfileName",
"permission": "read or write or design or owner or member or visitor or profilemembership",
"valid_from": "2024-07-26",
"valid_through": "2024-07-26",
"comment": "string"
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | A single permission for locations using exclusive permissions or a list of permissions for locations using supplementary permissions. | PermissionResponseModel |
400 | Bad Request | If the request model is invalid, the message "The request is invalid." is returned. | ErrorResponseModel |
404 | Not Found | If the given permissionId does not exist in AM, the message "Permission not found." is returned. |
ErrorResponseModel |
409 | Conflict | If permission is invalid, the message "Invalid permission." is returned. |
ErrorResponseModel |
Scheduler
With the resource Scheduler, jobs can be scheduled.
It can be accessed by the path /scheduler
.
Schedule Renew Access Settings
POST /api/v1/scheduler/triggers/renew_access_settings
Schedules a job that renews the access settings.
This method works differently depending on the value of field offset_minutes
:
- If the value of
offset_minutes
is greater than 0, it schedules the renew access settings job after the input provided time (minutes). - If the value of
offset_minutes
is not provided or is equal to 0, it schedules the renew access settings job immediately if it is not already scheduled.
The job being scheduled and the required format of path
depend on the supplied module
:
Supplied module |
Example path |
Job name |
---|---|---|
FolderManagement |
\\server\share\folder |
MaintainFolderPermissions |
SharePoint |
http://host/path |
MaintainSitePermissions |
ThirdParty |
ItemCollectionName/ItemName |
MaintainItemPermissions |
Body parameter
{
"offset_minutes": 10,
"data": {
"module": "FolderManagement",
"path": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName"
}
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
body | body | RenewAccessSettingsTriggerRequestModel | false | none |
Example responses
409 Response
{
"message": "The request is invalid.",
"model_state": {
"model_property": [
"Error description."
]
}
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
202 | Accepted | Success Response. | None |
409 | Conflict | If the combination of module and path is incorrect, the message "Location not found." is returned. |
ErrorResponseModel |
Locations
With the resource Locations,
different kinds of information about locations like folders and sites can be requested.
It can be accessed by the path /locations
.
Each AM module supports different types of locations. The following types are supported:
module |
type |
subtypes |
Example location |
Description |
---|---|---|---|---|
FolderManagement |
ResourceGroup |
Server | Can, but does not have to, represent a fileserver | |
FolderCollection |
\\server\share | Can, but does not have to, represent a network share on a fileserver | ||
ManagedFolderCollection |
\\server\share | Can, but does not have to, represent a network share on a fileserver whose access permissions are being managed by AM | ||
Folder |
\\server\share\folder | A filesystem folder below a network share on a fileserver | ||
RightsFolder |
\\server\share\folder | A folder whose access permissions are being managed by AM | ||
SharePoint |
SiteCollection |
https://example.com | A web site collection on a SharePoint server | |
ManagedSiteCollection |
https://example.com | A web site collection whose access permissions are being managed by AM | ||
Site |
https://example.com/site | A web site below a web site collection on a SharePoint server | ||
ManagedSite |
https://example.com/site | A web site whose access permissions are being managed by AM | ||
ThirdParty |
ThirdPartyItemCollection |
[ActiveDirectoryItemCollection ] |
Printers | A collection of 3rd party items backed by Active Directory groups |
[MsTeamsItemCollection ] |
Teams Collection | A collection of 3rd party items backed by Microsoft Teams | ||
[SharePointItemCollection ] |
Site Collection | A collection of 3rd party items backed by Microsoft SharePoint | ||
ThirdPartyItem |
[ActiveDirectoryItem ] |
Printers/Inkjet | A 3rd party item backed by Active Directory groups whose Active Directory group memberships are being managed by AM | |
[MsTeamsItem , MsTeamsTeam ] |
Teams Collection/Marketing Team | A 3rd party item backed by Microsoft Teams whose Team memberships are being managed by AM | ||
[SharePointItem , SharePointSite , SharePointTeamSiteMs365Group ] |
Site Collection/Marketing Team Site | A 3rd party item backed by a Microsoft SharePoint Team Site with a Microsoft 365 Group whose permissions are being managed by AM | ||
[SharePointItem , SharePointSite , SharePointTeamSiteSpGroups ] |
Site Collection/Other Team Site | A 3rd party item backed by a Microsoft SharePoint Team Site with SharePoint Groups whose permissions are being managed by AM | ||
[SharePointItem , SharePointSite , SharePointCommunicationSite ] |
Site Collection/Public Marketing Site | A 3rd party item backed by a Microsoft SharePoint Communication Site whose permissions are being managed by AM | ||
Profile |
UserProfile |
Marketing | A user profile within Access Manager with no responsibles assigned | |
ManagedUserProfile |
Marketing | A user profile within Access Manager with at least one responsible assigned | ||
OrgProfile |
Marketing | An organizational profile within Access Manager |
Get Locations by URL Parameters
GET /api/v1/locations
Gets a possibly filtered list of all locations known to AM.
The list can optionally be filtered using a combination of query parameters. Omitted filters are not applied. The following query parameters are supported:
module
: If set, only locations of the given module are returned. Required, if location
is set.
onlyVisibleInSsp
: If set to true
, only locations that are visible in the AM Self Service Portal (SSP) are returned.
Setting this filter to false
has the same effect as omitting it:
all locations are returned regardless of their visibility in the SSP.
This filter is ignored if location
is set.
location
: Load only the given location
. If set, module
must also be specified and onlyVisibleInSsp
is ignored.
A successful request will return a (possibly empty) unordered list of location objects.
Each location object contains a system generated location identifier (id
),
a module
,
a location
(e.g., folder path or site URL),
a type
(e.g., RightsFolder
or ManagedSite
) and
the fields requests_enabled
and
supplementary_permissions
.
requests_enabled
is only set for locations of type
RightsFolder
, ManagedFolderCollection
, ManagedSite
or ManagedSiteCollection
.
On location object of other types, it will always be null.
requests_enabled
indicates, whether permissions on this location can be requested using the SSP.
It has no impact on the request API resource.
As modules like ThirdParty
and Profile
are not explicitly supported,
possibility of being requestable can be decided by their SSP visibility (see above):
if a resource object is not visible in SSP, you may judge this as not requestable – even though it is possible via this API function.
supplementary_permissions
indicates whether the locations logic to grant permissions is set to "Supplementary Permissions" or "Exclusive Permissions".
false
in this case means the locations logic to grant permissions is set to "Exclusive-Permissions" which is the default for all types.
The only type
that supports "Supplementary Permissions" is 3rd party item (ThirdPartyItem
).
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
Module | query | TargetType | false | If set, only locations of the given module are returned. Required, if location is set. |
OnlyVisibleInSsp | query | boolean | false | If set to true , only locations that are visible in the AM Self Service Portal (SSP) are returned. |
Location | query | string | false | Load only the given location . If set, module must also be specified and onlyVisibleInSsp is ignored. |
Detailed descriptions
OnlyVisibleInSsp: If set to true
, only locations that are visible in the AM Self Service Portal (SSP) are returned.
Setting this filter to false
has the same effect as omitting it:
all locations are returned regardless of their visibility in the SSP.
This filter is ignored if location
is set.
Enumerated Values
Parameter | Value |
---|---|
Module | FolderManagement |
Module | SharePoint |
Module | Profile |
Module | ThirdParty |
Example responses
200 Response
[
{
"type": "ResourceGroup",
"id": "Zm0tZl9pZC00Mg",
"requests_enabled": true,
"supplementary_permissions": true,
"module": "FolderManagement",
"location": "ResourceGroupName or \\\\server\\share\\folder or http://host/path or ItemCollectionName or ItemCollectionName/ItemName or ProfileName"
}
]
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | A (possibly empty) unordered list of LocationResponseModel, ResourceGroupResponseModel or FolderCollectionResponseModel. | Inline |
400 | Bad Request | If module is invalid, the message "The value 'module' is not valid for Module." is returned. |
ErrorResponseModel |
Response Schema
Enumerated Values
Property | Value |
---|---|
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
domain_mode | SingleDomain |
domain_mode | MultiDomain |
domain_mode | MultiDomainOptimized |
deviation_strategy | IdentifyAndCorrect |
deviation_strategy | Identify |
deviation_strategy | Ignore |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
Add Location
POST /api/v1/locations
Adds a new location.
The required format of the request model varies based on the location type
:
ResourceGroup
: CreateResourceGroupModel
{
"type": "ResourceGroup",
"module": "FolderManagement",
"location": "ResourceGroupName",
"description": "string"
}
FolderCollection
: CreateFolderCollectionModel
{
"type": "FolderCollection",
"module": "FolderManagement",
"location": "\\\\server\\share\\folder",
"resource_group_id": "Zm0tcmdpZC0x",
"display_name": "string",
"enable_rights_management": true,
"agent_group_name": "Default",
"domain_mode": "MultiDomain",
"organizational_unit": "OU=ou,DC=domain,DC=tld",
"local_ad_group_naming_pattern": "lg_{0}_{1:00000000}_{2}",
"global_ad_group_naming_pattern": "gg_{0}_{1:00000000}_{2}",
"admin_group": "DOMAIN\\group.name",
"browse_group": "DOMAIN\\group.name",
"enable_access_groups": true,
"enable_new_folder_requests_on_folder_collection": true,
"deviation_strategy": "IdentifyAndCorrect",
"always_take_ownership": false,
"audit_ownership_changes": false,
"enable_realtime_permissions": true
}
If any other location type
is provided, the API will respond with a 400 Bad Request response.
Body parameter
{
"type": "ResourceGroup",
"module": "FolderManagement",
"location": "ResourceGroupName or \\\\server\\share\\folder or http://host/path or ItemCollectionName or ItemCollectionName/ItemName or ProfileName"
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
body | body | any | true | An instance of CreateResourceGroupModel or CreateFolderCollectionModel. |
Example responses
201 Response
{
"type": "ResourceGroup",
"id": "Zm0tZl9pZC00Mg",
"requests_enabled": true,
"supplementary_permissions": true,
"module": "FolderManagement",
"location": "ResourceGroupName or \\\\server\\share\\folder or http://host/path or ItemCollectionName or ItemCollectionName/ItemName or ProfileName"
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
201 | Created | Response Header: Location: /api/v1/locations/{locationId} . Response Body: An instance of ResourceGroupResponseModel or FolderCollectionResponseModel. |
Inline |
400 | Bad Request | If the request model is invalid, the message "The request is invalid." is returned. If the given location does not support creation, the message "Provided location does not support this operation." is returned. | ErrorResponseModel |
409 | Conflict | If the provided location is invalid, the message "Invalid location." is returned. If the provided resource_group_id is invalid, the message "Invalid resource group id." is returned. |
ErrorResponseModel |
Response Schema
Enumerated Values
Property | Value |
---|---|
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
domain_mode | SingleDomain |
domain_mode | MultiDomain |
domain_mode | MultiDomainOptimized |
deviation_strategy | IdentifyAndCorrect |
deviation_strategy | Identify |
deviation_strategy | Ignore |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
Get Information by LocationId
GET /api/v1/locations/{locationId}
Returns details of the location identified by the provided locationId
.
This requires an HTTP GET
query including the locationId
is sent to /locations
.
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
locationId | path | string | true | System generated location id. |
Example responses
200 Response
{
"type": "ResourceGroup",
"id": "Zm0tZl9pZC00Mg",
"requests_enabled": true,
"supplementary_permissions": true,
"module": "FolderManagement",
"location": "ResourceGroupName or \\\\server\\share\\folder or http://host/path or ItemCollectionName or ItemCollectionName/ItemName or ProfileName"
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | An instance of LocationResponseModel, ResourceGroupResponseModel or FolderCollectionResponseModel. | Inline |
404 | Not Found | If the given location does not exist in AM, the message "Location not found." is returned. | ErrorResponseModel |
Response Schema
Enumerated Values
Property | Value |
---|---|
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
domain_mode | SingleDomain |
domain_mode | MultiDomain |
domain_mode | MultiDomainOptimized |
deviation_strategy | IdentifyAndCorrect |
deviation_strategy | Identify |
deviation_strategy | Ignore |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
Remove Location
DELETE /api/v1/locations/{locationId}
Removes the location identified by the provided locationId
.
This requires an HTTP DELETE
query including the locationId
is sent to /locations
.
Only locations of type
ResourceGroup
, ManagedFolderCollection
and FolderCollection
support deletion.
If any other location type
is provided, the API will respond with a 400 Bad Request response.
Body parameter
{
"type": "ResourceGroup"
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
locationId | path | string | true | System generated location id. |
body | body | LocationRequestModel | true | none |
Example responses
400 Response
{
"message": "The request is invalid.",
"model_state": {
"model_property": [
"Error description."
]
}
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
204 | No Content | No Content | None |
400 | Bad Request | If the request model is invalid, the message "The request is invalid." is returned. If the given location does not support deleting, the message "Provided location does not support this operation." is returned. If the provided locationId does not match the location type , the message "Provided locationId does not match location type." is returned. |
ErrorResponseModel |
404 | Not Found | If the given location does not exist in AM, the message "Provided location does not exist." is returned. | ErrorResponseModel |
409 | Conflict | Only resource groups that don't contain any folder collections can be deleted. If the given location is a resource group and still contains folder collections, the message "Resource group contains folder collections." is returned. | ErrorResponseModel |
Update Location
PUT /api/v1/locations/{locationId}
Updates the properties of the particular location.
The location must already exist in the system.
It cannot be used to create a new location.
the JSON object is required to contain the type
of the location to update and additional required properties in the request body.
The locationId
is required to be passed in the URL.
The type
of the location cannot be changed.
If any property is null or not provided in the request,
it will be removed from AM.
The required format of the request model varies based on the location type
:
ResourceGroup
: UpdateResourceGroupModel
{
"type": "ResourceGroup",
"location": "ResourceGroupName",
"description": "string"
}
FolderCollection
or ManagedFolderCollection
: UpdateFolderCollectionModel
{
"type": "FolderCollection",
"display_name": "string",
"enable_rights_management": true,
"agent_group_name": "Default",
"domain_mode": "MultiDomain",
"organizational_unit": "OU=ou,DC=domain,DC=tld",
"local_ad_group_naming_pattern": "lg_{0}_{1:00000000}_{2}",
"global_ad_group_naming_pattern": "gg_{0}_{1:00000000}_{2}",
"admin_group": "DOMAIN\\group.name",
"browse_group": "DOMAIN\\group.name",
"enable_access_groups": true,
"enable_new_folder_requests_on_folder_collection": true,
"deviation_strategy": "IdentifyAndCorrect",
"always_take_ownership": false,
"audit_ownership_changes": false,
"enable_realtime_permissions": true
}
If any other location type
is provided, the API will respond with a 400 Bad Request response.
Body parameter
{
"type": "ResourceGroup"
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
locationId | path | string | true | System generated location id. |
body | body | any | true | An instance of UpdateResourceGroupModel or UpdateFolderCollectionModel. |
Example responses
200 Response
{
"type": "ResourceGroup",
"id": "Zm0tZl9pZC00Mg",
"requests_enabled": true,
"supplementary_permissions": true,
"module": "FolderManagement",
"location": "ResourceGroupName or \\\\server\\share\\folder or http://host/path or ItemCollectionName or ItemCollectionName/ItemName or ProfileName"
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | An instance of ResourceGroupResponseModel or FolderCollectionResponseModel. | Inline |
400 | Bad Request | If the request model is invalid, the message "The request is invalid." is returned. If the given location does not support updating, the message "Provided location does not support this operation." is returned. If the provided locationId does not match the location type , the message "Provided locationId does not match location type." is returned. |
ErrorResponseModel |
404 | Not Found | If the given location does not exist in AM, the message "Provided location does not exist." is returned. | ErrorResponseModel |
409 | Conflict | If the provided location is invalid, the message "Invalid location." is returned. |
ErrorResponseModel |
Response Schema
Enumerated Values
Property | Value |
---|---|
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
domain_mode | SingleDomain |
domain_mode | MultiDomain |
domain_mode | MultiDomainOptimized |
deviation_strategy | IdentifyAndCorrect |
deviation_strategy | Identify |
deviation_strategy | Ignore |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
Get Owners of a Location
GET /api/v1/locations/{locationId}/owners
Gets the owners of the location identified by the provided locationId
.
This requires an HTTP GET
query including the locationId
is sent to /locations
and the part /owners
behind the id.
Only locations of type FolderCollection
, ManagedFolderCollection
, Folder
, RightsFolder
, SiteCollection
, ManagedSiteCollection
, Site
, ManagedSite
and ThirdPartyItem
support owners.
If the provided locationId
belongs to a ResourceGroup
, a ThirdPartyItemCollection
, a UserProfile
, a ManagedUserProfile
, or an OrgProfile
, the API will respond with a 400 Bad Request response.
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
locationId | path | string | true | System generated location id. |
Example responses
200 Response
[
{
"id": "Zm0tNDItYXUtRE9NQUlOXGFjY291bnQubmFtZQ",
"location_id": "Zm0tZl9pZC00Mg",
"user_id": "DOMAIN\\account.name"
}
]
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | A (possibly empty) unordered list of location owners. | Inline |
400 | Bad Request | If the given location does not support owners, the message "Provided location does not support this operation." is returned. | ErrorResponseModel |
404 | Not Found | If the given location does not exist in AM, the message "Provided location does not exist." is returned. | ErrorResponseModel |
Response Schema
Status Code 200
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
anonymous | [LocationUserResponseModel] | false | none | none |
» id | string¦null | false | none | System generated location user id |
» location_id | string¦null | false | none | System generated location id |
» user_id | string | true | none | Active directory user sAMAccountName with NetBIOS domain name prefix, or a profile name |
Replace Owners of a Location
PUT /api/v1/locations/{locationId}/owners
Replaces the owners of the location identified by locationId
with the provided list of owners.
Only locations of type FolderCollection
, ManagedFolderCollection
, Folder
, RightsFolder
, SiteCollection
, ManagedSiteCollection
, Site
, ManagedSite
and ThirdPartyItem
support owners.
If the provided locationId
belongs to a ResourceGroup
, a ThirdPartyItemCollection
, a UserProfile
, a ManagedUserProfile
, or an OrgProfile
, the API will respond with a 400 Bad Request response.
If the location is managed, i.e. it is a ManagedFolderCollection
, RightsFolder
, ManagedSiteCollection
, ManagedSite
, or ThirdPartyItem
,
the provided list of owners must contain at least one entry.
Otherwise, the API will respond with a 409 Conflict response.
Body parameter
[
{
"user_id": "DOMAIN\\account.name"
}
]
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
locationId | path | string | true | System generated location id. |
body | body | LocationUserRequestModel | true | An list of LocationUserRequestModels. |
Example responses
200 Response
[
{
"id": "Zm0tNDItYXUtRE9NQUlOXGFjY291bnQubmFtZQ",
"location_id": "Zm0tZl9pZC00Mg",
"user_id": "DOMAIN\\account.name"
}
]
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | A (possibly empty) unordered list of location owners. | Inline |
400 | Bad Request | If the location does not support owners, the message "Provided location does not support this operation." is returned. |
|
If any of the provided owners does not exist, the message "The following users were not found: [list of account names]" is returned. | ErrorResponseModel | ||
404 | Not Found | If the location does not exist in AM, the message "Provided location does not exist." is returned. | ErrorResponseModel |
409 | Conflict | If the location is managed and the provided list of owners is empty, the message "Managed locations must have at least one owner." is returned. | ErrorResponseModel |
Response Schema
Status Code 200
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
anonymous | [LocationUserResponseModel] | false | none | none |
» id | string¦null | false | none | System generated location user id |
» location_id | string¦null | false | none | System generated location id |
» user_id | string | true | none | Active directory user sAMAccountName with NetBIOS domain name prefix, or a profile name |
Get Responsibles of a Location
GET /api/v1/locations/{locationId}/responsibles
Gets the responsibles of the location identified by the provided locationId
.
Only locations of type ManagedFolderCollection
, RightsFolder
, ManagedSiteCollection
, ManagedSite
, ThirdPartyItem
, UserProfile
, ManagedUserProfile
and OrgProfile
support responsibles.
If the provided locationId
belongs to a FolderCollection
, a Folder
, a SiteCollection
or a Site
, the API will respond with a 409 Conflict response.
If it belongs to any other location type, the API will respond with a 400 Bad Request response.
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
locationId | path | string | true | System generated location id. |
Example responses
200 Response
[
{
"id": "Zm0tNDItYXUtRE9NQUlOXGFjY291bnQubmFtZQ",
"location_id": "Zm0tZl9pZC00Mg",
"user_id": "DOMAIN\\account.name"
}
]
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | A (possibly empty) unordered list of location responsibles. | Inline |
400 | Bad Request | If the given location does not support responsibles, the message "Provided location does not support this operation." is returned. | ErrorResponseModel |
404 | Not Found | If the given location does not exist in AM, the message "Provided location does not exist." is returned. | ErrorResponseModel |
409 | Conflict | If the given location is unmanaged, the message "Provided location is unmanaged." is returned. | ErrorResponseModel |
Response Schema
Status Code 200
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
anonymous | [LocationUserResponseModel] | false | none | none |
» id | string¦null | false | none | System generated location user id |
» location_id | string¦null | false | none | System generated location id |
» user_id | string | true | none | Active directory user sAMAccountName with NetBIOS domain name prefix, or a profile name |
Replace Responsible of a Location
PUT /api/v1/locations/{locationId}/responsibles
Replaces the responsible of the location identified by locationId
with the provided list of responsibles.
Only locations of type ManagedFolderCollection
, RightsFolder
, ManagedSiteCollection
, ManagedSite
, ThirdPartyItem
, UserProfile
, ManagedUserProfile
and OrgProfile
support responsibles.
If the provided locationId
belongs to a FolderCollection
, a Folder
, a SiteCollection
or a Site
, the API will respond with a 409 Conflict response.
If it belongs to any other location type, the API will respond with a 400 Bad Request response.
Unless the location is a UserProfile
, ManagedUserProfile
or OrgProfile
,
the provided list of responsibles must contain at least one entry.
Otherwise, the API will respond with a 409 Conflict response.
If the location is a UserProfile
and has a member synchronization group configured,
the API will respond with a 409 Conflict response.
Body parameter
[
{
"user_id": "DOMAIN\\account.name"
}
]
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
locationId | path | string | true | System generated location id. |
body | body | LocationUserRequestModel | true | An list of LocationUserRequestModels. |
Example responses
200 Response
[
{
"id": "Zm0tNDItYXUtRE9NQUlOXGFjY291bnQubmFtZQ",
"location_id": "Zm0tZl9pZC00Mg",
"user_id": "DOMAIN\\account.name"
}
]
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | A (possibly empty) unordered list of location responsibles. | Inline |
400 | Bad Request | If the location does not support responsibles, the message "Provided location does not support this operation." is returned. |
|
If any of the provided responsibles does not exist, the message "The following users were not found: [list of account names]" is returned. | ErrorResponseModel | ||
404 | Not Found | If the location does not exist in AM, the message "Provided location does not exist." is returned. | ErrorResponseModel |
409 | Conflict | If the given location is unmanaged, the message "Provided location is unmanaged." is returned. |
If the provided list of responsibles is empty and the location is not a UserProfile
, ManagedUserProfile
or OrgProfile
,
the message "Managed locations must have at least one responsible." is returned.
If the location is a UserProfile
and has a Member Synchronization Group configured,
the message "User profiles with member synchronization groups configured do not support responsibles." is returned.|ErrorResponseModel|
Response Schema
Status Code 200
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
anonymous | [LocationUserResponseModel] | false | none | none |
» id | string¦null | false | none | System generated location user id |
» location_id | string¦null | false | none | System generated location id |
» user_id | string | true | none | Active directory user sAMAccountName with NetBIOS domain name prefix, or a profile name |
Get Effective Permissions of a Location
GET /api/v1/locations/{locationId}/effective-permissions
Gets the effective permissions on the location identified by the provided locationId
.
Only locations of type ManagedFolderCollection
, RightsFolder
, ManagedSiteCollection
, ManagedSite
, ThirdPartyItem
, UserProfile
, ManagedUserProfile
and OrgProfile
support effective permissions.
If the provided locationId
belongs to a FolderCollection
, a Folder
, a SiteCollection
, or a Site
, the API will respond with a 409 Conflict response.
If it belongs to any other location type, the API will respond with a 400 Bad Request response.
This method only returns effective permissions on the location.
To get direct permissions, use Get Permissions by URL Parameters.
Note that profiles only have direct members, so effective and direct permissions should be identical.
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
locationId | path | string | true | System generated location id. |
Example responses
200 Response
[
{
"permission": "read or write or design or profilemembership",
"valid_from": "2024-07-26",
"valid_through": "2024-07-26",
"origin": "string",
"id": "Zm0tNDItYXUtRE9NQUlOXGFjY291bnQubmFtZQ",
"location_id": "Zm0tZl9pZC00Mg",
"user_id": "DOMAIN\\account.name"
}
]
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | A (possibly empty) unordered list of effective permissions. | Inline |
400 | Bad Request | If the given location does not support effective permissions, the message "Provided location does not support this operation." is returned. | ErrorResponseModel |
404 | Not Found | If the given location does not exist in AM, the message "Provided location does not exist." is returned. | ErrorResponseModel |
409 | Conflict | If the given location is unmanaged, the message "Provided location is unmanaged." is returned. | ErrorResponseModel |
Response Schema
Status Code 200
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
anonymous | [LocationEffectivePermissionResponseModel] | false | none | none |
» permission | string¦null | false | none | See Permission Set of Location. |
» valid_from | string(date)¦null | false | none | Optional start date, only valid for profile permissions. |
» valid_through | string(date)¦null | false | none | Optional expiration date. |
» origin | string¦null | false | none | null or name of the origin profile. |
» id | string¦null | false | none | System generated location user id |
» location_id | string¦null | false | none | System generated location id |
» user_id | string | true | none | Active directory user sAMAccountName with NetBIOS domain name prefix, or a profile name |
Get Permission Set of a Location
GET /api/v1/locations/{locationId}/permission-set
Gets the permission set on the location identified by the provided locationId
.
The permissions in this set are those that must be used when working with permissions on this location.
For example, when creating a permission assign request.
Only locations of type ManagedFolderCollection
, RightsFolder
, ManagedSiteCollection
, ManagedSite
, ThirdPartyItem
, UserProfile
, ManagedUserProfile
and OrgProfile
have a permission set.
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
locationId | path | string | true | System generated location id. |
Example responses
200 Response
[
{
"permission": "read or write or design or profilemembership",
"display_names": {
"en": "Read",
"de": "Lesen"
},
"default": true
}
]
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | An unordered list of permission definitions. | Inline |
400 | Bad Request | If the given location does not have a permission set, the message "Provided location does not support this operation." is returned. | ErrorResponseModel |
404 | Not Found | If the given location does not exist in AM, the message "Provided location does not exist." is returned. | ErrorResponseModel |
409 | Conflict | If the given location is unmanaged, the message "Provided location is unmanaged." is returned. | ErrorResponseModel |
Response Schema
Status Code 200
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
anonymous | [LocationPermissionSetModel] | false | none | none |
» permission | string¦null | false | none | The permission id to be used to identify this permission on all API methods where a permission must be provided. |
» display_names | object¦null | false | none | Display names for this permission in all languages. |
»» additionalProperties | string¦null | false | none | none |
» default | boolean | false | none | Indicates whether this is the default permission of the permission set. |
Agent Groups
With the resource AgentGroups, information about agent groups can be requested.
It can be accessed by the path /agent-groups
.
Get Agent Groups
GET /api/v1/agent-groups
Returns a list of all agent groups known to AM.
Example responses
200 Response
[
{
"name": "string",
"description": "string",
"assigned_agents": [
{
"name": "string",
"last_config_update": "2024-07-26",
"status": "IsUnassigned"
}
],
"assigned_locations": [
{
"type": "ResourceGroup",
"module": "FolderManagement",
"location": "string",
"id": "Zm0tZl9pZC00Mg",
"requests_enabled": true,
"supplementary_permissions": true
}
]
}
]
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | A (possibly empty) unordered list of agent groups. | Inline |
Response Schema
Status Code 200
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
anonymous | [AgentGroupResponseModel] | false | none | none |
» name | string¦null | false | none | none |
» description | string¦null | false | none | none |
» assigned_agents | [AgentResponseModel]¦null | false | none | none |
»» name | string¦null | false | none | none |
»» last_config_update | string(date)¦null | false | none | none |
»» status | AgentStatus | false | none | none |
» assigned_locations | [ILocationResponseModel]¦null | false | none | none |
»» type | LocationType | false | none | none |
»» module | TargetType | false | none | Determines the type of location . For RenewAccessSettingsDataModel : Determines the type of path . If omitted, falls back to FolderManagement . |
»» location | string¦null | false | none | none |
»» id | string¦null | false | none | none |
»» requests_enabled | boolean¦null | false | none | none |
»» supplementary_permissions | boolean | false | none | none |
Enumerated Values
Property | Value |
---|---|
status | IsUnassigned |
status | IsAssigned |
status | UnassignmentPending |
status | AssignmentPending |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
Requests
With the resource Requests, different kinds of requests can be managed.
All request types share the common path prefix /requests
.
The following sections describe the types of requests that can be managed via the AM API.
Each request type supports different types of locations. Invalid combinations of request types and location types will result in a 409 Conflict error response with the message "Location not found". The Permission Assignment request type also supports requests for membership in a user profile.
Request type | Supported location types |
---|---|
Permission Assignment | ManagedFolderCollection , RightsFolder , ManagedSiteCollection , ManagedSite , ThirdPartyItem , ManagedUserProfile |
Permission Removal | ManagedFolderCollection , RightsFolder , ManagedSiteCollection , ManagedSite , ThirdPartyItem |
Permission Update | ThirdPartyItem |
Responsible Role Assignment | ManagedFolderCollection , RightsFolder , ManagedSiteCollection , ManagedSite , ThirdPartyItem |
Location Creation | FolderCollection , ManagedFolderCollection , Folder , RightsFolder , SiteCollection , ManagedSiteCollection , Site , ManagedSite |
Add Location Creation Request
POST /api/v1/requests/location-creations
Adds a new request for a new managed location below a certain managed or unmanaged parent location.
The JSON representation of a new location request object is defined below:
{
"module": "FolderManagement or SharePoint",
"location": "\\\\server\\share\\folder or http://host/path",
"user_subject_type": "User", // Determines the type of user_id. Must always be User.
"user_id": "DOMAIN\\account.name or DOMAIN\\groupname",
"requestor_subject_type": "User", // Determines the type of requestor_id. Must always be User.
"requestor_id": "DOMAIN\\account.name",
"new_location_name": "subfolder or subsite",
"site_template": "STS#0", // only required if module is SharePoint
"permission": "read or write or design", // optional
"comment": "string"
}
If the field permission
is omitted,
the user will not be permitted on the new location,
but the location will still be created.
The field site_template
is only required if module
is SharePoint
.
Available site templates can be requested from SharePoint,
e.g. via the REST API like this:
URL: http://{sharepoint-server}/{site-collection}/{site}/_api/web/GetAvailableWebTemplates(lcid=1033,doincludecrosslanguage=true)
Method GET
Query Parameters: $select=Name
, $filter=IsHidden eq false and IsRootWebOnly eq false
Example: http://{sharepoint-server}/{site-collection}/{site}/_api/web/GetAvailableWebTemplates(lcid=1033,doincludecrosslanguage=true)?$select=Name&$filter=IsHidden eq false and IsRootWebOnly eq false
Body parameter
{
"new_location_name": "subfolder or subsite",
"site_template": "STS#0",
"permission": "read or write or design",
"comment": "string",
"module": "FolderManagement",
"location": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName or ManagedUserProfileName",
"user_subject_type": "User",
"user_id": "DOMAIN\\account.name or DOMAIN\\groupname or [email protected]",
"requestor_subject_type": "User",
"requestor_id": "DOMAIN\\account.name"
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
body | body | RequestLocationRequestModel | false | none |
Example responses
400 Response
{
"message": "The request is invalid.",
"model_state": {
"model_property": [
"Error description."
]
}
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
202 | Accepted | Accepted | None |
400 | Bad Request | If the module is not specified, the message "The request is invalid." is returned. If the given user_id does not exist in Active Directory, the message "The request is invalid." is returned. If the given requestor_id does not exist in Active Directory, the message "The request is invalid." is returned. | ErrorResponseModel |
409 | Conflict | If specified module is not supported, the message "The specified module is not supported." is returned. If the given location does not exist in Access Manager, the message "Location not found." is returned. If the given site_template is not available on the given location, the message "Invalid site template." is returned. | ErrorResponseModel |
Add Permission Assignment Request
POST /api/v1/requests/permission-assignments
Adds a new request for permission assignments on a location (e.g., a folder) and for membership assignment in a user profile.
These requests only work for locations that use the exclusive permission grant logic.
For those locations that use the supplementary permission grant logic,
the "Permission-Update-Request" must be used.
The JSON representation of a permission assignment request object is defined below:
RequestPermissionRequestModel:
{
"module": "FolderManagement or SharePoint or ThirdParty or Profile",
"location": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName or ManagedUserProfileName",
"user_subject_type": "User", // Determines the type of user_id. Must always be User.
"user_id": "DOMAIN\\account.name or DOMAIN\\groupname or [email protected]",
"requestor_subject_type": "User", // Determines the type of requestor_id. Must always be User.
"requestor_id": "DOMAIN\\account.name",
"permission": "read or write or design or owner or member or visitor or profilemembership", // See permission set of location
"valid_from": "YYYY-MM-DD", // optional date
"valid_through": "YYYY-MM-DD", // optional date
"comment": "string"
}
module
must be one of [FolderManagement
,SharePoint
,ThirdParty
,Profile
]location
must be a location matching themodule
, or the name of a managed user profile ifProfile
is selected asmodule
.user_subject_type
determines the type ofuser_id
. Must always beUser
.user_id
must be the Active Directory usersAMAccountName
or groupname
withNetBIOS
domain name prefix or the Microsoft Entra user principal name of the user or group that should be granted thepermission
.requestor_subject_type
determines the type ofrequestor_id
. Must always beUser
.requestor_id
must be the Active Directory usersAMAccountName
withNetBIOS
domain name prefix of the user requesting thepermission
for the aforementioned user or group.permission
must be a valid permission from the permission set of thelocation
(always use the english named value).valid_from
is an optional start date. It is only processed ifmodule
isProfile
. It must be a date beforevalid_through
.valid_through
is an optional expiration date. It must be a date in the future.comment
is optional and can be any text.
Body parameter
{
"permission": "read or write or design or owner or member or visitor or profilemembership",
"valid_from": "2024-07-26",
"valid_through": "2024-07-26",
"comment": "string",
"module": "FolderManagement",
"location": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName or ManagedUserProfileName",
"user_subject_type": "User",
"user_id": "DOMAIN\\account.name or DOMAIN\\groupname or [email protected]",
"requestor_subject_type": "User",
"requestor_id": "DOMAIN\\account.name"
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
body | body | RequestPermissionRequestModel | true | none |
Example responses
400 Response
{
"message": "The request is invalid.",
"model_state": {
"model_property": [
"Error description."
]
}
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
202 | Accepted | Accepted | None |
400 | Bad Request | If module is not specified, the message "The request is invalid." is returned. If an unsupported module is specified, the message "The specified module is not supported." is returned. If valid_through is now or in the past, the message "Valid through has to be in the future." is returned. If valid_from is after valid through, the the message "Valid from has to be before valid through." is returned. If permission is invalid, the message "The request is invalid." is returned. If permission grant logic of the location is supplementary, the message "This request only works for resources that use exclusive permission logic." is returned. |
ErrorResponseModel |
409 | Conflict | If the given user_id does not exist in Active Directory, the message "The request is invalid." is returned. If the given requestor_id does not exist in Active Directory, the message "The request is invalid." is returned. If the given location does not exist in Access Manager, the message "Location not found." is returned. |
ErrorResponseModel |
Add Permission Removal Request
POST /api/v1/requests/permission-removals
Adds a new permission removal request for a user on a certain location.
These requests only work for locations that use the exclusive permission grant logic.
For those locations that use the supplementary permission grant logic,
the "Permission-Update-Request" must be used.
The JSON representation of a permission removal request object is defined below:
RequestWithCommentRequestModel:
{
"module": "FolderManagement or SharePoint or ThirdParty",
"location": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName",
"user_subject_type": "User", // Determines the type of user_id. Must always be User.
"user_id": "DOMAIN\\account.name or DOMAIN\\groupname",
"requestor_subject_type": "User", // Determines the type of requestor_id. Must always be User.
"requestor_id": "DOMAIN\\account.name",
"comment": "string"
}
Body parameter
{
"comment": "string",
"module": "FolderManagement",
"location": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName or ManagedUserProfileName",
"user_subject_type": "User",
"user_id": "DOMAIN\\account.name or DOMAIN\\groupname or [email protected]",
"requestor_subject_type": "User",
"requestor_id": "DOMAIN\\account.name"
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
body | body | RequestWithCommentRequestModel | false | none |
Example responses
400 Response
{
"message": "The request is invalid.",
"model_state": {
"model_property": [
"Error description."
]
}
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
202 | Accepted | Accepted | None |
400 | Bad Request | If module is not specified, the message "The request is invalid." is returned. If an unsupported module is specified, the message "The specified module is not supported." is returned. If permission grant logic of the location is supplementary, the message "This request only works for resources that use exclusive permission logic." is returned. |
ErrorResponseModel |
409 | Conflict | If the given user_id does not exist in Active Directory, the message "The request is invalid." is returned. If the given requestor_id does not exist in Active Directory, the message "The request is invalid." is returned. If the given location does not exist in Access Manager, the message "Location not found." is returned. |
ErrorResponseModel |
Add Permission Update Request
POST /api/v1/requests/permission-updates
Adds a new request for permission updates on a 3rd party item that uses the supplementary permission logic.
The JSON representation of a permission update request object is defined below:
RequestMultiPermissionRequestModel:
{
"module": "ThirdParty",
"location": "ItemCollectionName/ItemName",
"user_subject_type": "User", // Determines the type of user_id. Must always be User.
"user_id": "DOMAIN\\account.name or DOMAIN\\groupname",
"requestor_subject_type": "User", // Determines the type of requestor_id. Must always be User.
"requestor_id": "DOMAIN\\account.name",
"permissions": [
"permission01",
"permission02"
], // See permission set of location
"valid_through": "YYYY-MM-DD", // optional date
"comment": "string"
}
module
must beThirdParty
.location
must be 3rd party item location (ItemCollectionName/ItemName).user_subject_type
determines the type ofuser_id
. Must always beUser
.user_id
must be the active directory usersAMAccountName
or groupname
withNetBIOS
domain name prefix of the user or group that should be granted thepermission
.requestor_subject_type
determines the type ofrequestor_id
. Must always beUser
.requestor_id
must be the active directory usersAMAccountName
withNetBIOS
domain name prefix of the user requesting thepermission
for the aforementioned user or group.permissions
must be an array of valid permission from the permission set of thelocation
or can be an empty array to remove permissions.valid_through
is an optional expiration date. It must be a date in the future.comment
is optional and can be any text.
Body parameter
{
"permissions": [
"permission01",
"permission02"
],
"valid_from": "2024-07-26",
"valid_through": "2024-07-26",
"comment": "string",
"module": "FolderManagement",
"location": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName or ManagedUserProfileName",
"user_subject_type": "User",
"user_id": "DOMAIN\\account.name or DOMAIN\\groupname or [email protected]",
"requestor_subject_type": "User",
"requestor_id": "DOMAIN\\account.name"
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
body | body | RequestMultiPermissionRequestModel | false | none |
Example responses
400 Response
{
"message": "The request is invalid.",
"model_state": {
"model_property": [
"Error description."
]
}
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
202 | Accepted | Accepted | None |
400 | Bad Request | If module is not specified, the message "The request is invalid." is returned. If an unsupported module is specified, the message "The specified module is not supported." is returned. If valid_through is now or in the past, the message "Valid through has to be in the future." is returned. If any permission is invalid, the the message "The request is invalid." is returned. If permission grant logic of the location is exclusive, the message "This request only works for resources that use supplementary permission logic." is returned. |
ErrorResponseModel |
409 | Conflict | If the given user_id does not exist in Active Directory, the message "The request is invalid." is returned. If the given requestor_id does not exist in Active Directory, the message "The request is invalid." is returned. If the given location does not exist in Access Manager, the message "Location not found." is returned. |
ErrorResponseModel |
Add Responsible Role Assignment Request
POST /api/v1/requests/responsible-role-assignments
Adds a new request for the responsible role for a user on a certain location.
The JSON representation of a responsible role assignment request object is defined below:
RequestWithCommentRequestModel:
{
"module": "FolderManagement or SharePoint or ThirdParty",
"location": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName",
"user_subject_type": "User", // Determines the type of user_id. Must always be User.
"user_id": "DOMAIN\\account.name",
"requestor_subject_type": "User", // Determines the type of requestor_id. Must always be User.
"requestor_id": "DOMAIN\\account.name",
"comment": "string"
}
Body parameter
{
"comment": "string",
"module": "FolderManagement",
"location": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName or ManagedUserProfileName",
"user_subject_type": "User",
"user_id": "DOMAIN\\account.name or DOMAIN\\groupname or [email protected]",
"requestor_subject_type": "User",
"requestor_id": "DOMAIN\\account.name"
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
body | body | RequestWithCommentRequestModel | false | none |
Example responses
400 Response
{
"message": "The request is invalid.",
"model_state": {
"model_property": [
"Error description."
]
}
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
202 | Accepted | Accepted | None |
400 | Bad Request | If module is not specified, the message "The request is invalid." is returned. If an unsupported module is specified, the message "The specified module is not supported." is returned. |
ErrorResponseModel |
409 | Conflict | If the given user_id does not exist in Active Directory, the message "The request is invalid." is returned. If the given requestor_id does not exist in Active Directory, the message "The request is invalid." is returned. If the given location does not exist in Access Manager, the message "Location not found." is returned. |
ErrorResponseModel |
ManagedLocations
Delete Managed Location
DELETE /api/v1/managed-locations/{locationId}
Removes the location identified by the provided locationId
.
Only locations of type RightsFolder
, ManagedSite
, ManagedFolderCollection
, ManagedSiteCollection
and ThirdPartyItem
support removal of permission management.
If the provided locationId
is not managed, the API will respond with a 404 Not Found response.
If it belongs to any unsupported location type, the API will respond with a 400 Bad Request response.
mode
must be one of RetainGroupRemoveMembers
, RetainGroupKeepMembers
, DeleteAccessManagerGroups
or DeleteInTargetSystem
, where
DeleteAccessManagerGroups
is only supported by RightsFolder
, ManagedSite
, ManagedFolderCollection
and ManagedSiteCollection
and
RetainGroupRemoveMembers
and DeleteInTargetSystem
are only supported by ThirdPartyItem
.
If the mode
is not supported by the location type, the API will respond with a 400 Bad Request response.
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
locationId | path | string | true | System generated location id. |
mode | header | RemovePermissionManagementMode | true | The mode with which the permission management is removed. |
Enumerated Values
Parameter | Value |
---|---|
mode | RetainGroupRemoveMembers |
mode | RetainGroupKeepMembers |
mode | DeleteAccessManagerGroups |
mode | DeleteInTargetSystem |
Example responses
400 Response
{
"message": "The request is invalid.",
"model_state": {
"model_property": [
"Error description."
]
}
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
204 | No Content | No Content | None |
400 | Bad Request | If the request is invalid, the message "The request is invalid." is returned. |
If the given location does not support deletion, the message "Provided location does not support this operation." is returned.
If the provided locationId
does not support the mode, the message "Provided location does not support this operation." is returned.|ErrorResponseModel|
|404|Not Found|If the given location does not exist in AM or is an unmanaged location, the message "Provided location does not exist." is returned.|ErrorResponseModel|
Add Managed Location
POST /api/v1/managed-locations
Adds a new managed location.
The required format of the request model varies based on the location type
:
OrgProfile
: CreateProfileModel
{
"type": "OrgProfile",
"module": "Profile",
"location": "ProfileName",
"cluster_path": "/",
"description": "Description",
"self_service_description": "Self Service Description",
"responsible_account_names": ["DOMAIN\\john.doe", "DOMAIN\\jane.doe"],
}
UserProfile
: CreateUserProfileModel
{
"type": "UserProfile",
"module": "Profile",
"location": "ProfileName",
"cluster_path": "/",
"description": "Description",
"self_service_description": "Self Service Description",
"responsible_account_names": ["DOMAIN\\john.doe", "DOMAIN\\jane.doe"],
"member_sync_group_name": "DOMAIN\\group.name",
"use_profile_permission_groups": false,
"self_service_enabled": true
}
RightsFolder
: CreateRightsFolderModel
{
"type": "RightsFolder",
"module": "FolderManagement",
"location": "\\\\server\\share\\folder",
"container_id": "Zm0tZl9pZC0x",
"owner_account_names": ["DOMAIN\\john.doe", "DOMAIN\\jane.doe"],
"responsible_account_names": ["DOMAIN\\john.doe", "DOMAIN\\jane.doe"],
"self_service_enabled": true,
"data_protection_classification_name": "topSecret",
"inherit_rights": true
}
Body parameter
{
"responsible_account_names": [
"string"
],
"module": "FolderManagement",
"location": "ResourceGroupName or \\\\server\\share\\folder or http://host/path or ItemCollectionName or ItemCollectionName/ItemName or ProfileName",
"type": "ResourceGroup"
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
body | body | any | true | An instance of CreateProfileModel or CreateUserProfileModel or CreateRightsFolderModel. |
Example responses
201 Response
{
"type": "ResourceGroup",
"id": "Zm0tZl9pZC00Mg",
"requests_enabled": true,
"supplementary_permissions": true,
"module": "FolderManagement",
"location": "ResourceGroupName or \\\\server\\share\\folder or http://host/path or ItemCollectionName or ItemCollectionName/ItemName or ProfileName"
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
201 | Created | Response Header: Location: /api/v1/locations/{locationId} . |
|
Response Body: An instance of ProfileResponseModel or UserProfileResponseModel or RightsFolderResponseModel. | Inline | ||
400 | Bad Request | The return message indicates the reason for failure. | ErrorResponseModel |
Response Schema
Enumerated Values
Property | Value |
---|---|
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
domain_mode | SingleDomain |
domain_mode | MultiDomain |
domain_mode | MultiDomainOptimized |
deviation_strategy | IdentifyAndCorrect |
deviation_strategy | Identify |
deviation_strategy | Ignore |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
module | FolderManagement |
module | SharePoint |
module | Profile |
module | ThirdParty |
type | ResourceGroup |
type | FolderCollection |
type | ManagedFolderCollection |
type | Folder |
type | RightsFolder |
type | SiteCollection |
type | ManagedSiteCollection |
type | Site |
type | ManagedSite |
type | ThirdPartyItemCollection |
type | ThirdPartyItem |
type | UserProfile |
type | ManagedUserProfile |
type | OrgProfile |
Schemas
AgentGroupResponseModel
{
"name": "string",
"description": "string",
"assigned_agents": [
{
"name": "string",
"last_config_update": "2024-07-26",
"status": "IsUnassigned"
}
],
"assigned_locations": [
{
"type": "ResourceGroup",
"module": "FolderManagement",
"location": "string",
"id": "Zm0tZl9pZC00Mg",
"requests_enabled": true,
"supplementary_permissions": true
}
]
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
name | string¦null | false | none | none |
description | string¦null | false | none | none |
assigned_agents | [AgentResponseModel]¦null | false | none | none |
assigned_locations | [ILocationResponseModel]¦null | false | none | none |
AgentResponseModel
{
"name": "string",
"last_config_update": "2024-07-26",
"status": "IsUnassigned"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
name | string¦null | false | none | none |
last_config_update | string(date)¦null | false | none | none |
status | AgentStatus | false | none | none |
AgentStatus
"IsUnassigned"
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
anonymous | string | false | none | none |
Enumerated Values
Property | Value |
---|---|
anonymous | IsUnassigned |
anonymous | IsAssigned |
anonymous | UnassignmentPending |
anonymous | AssignmentPending |
CreateFolderCollectionModel
{
"resource_group_id": "Zm0tZl9pZC00Mg",
"display_name": "string",
"enable_rights_management": true,
"agent_group_name": "Default",
"domain_mode": "SingleDomain",
"organizational_unit": "OU=ou,DC=domain,DC=tld",
"local_ad_group_naming_pattern": "lg_{0}_{1:00000000}_{2}",
"global_ad_group_naming_pattern": "gg_{0}_{1:00000000}_{2}",
"admin_group": "DOMAIN\\group.name",
"browse_group": "DOMAIN\\group.name",
"enable_access_groups": true,
"enable_new_folder_requests_on_folder_collection": true,
"deviation_strategy": "IdentifyAndCorrect",
"always_take_ownership": false,
"audit_ownership_changes": false,
"enable_realtime_permissions": true,
"type": "ResourceGroup",
"module": "FolderManagement",
"location": "ResourceGroupName or \\\\server\\share\\folder or http://host/path or ItemCollectionName or ItemCollectionName/ItemName or ProfileName"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
resource_group_id | string | true | none | Must be a system generated location id belonging to a resource group. See Get Locations by URL Parameters. |
display_name | string | true | none | none |
enable_rights_management | boolean | false | none | none |
agent_group_name | string | true | none | See Get Agent Groups. |
domain_mode | DomainMode | false | none | none |
organizational_unit | string | true | none | none |
local_ad_group_naming_pattern | string | true | none | none |
global_ad_group_naming_pattern | string | true | none | none |
admin_group | string | true | none | none |
browse_group | string | true | none | none |
enable_access_groups | boolean | false | none | none |
enable_new_folder_requests_on_folder_collection | boolean | false | none | none |
deviation_strategy | DeviationStrategy | false | none | none |
always_take_ownership | boolean | false | none | none |
audit_ownership_changes | boolean | false | none | none |
enable_realtime_permissions | boolean | false | none | none |
CreateLocationModel
{
"type": "ResourceGroup",
"module": "FolderManagement",
"location": "ResourceGroupName or \\\\server\\share\\folder or http://host/path or ItemCollectionName or ItemCollectionName/ItemName or ProfileName"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
type | LocationType | true | none | none |
module | TargetType | true | none | Determines the type of location . For RenewAccessSettingsDataModel : Determines the type of path . If omitted, falls back to FolderManagement . |
location | string | true | none | Can be a resource group name, UNC path, URL, 3rd-Party-Item-Collection name, 3rd-Party-Item location or profile name, depending on module . |
CreateLocationWithResponsiblesModel
{
"responsible_account_names": [
"string"
],
"module": "FolderManagement",
"location": "ResourceGroupName or \\\\server\\share\\folder or http://host/path or ItemCollectionName or ItemCollectionName/ItemName or ProfileName",
"type": "ResourceGroup"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
responsible_account_names | [string] | true | none | none |
module | TargetType | true | none | Determines the type of location . For RenewAccessSettingsDataModel : Determines the type of path . If omitted, falls back to FolderManagement . |
location | string | true | none | Can be a resource group name, UNC path, URL, 3rd-Party-Item-Collection name, 3rd-Party-Item location or profile name, depending on module . |
type | LocationType | true | none | none |
CreatePermissionModel
{
"module": "FolderManagement",
"location": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName or ProfileName",
"subject_type": "User",
"user_id": "DOMAIN\\account.name or DOMAIN\\groupname or [email protected] or ProfileName",
"permission": "read or write or design or owner or member or visitor or profilemembership",
"valid_from": "2024-07-26",
"valid_through": "2024-07-26",
"comment": "string"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
module | TargetType | true | none | Determines the type of location . For RenewAccessSettingsDataModel : Determines the type of path . If omitted, falls back to FolderManagement . |
location | string | true | none | Must be a UNC path, URL, 3rd-Party-Item location or profile name, depending on module . |
subject_type | SubjectType | false | none | Determines the type of user_id . If omitted, falls back to User . When using User , user_id must be an active directory user or group name. When using Profile , user_id must be a profile name. |
user_id | string | true | none | Must be an Active Directory user sAMAccountName or group name with NetBIOS domain name prefix, a Microsoft Entra user principal name, or a profile name, depending on subject_type . |
permission | string | true | none | See Permission Set of Location. |
valid_from | string(date)¦null | false | none | Optional start date, only valid for profile permissions. |
valid_through | string(date)¦null | false | none | Optional expiration date. |
comment | string¦null | false | none | Optional permission comment |
CreateProfileModel
{
"cluster_path": "/",
"description": "string",
"self_service_description": "string",
"responsible_account_names": [
"string"
],
"module": "FolderManagement",
"location": "ResourceGroupName or \\\\server\\share\\folder or http://host/path or ItemCollectionName or ItemCollectionName/ItemName or ProfileName",
"type": "ResourceGroup"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
cluster_path | string | true | none | none |
description | string¦null | false | none | none |
self_service_description | string¦null | false | none | none |
CreateResourceGroupModel
{
"description": "string",
"type": "ResourceGroup",
"module": "FolderManagement",
"location": "ResourceGroupName or \\\\server\\share\\folder or http://host/path or ItemCollectionName or ItemCollectionName/ItemName or ProfileName"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
description | string¦null | false | none | none |
CreateRightsFolderModel
{
"inherit_rights": true,
"container_id": "Zm0tZl9pZC00Mg",
"owner_account_names": [
"string"
],
"self_service_enabled": true,
"data_protection_classification_name": "string",
"responsible_account_names": [
"string"
],
"module": "FolderManagement",
"location": "ResourceGroupName or \\\\server\\share\\folder or http://host/path or ItemCollectionName or ItemCollectionName/ItemName or ProfileName",
"type": "ResourceGroup"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
inherit_rights | boolean | false | none | none |
container_id | string | true | none | Must be a system generated location id belonging to a collection. See Get Locations by URL Parameters. |
owner_account_names | [string] | true | none | none |
self_service_enabled | boolean | false | none | none |
data_protection_classification_name | string¦null | false | none | none |
responsible_account_names | [string] | true | none | none |
module | TargetType | true | none | Determines the type of location . For RenewAccessSettingsDataModel : Determines the type of path . If omitted, falls back to FolderManagement . |
location | string | true | none | Can be a resource group name, UNC path, URL, 3rd-Party-Item-Collection name, 3rd-Party-Item location or profile name, depending on module . |
type | LocationType | true | none | none |
CreateUserProfileModel
{
"member_sync_group_name": "DOMAIN\\group.name",
"use_profile_permission_groups": true,
"self_service_enabled": true,
"cluster_path": "/",
"description": "string",
"self_service_description": "string",
"responsible_account_names": [
"string"
],
"module": "FolderManagement",
"location": "ResourceGroupName or \\\\server\\share\\folder or http://host/path or ItemCollectionName or ItemCollectionName/ItemName or ProfileName",
"type": "ResourceGroup"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
member_sync_group_name | string¦null | false | none | Optional If a member synchronization group is supplied, responsible_account_names must be empty |
use_profile_permission_groups | boolean¦null | false | none | Optional If left empty, the default value defined in the settings within AM is used. |
self_service_enabled | boolean¦null | false | none | Optional If left empty, the default value defined in the settings within AM is used. If a member synchronization group is supplied, it will be ignored and always be set to false . |
cluster_path | string | true | none | none |
description | string¦null | false | none | none |
self_service_description | string¦null | false | none | none |
responsible_account_names | [string] | true | none | none |
module | TargetType | true | none | Determines the type of location . For RenewAccessSettingsDataModel : Determines the type of path . If omitted, falls back to FolderManagement . |
location | string | true | none | Can be a resource group name, UNC path, URL, 3rd-Party-Item-Collection name, 3rd-Party-Item location or profile name, depending on module . |
type | LocationType | true | none | none |
DeviationStrategy
"IdentifyAndCorrect"
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
anonymous | string | false | none | none |
Enumerated Values
Property | Value |
---|---|
anonymous | IdentifyAndCorrect |
anonymous | Identify |
anonymous | Ignore |
DomainMode
"SingleDomain"
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
anonymous | string | false | none | none |
Enumerated Values
Property | Value |
---|---|
anonymous | SingleDomain |
anonymous | MultiDomain |
anonymous | MultiDomainOptimized |
ErrorResponseModel
{
"message": "The request is invalid.",
"model_state": {
"model_property": [
"Error description."
]
}
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
message | string¦null | false | none | none |
model_state | object¦null | false | none | none |
» additionalProperties | any | false | none | none |
FolderCollectionResponseModel
{
"id": "Zm0tZl9pZC00Mg",
"requests_enabled": null,
"supplementary_permissions": false,
"resource_group_id": "Zm0tZl9pZC00Mg",
"display_name": "string",
"enable_rights_management": true,
"agent_group_name": "Default",
"domain_mode": "SingleDomain",
"organizational_unit": "OU=ou,DC=domain,DC=tld",
"local_ad_group_naming_pattern": "lg_{0}_{1:00000000}_{2}",
"global_ad_group_naming_pattern": "gg_{0}_{1:00000000}_{2}",
"admin_group": "DOMAIN\\group.name",
"browse_group": "DOMAIN\\group.name",
"enable_access_groups": true,
"enable_new_folder_requests_on_folder_collection": true,
"deviation_strategy": "IdentifyAndCorrect",
"always_take_ownership": false,
"audit_ownership_changes": false,
"enable_realtime_permissions": true,
"module": "FolderManagement",
"location": "ResourceGroupName or \\\\server\\share\\folder or http://host/path or ItemCollectionName or ItemCollectionName/ItemName or ProfileName",
"type": "ResourceGroup"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
id | string¦null | false | none | System generated location id. |
requests_enabled | boolean¦null | false | none | requests_enabled is only set for locations of type RightsFolder , ManagedFolderCollection , ManagedSite or ManagedSiteCollection . On location object of other types, it will always be null. requests_enabled indicates, whether permissions on this location can be requested using the SSP. It has no impact on the request API resource. As modules like ThirdParty and Profile are not explicitly supported, possibility of being requestable can be decided by their SSP visibility (see above): if a resource object is not visible in SSP, you may judge this as not requestable – even though it is possible via this API function. |
supplementary_permissions | boolean | false | none | supplementary_permissions indicates whether the locations logic to grant permissions is set to "Supplementary Permissions" or "Exclusive Permissions". false in this case means the locations logic to grant permissions is set to "Exclusive-Permissions" which is the default for all types. The only type that supports "Supplementary Permissions" is 3rd party item (ThirdPartyItem ). |
resource_group_id | string | true | none | Must be a system generated location id belonging to a resource group. See Get Locations by URL Parameters. |
display_name | string | true | none | none |
enable_rights_management | boolean | false | none | none |
agent_group_name | string | true | none | See Get Agent Groups. |
domain_mode | DomainMode | false | none | none |
organizational_unit | string | true | none | none |
local_ad_group_naming_pattern | string | true | none | none |
global_ad_group_naming_pattern | string | true | none | none |
admin_group | string | true | none | none |
browse_group | string | true | none | none |
enable_access_groups | boolean | false | none | none |
enable_new_folder_requests_on_folder_collection | boolean | false | none | none |
deviation_strategy | DeviationStrategy | false | none | none |
always_take_ownership | boolean | false | none | none |
audit_ownership_changes | boolean | false | none | none |
enable_realtime_permissions | boolean | false | none | none |
module | TargetType | true | none | Determines the type of location . For RenewAccessSettingsDataModel : Determines the type of path . If omitted, falls back to FolderManagement . |
location | string | true | none | Can be a resource group name, UNC path, URL, 3rd-Party-Item-Collection name, 3rd-Party-Item location or profile name, depending on module . |
type | LocationType | true | none | none |
ILocationResponseModel
{
"type": "ResourceGroup",
"module": "FolderManagement",
"location": "string",
"id": "Zm0tZl9pZC00Mg",
"requests_enabled": true,
"supplementary_permissions": true
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
type | LocationType | false | none | none |
module | TargetType | false | none | Determines the type of location . For RenewAccessSettingsDataModel : Determines the type of path . If omitted, falls back to FolderManagement . |
location | string¦null | false | none | none |
id | string¦null | false | none | none |
requests_enabled | boolean¦null | false | none | none |
supplementary_permissions | boolean | false | none | none |
LocationEffectivePermissionResponseModel
{
"permission": "read or write or design or profilemembership",
"valid_from": "2024-07-26",
"valid_through": "2024-07-26",
"origin": "string",
"id": "Zm0tNDItYXUtRE9NQUlOXGFjY291bnQubmFtZQ",
"location_id": "Zm0tZl9pZC00Mg",
"user_id": "DOMAIN\\account.name"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
permission | string¦null | false | none | See Permission Set of Location. |
valid_from | string(date)¦null | false | none | Optional start date, only valid for profile permissions. |
valid_through | string(date)¦null | false | none | Optional expiration date. |
origin | string¦null | false | none | null or name of the origin profile. |
id | string¦null | false | none | System generated location user id |
location_id | string¦null | false | none | System generated location id |
user_id | string | true | none | Active directory user sAMAccountName with NetBIOS domain name prefix, or a profile name |
LocationPermissionSetModel
{
"permission": "read or write or design or profilemembership",
"display_names": {
"en": "Read",
"de": "Lesen"
},
"default": true
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
permission | string¦null | false | none | The permission id to be used to identify this permission on all API methods where a permission must be provided. |
display_names | object¦null | false | none | Display names for this permission in all languages. |
» additionalProperties | string¦null | false | none | none |
default | boolean | false | none | Indicates whether this is the default permission of the permission set. |
LocationRequestModel
{
"type": "ResourceGroup"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
type | LocationType | true | none | none |
LocationResponseModel
{
"type": "ResourceGroup",
"id": "Zm0tZl9pZC00Mg",
"requests_enabled": true,
"supplementary_permissions": true,
"module": "FolderManagement",
"location": "ResourceGroupName or \\\\server\\share\\folder or http://host/path or ItemCollectionName or ItemCollectionName/ItemName or ProfileName"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
type | LocationType | true | none | none |
id | string¦null | false | none | System generated location id. |
requests_enabled | boolean¦null | false | none | requests_enabled is only set for locations of type RightsFolder , ManagedFolderCollection , ManagedSite or ManagedSiteCollection . On location object of other types, it will always be null. requests_enabled indicates, whether permissions on this location can be requested using the SSP. It has no impact on the request API resource. As modules like ThirdParty and Profile are not explicitly supported, possibility of being requestable can be decided by their SSP visibility (see above): if a resource object is not visible in SSP, you may judge this as not requestable – even though it is possible via this API function. |
supplementary_permissions | boolean | false | none | supplementary_permissions indicates whether the locations logic to grant permissions is set to "Supplementary Permissions" or "Exclusive Permissions". false in this case means the locations logic to grant permissions is set to "Exclusive-Permissions" which is the default for all types. The only type that supports "Supplementary Permissions" is 3rd party item (ThirdPartyItem ). |
module | TargetType | true | none | Determines the type of location . For RenewAccessSettingsDataModel : Determines the type of path . If omitted, falls back to FolderManagement . |
location | string | true | none | Can be a resource group name, UNC path, URL, 3rd-Party-Item-Collection name, 3rd-Party-Item location or profile name, depending on module . |
LocationType
"ResourceGroup"
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
anonymous | string | false | none | none |
Enumerated Values
Property | Value |
---|---|
anonymous | ResourceGroup |
anonymous | FolderCollection |
anonymous | ManagedFolderCollection |
anonymous | Folder |
anonymous | RightsFolder |
anonymous | SiteCollection |
anonymous | ManagedSiteCollection |
anonymous | Site |
anonymous | ManagedSite |
anonymous | ThirdPartyItemCollection |
anonymous | ThirdPartyItem |
anonymous | UserProfile |
anonymous | ManagedUserProfile |
anonymous | OrgProfile |
LocationUserRequestModel
{
"user_id": "DOMAIN\\account.name"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
user_id | string | true | none | Active directory user sAMAccountName with NetBIOS domain name prefix, or a profile name |
LocationUserResponseModel
{
"id": "Zm0tNDItYXUtRE9NQUlOXGFjY291bnQubmFtZQ",
"location_id": "Zm0tZl9pZC00Mg",
"user_id": "DOMAIN\\account.name"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
id | string¦null | false | none | System generated location user id |
location_id | string¦null | false | none | System generated location id |
user_id | string | true | none | Active directory user sAMAccountName with NetBIOS domain name prefix, or a profile name |
PermissionResponseModel
{
"id": "Zm0tNDItYXUtRE9NQUlOXGFjY291bnQubmFtZQ",
"module": "FolderManagement",
"location": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName or ProfileName",
"subject_type": "User",
"user_id": "DOMAIN\\account.name or DOMAIN\\groupname or [email protected] or ProfileName",
"permission": "read or write or design or owner or member or visitor or profilemembership",
"valid_from": "2024-07-26",
"valid_through": "2024-07-26",
"comment": "string"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
id | string | true | none | System generated permission id. |
module | TargetType | true | none | Determines the type of location . For RenewAccessSettingsDataModel : Determines the type of path . If omitted, falls back to FolderManagement . |
location | string | true | none | Must be a UNC path, URL, 3rd-Party-Item location or profile name, depending on module . |
subject_type | SubjectType | false | none | Determines the type of user_id . If omitted, falls back to User . When using User , user_id must be an active directory user or group name. When using Profile , user_id must be a profile name. |
user_id | string | true | none | Must be an Active Directory user sAMAccountName or group name with NetBIOS domain name prefix, a Microsoft Entra user principal name, or a profile name, depending on subject_type . |
permission | string | true | none | See Permission Set of Location. |
valid_from | string(date)¦null | false | none | Optional start date, only valid for profile permissions. |
valid_through | string(date)¦null | false | none | Optional expiration date. |
comment | string¦null | false | none | Optional permission comment |
ProfileResponseModel
{
"id": "Zm0tZl9pZC00Mg",
"requests_enabled": true,
"supplementary_permissions": true,
"cluster_path": "/",
"description": "string",
"self_service_description": "string",
"responsible_account_names": [
"string"
],
"module": "FolderManagement",
"location": "ResourceGroupName or \\\\server\\share\\folder or http://host/path or ItemCollectionName or ItemCollectionName/ItemName or ProfileName",
"type": "ResourceGroup"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
id | string¦null | false | none | System generated location id. |
requests_enabled | boolean¦null | false | none | requests_enabled is only set for locations of type RightsFolder , ManagedFolderCollection , ManagedSite or ManagedSiteCollection . On location object of other types, it will always be null. requests_enabled indicates, whether permissions on this location can be requested using the SSP. It has no impact on the request API resource. As modules like ThirdParty and Profile are not explicitly supported, possibility of being requestable can be decided by their SSP visibility (see above): if a resource object is not visible in SSP, you may judge this as not requestable – even though it is possible via this API function. |
supplementary_permissions | boolean | false | none | supplementary_permissions indicates whether the locations logic to grant permissions is set to "Supplementary Permissions" or "Exclusive Permissions". false in this case means the locations logic to grant permissions is set to "Exclusive-Permissions" which is the default for all types. The only type that supports "Supplementary Permissions" is 3rd party item (ThirdPartyItem ). |
cluster_path | string | true | none | none |
description | string¦null | false | none | none |
self_service_description | string¦null | false | none | none |
responsible_account_names | [string] | true | none | none |
module | TargetType | true | none | Determines the type of location . For RenewAccessSettingsDataModel : Determines the type of path . If omitted, falls back to FolderManagement . |
location | string | true | none | Can be a resource group name, UNC path, URL, 3rd-Party-Item-Collection name, 3rd-Party-Item location or profile name, depending on module . |
type | LocationType | true | none | none |
RemovePermissionManagementMode
"RetainGroupRemoveMembers"
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
anonymous | string | false | none | none |
Enumerated Values
Property | Value |
---|---|
anonymous | RetainGroupRemoveMembers |
anonymous | RetainGroupKeepMembers |
anonymous | DeleteAccessManagerGroups |
anonymous | DeleteInTargetSystem |
RenewAccessSettingsDataModel
{
"module": "FolderManagement",
"path": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
module | TargetType | false | none | Determines the type of location . For RenewAccessSettingsDataModel : Determines the type of path . If omitted, falls back to FolderManagement . |
path | string | true | none | Must be a UNC path, URL or 3rd-Party-Item location, depending on module . |
RenewAccessSettingsTriggerRequestModel
{
"offset_minutes": 10,
"data": {
"module": "FolderManagement",
"path": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName"
}
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
offset_minutes | integer(int32) | false | none | Optional delay in minutes. |
data | RenewAccessSettingsDataModel | true | none | none |
RequestLocationRequestModel
{
"new_location_name": "subfolder or subsite",
"site_template": "STS#0",
"permission": "read or write or design",
"comment": "string",
"module": "FolderManagement",
"location": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName or ManagedUserProfileName",
"user_subject_type": "User",
"user_id": "DOMAIN\\account.name or DOMAIN\\groupname or [email protected]",
"requestor_subject_type": "User",
"requestor_id": "DOMAIN\\account.name"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
new_location_name | string | true | none | The name for the new location. |
site_template | string¦null | false | none | Only required if module is SharePoint |
permission | string¦null | false | none | Must be a valid permission from the permission set of the location (always use the english named value). |
comment | string¦null | false | none | Optional comment. Can be any text. |
module | TargetType | true | none | Determines the type of location . For RenewAccessSettingsDataModel : Determines the type of path . If omitted, falls back to FolderManagement . |
location | string¦null | false | none | Must be a location matching the module , or the name of a managed user profile if Profile is selected as module . |
user_subject_type | SubjectType | false | none | Determines the type of user_id . If omitted, falls back to User . When using User , user_id must be an active directory user or group name. When using Profile , user_id must be a profile name. |
user_id | string | true | none | Must be the Active Directory user sAMAccountName or group name with NetBIOS domain name prefix or the Microsoft Entra user principal name of the user or group that should be granted the permission . |
requestor_subject_type | SubjectType | false | none | Determines the type of user_id . If omitted, falls back to User . When using User , user_id must be an active directory user or group name. When using Profile , user_id must be a profile name. |
requestor_id | string | true | none | Must be the active directory user sAMAccountName with NetBIOS domain name prefix of the user requesting the permission for the aforementioned user. |
RequestMultiPermissionRequestModel
{
"permissions": [
"permission01",
"permission02"
],
"valid_from": "2024-07-26",
"valid_through": "2024-07-26",
"comment": "string",
"module": "FolderManagement",
"location": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName or ManagedUserProfileName",
"user_subject_type": "User",
"user_id": "DOMAIN\\account.name or DOMAIN\\groupname or [email protected]",
"requestor_subject_type": "User",
"requestor_id": "DOMAIN\\account.name"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
permissions | [string] | true | none | Must be an array of valid permission from the permission set of the location or can be an empty array to remove permissions. |
valid_from | string(date)¦null | false | none | Optional start date. It is only processed if module is Profile . It must be a date before valid_through . |
valid_through | string(date)¦null | false | none | Optional expiration date. It must be a date in the future. |
comment | string¦null | false | none | Optional comment. Can be any text. |
module | TargetType | true | none | Determines the type of location . For RenewAccessSettingsDataModel : Determines the type of path . If omitted, falls back to FolderManagement . |
location | string¦null | false | none | Must be a location matching the module , or the name of a managed user profile if Profile is selected as module . |
user_subject_type | SubjectType | false | none | Determines the type of user_id . If omitted, falls back to User . When using User , user_id must be an active directory user or group name. When using Profile , user_id must be a profile name. |
user_id | string | true | none | Must be the Active Directory user sAMAccountName or group name with NetBIOS domain name prefix or the Microsoft Entra user principal name of the user or group that should be granted the permission . |
requestor_subject_type | SubjectType | false | none | Determines the type of user_id . If omitted, falls back to User . When using User , user_id must be an active directory user or group name. When using Profile , user_id must be a profile name. |
requestor_id | string | true | none | Must be the active directory user sAMAccountName with NetBIOS domain name prefix of the user requesting the permission for the aforementioned user. |
RequestPermissionRequestModel
{
"permission": "read or write or design or owner or member or visitor or profilemembership",
"valid_from": "2024-07-26",
"valid_through": "2024-07-26",
"comment": "string",
"module": "FolderManagement",
"location": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName or ManagedUserProfileName",
"user_subject_type": "User",
"user_id": "DOMAIN\\account.name or DOMAIN\\groupname or [email protected]",
"requestor_subject_type": "User",
"requestor_id": "DOMAIN\\account.name"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
permission | string | true | none | Must be a valid permission from the permission set of the location (always use the english named value). |
valid_from | string(date)¦null | false | none | Optional start date. It is only processed if module is Profile . It must be a date before valid_through . |
valid_through | string(date)¦null | false | none | Optional expiration date. It must be a date in the future. |
comment | string¦null | false | none | Optional comment. Can be any text. |
module | TargetType | true | none | Determines the type of location . For RenewAccessSettingsDataModel : Determines the type of path . If omitted, falls back to FolderManagement . |
location | string¦null | false | none | Must be a location matching the module , or the name of a managed user profile if Profile is selected as module . |
user_subject_type | SubjectType | false | none | Determines the type of user_id . If omitted, falls back to User . When using User , user_id must be an active directory user or group name. When using Profile , user_id must be a profile name. |
user_id | string | true | none | Must be the Active Directory user sAMAccountName or group name with NetBIOS domain name prefix or the Microsoft Entra user principal name of the user or group that should be granted the permission . |
requestor_subject_type | SubjectType | false | none | Determines the type of user_id . If omitted, falls back to User . When using User , user_id must be an active directory user or group name. When using Profile , user_id must be a profile name. |
requestor_id | string | true | none | Must be the active directory user sAMAccountName with NetBIOS domain name prefix of the user requesting the permission for the aforementioned user. |
RequestWithCommentRequestModel
{
"comment": "string",
"module": "FolderManagement",
"location": "\\\\server\\share\\folder or http://host/path or ItemCollectionName/ItemName or ManagedUserProfileName",
"user_subject_type": "User",
"user_id": "DOMAIN\\account.name or DOMAIN\\groupname or [email protected]",
"requestor_subject_type": "User",
"requestor_id": "DOMAIN\\account.name"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
comment | string¦null | false | none | Optional comment. Can be any text. |
module | TargetType | true | none | Determines the type of location . For RenewAccessSettingsDataModel : Determines the type of path . If omitted, falls back to FolderManagement . |
location | string¦null | false | none | Must be a location matching the module , or the name of a managed user profile if Profile is selected as module . |
user_subject_type | SubjectType | false | none | Determines the type of user_id . If omitted, falls back to User . When using User , user_id must be an active directory user or group name. When using Profile , user_id must be a profile name. |
user_id | string | true | none | Must be the Active Directory user sAMAccountName or group name with NetBIOS domain name prefix or the Microsoft Entra user principal name of the user or group that should be granted the permission . |
requestor_subject_type | SubjectType | false | none | Determines the type of user_id . If omitted, falls back to User . When using User , user_id must be an active directory user or group name. When using Profile , user_id must be a profile name. |
requestor_id | string | true | none | Must be the active directory user sAMAccountName with NetBIOS domain name prefix of the user requesting the permission for the aforementioned user. |
ResourceGroupResponseModel
{
"id": "Zm0tZl9pZC00Mg",
"requests_enabled": null,
"supplementary_permissions": false,
"description": "string",
"module": "FolderManagement",
"location": "ResourceGroupName or \\\\server\\share\\folder or http://host/path or ItemCollectionName or ItemCollectionName/ItemName or ProfileName",
"type": "ResourceGroup"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
id | string¦null | false | none | System generated location id. |
requests_enabled | boolean¦null | false | none | requests_enabled is only set for locations of type RightsFolder , ManagedFolderCollection , ManagedSite or ManagedSiteCollection . On location object of other types, it will always be null. requests_enabled indicates, whether permissions on this location can be requested using the SSP. It has no impact on the request API resource. As modules like ThirdParty and Profile are not explicitly supported, possibility of being requestable can be decided by their SSP visibility (see above): if a resource object is not visible in SSP, you may judge this as not requestable – even though it is possible via this API function. |
supplementary_permissions | boolean | false | none | supplementary_permissions indicates whether the locations logic to grant permissions is set to "Supplementary Permissions" or "Exclusive Permissions". false in this case means the locations logic to grant permissions is set to "Exclusive-Permissions" which is the default for all types. The only type that supports "Supplementary Permissions" is 3rd party item (ThirdPartyItem ). |
description | string¦null | false | none | none |
module | TargetType | true | none | Determines the type of location . For RenewAccessSettingsDataModel : Determines the type of path . If omitted, falls back to FolderManagement . |
location | string | true | none | Can be a resource group name, UNC path, URL, 3rd-Party-Item-Collection name, 3rd-Party-Item location or profile name, depending on module . |
type | LocationType | true | none | none |
RightsFolderResponseModel
{
"id": "Zm0tZl9pZC00Mg",
"requests_enabled": true,
"supplementary_permissions": true,
"inherit_rights": true,
"container_id": "Zm0tZl9pZC00Mg",
"owner_account_names": [
"string"
],
"self_service_enabled": true,
"data_protection_classification_name": "string",
"responsible_account_names": [
"string"
],
"module": "FolderManagement",
"location": "ResourceGroupName or \\\\server\\share\\folder or http://host/path or ItemCollectionName or ItemCollectionName/ItemName or ProfileName",
"type": "ResourceGroup"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
id | string¦null | false | none | System generated location id. |
requests_enabled | boolean¦null | false | none | requests_enabled is only set for locations of type RightsFolder , ManagedFolderCollection , ManagedSite or ManagedSiteCollection . On location object of other types, it will always be null. requests_enabled indicates, whether permissions on this location can be requested using the SSP. It has no impact on the request API resource. As modules like ThirdParty and Profile are not explicitly supported, possibility of being requestable can be decided by their SSP visibility (see above): if a resource object is not visible in SSP, you may judge this as not requestable – even though it is possible via this API function. |
supplementary_permissions | boolean | false | none | supplementary_permissions indicates whether the locations logic to grant permissions is set to "Supplementary Permissions" or "Exclusive Permissions". false in this case means the locations logic to grant permissions is set to "Exclusive-Permissions" which is the default for all types. The only type that supports "Supplementary Permissions" is 3rd party item (ThirdPartyItem ). |
inherit_rights | boolean | false | none | none |
container_id | string | true | none | Must be a system generated location id belonging to a collection. See Get Locations by URL Parameters. |
owner_account_names | [string] | true | none | none |
self_service_enabled | boolean | false | none | none |
data_protection_classification_name | string¦null | false | none | none |
responsible_account_names | [string] | true | none | none |
module | TargetType | true | none | Determines the type of location . For RenewAccessSettingsDataModel : Determines the type of path . If omitted, falls back to FolderManagement . |
location | string | true | none | Can be a resource group name, UNC path, URL, 3rd-Party-Item-Collection name, 3rd-Party-Item location or profile name, depending on module . |
type | LocationType | true | none | none |
SubjectType
"User"
Determines the type of user_id
. If omitted, falls back to User
. When using User
, user_id
must be an active directory user or group name. When using Profile
, user_id
must be a profile name.
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
anonymous | string | false | none | Determines the type of user_id . If omitted, falls back to User . When using User , user_id must be an active directory user or group name. When using Profile , user_id must be a profile name. |
Enumerated Values
Property | Value |
---|---|
anonymous | User |
anonymous | Profile |
TargetType
"FolderManagement"
Determines the type of location
. For RenewAccessSettingsDataModel
: Determines the type of path
. If omitted, falls back to FolderManagement
.
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
anonymous | string | false | none | Determines the type of location . For RenewAccessSettingsDataModel : Determines the type of path . If omitted, falls back to FolderManagement . |
Enumerated Values
Property | Value |
---|---|
anonymous | FolderManagement |
anonymous | SharePoint |
anonymous | Profile |
anonymous | ThirdParty |
ThirdPartyLocationResponseModel
{
"subtypes": [
"ActiveDirectoryItemCollection"
],
"type": "ResourceGroup",
"id": "Zm0tZl9pZC00Mg",
"requests_enabled": true,
"supplementary_permissions": true,
"module": "FolderManagement",
"location": "ResourceGroupName or \\\\server\\share\\folder or http://host/path or ItemCollectionName or ItemCollectionName/ItemName or ProfileName"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
subtypes | [ThirdPartyLocationSubtype]¦null | false | none | none |
ThirdPartyLocationSubtype
"ActiveDirectoryItemCollection"
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
anonymous | string | false | none | none |
Enumerated Values
Property | Value |
---|---|
anonymous | ActiveDirectoryItemCollection |
anonymous | ActiveDirectoryItem |
anonymous | MsTeamsItemCollection |
anonymous | MsTeamsItem |
anonymous | MsTeamsTeam |
anonymous | SharePointItemCollection |
anonymous | SharePointItem |
anonymous | SharePointSite |
anonymous | SharePointTeamSiteMs365Group |
anonymous | SharePointTeamSiteSpGroups |
anonymous | SharePointCommunicationSite |
UpdateFolderCollectionModel
{
"display_name": "string",
"enable_rights_management": true,
"agent_group_name": "Default",
"domain_mode": "SingleDomain",
"organizational_unit": "OU=ou,DC=domain,DC=tld",
"local_ad_group_naming_pattern": "lg_{0}_{1:00000000}_{2}",
"global_ad_group_naming_pattern": "gg_{0}_{1:00000000}_{2}",
"admin_group": "DOMAIN\\group.name",
"browse_group": "DOMAIN\\group.name",
"enable_access_groups": true,
"enable_new_folder_requests_on_folder_collection": true,
"deviation_strategy": "IdentifyAndCorrect",
"always_take_ownership": false,
"audit_ownership_changes": false,
"enable_realtime_permissions": true,
"type": "ResourceGroup"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
display_name | string | true | none | none |
enable_rights_management | boolean | false | none | none |
agent_group_name | string | true | none | none |
domain_mode | DomainMode | false | none | none |
organizational_unit | string | true | none | none |
local_ad_group_naming_pattern | string | true | none | none |
global_ad_group_naming_pattern | string | true | none | none |
admin_group | string | true | none | none |
browse_group | string | true | none | none |
enable_access_groups | boolean | false | none | none |
enable_new_folder_requests_on_folder_collection | boolean | false | none | none |
deviation_strategy | DeviationStrategy | false | none | none |
always_take_ownership | boolean | false | none | none |
audit_ownership_changes | boolean | false | none | none |
enable_realtime_permissions | boolean | false | none | none |
UpdateLocationModel
{
"type": "ResourceGroup"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
type | LocationType | true | none | none |
UpdatePermissionModel
{
"permission": "read or write or design or owner or member or visitor or profilemembership",
"valid_from": "2024-07-26",
"valid_through": "2024-07-26",
"comment": "string"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
permission | string | true | none | See Permission Set of Location. |
valid_from | string(date)¦null | false | none | Optional start date, only valid for profile permissions. |
valid_through | string(date)¦null | false | none | Optional expiration date. |
comment | string¦null | false | none | Optional permission comment |
UpdateResourceGroupModel
{
"location": "ResourceGroupName",
"description": "string",
"type": "ResourceGroup"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
location | string | true | none | none |
description | string¦null | false | none | none |
UserProfileResponseModel
{
"id": "Zm0tZl9pZC00Mg",
"requests_enabled": true,
"supplementary_permissions": true,
"member_sync_group_name": "DOMAIN\\group.name",
"use_profile_permission_groups": true,
"self_service_enabled": true,
"cluster_path": "/",
"description": "string",
"self_service_description": "string",
"responsible_account_names": [
"string"
],
"module": "FolderManagement",
"location": "ResourceGroupName or \\\\server\\share\\folder or http://host/path or ItemCollectionName or ItemCollectionName/ItemName or ProfileName",
"type": "ResourceGroup"
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
id | string¦null | false | none | System generated location id. |
requests_enabled | boolean¦null | false | none | requests_enabled is only set for locations of type RightsFolder , ManagedFolderCollection , ManagedSite or ManagedSiteCollection . On location object of other types, it will always be null. requests_enabled indicates, whether permissions on this location can be requested using the SSP. It has no impact on the request API resource. As modules like ThirdParty and Profile are not explicitly supported, possibility of being requestable can be decided by their SSP visibility (see above): if a resource object is not visible in SSP, you may judge this as not requestable – even though it is possible via this API function. |
supplementary_permissions | boolean | false | none | supplementary_permissions indicates whether the locations logic to grant permissions is set to "Supplementary Permissions" or "Exclusive Permissions". false in this case means the locations logic to grant permissions is set to "Exclusive-Permissions" which is the default for all types. The only type that supports "Supplementary Permissions" is 3rd party item (ThirdPartyItem ). |
member_sync_group_name | string¦null | false | none | Optional If a member synchronization group is supplied, responsible_account_names must be empty |
use_profile_permission_groups | boolean¦null | false | none | Optional If left empty, the default value defined in the settings within AM is used. |
self_service_enabled | boolean¦null | false | none | Optional If left empty, the default value defined in the settings within AM is used. If a member synchronization group is supplied, it will be ignored and always be set to false . |
cluster_path | string | true | none | none |
description | string¦null | false | none | none |
self_service_description | string¦null | false | none | none |
responsible_account_names | [string] | true | none | none |
module | TargetType | true | none | Determines the type of location . For RenewAccessSettingsDataModel : Determines the type of path . If omitted, falls back to FolderManagement . |
location | string | true | none | Can be a resource group name, UNC path, URL, 3rd-Party-Item-Collection name, 3rd-Party-Item location or profile name, depending on module . |
type | LocationType | true | none | none |