Permissions define granular access control rules that specify what operations can be performed on specific resource types within the View system. They serve as the foundation of the Role-Based Access Control (RBAC) system, allowing administrators to create fine-grained security policies
API Endpoints
Permissions are managed via the Configuration server API at [http|https]://[hostname]:[port]/v1.0/tenants/[tenant-guid]/permissions
Supported HTTP Methods: GET, HEAD, PUT, DELETE
Important: All permission operations require administrator-level access tokens.
Permission Object Structure
Permission objects contain comprehensive access control definitions for resource and operation combinations. Here's the complete structure:
{
"GUID": "00000000-0000-0000-0000-000000000000",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"ResourceTypes": ["All"],
"OperationTypes": ["All"],
"PermissionType": "Permit",
"Active": true,
"IsProtected": false,
"CreatedUtc": "2024-07-10T05:09:31.000000Z"
}Field Descriptions
- GUID (GUID): Globally unique identifier for the permission object
- TenantGUID (GUID): Globally unique identifier for the tenant
- ResourceTypes (string[]): Array of resource types this permission applies to (e.g., "All", "Documents", "Users", "Roles")
- OperationTypes (string[]): Array of operations this permission allows (e.g., "All", "Read", "Write", "Delete", "Create")
- PermissionType (enum): Type of permission - either "Permit" or "Deny"
- Active (boolean): Indicates whether the permission is active and can be used
- IsProtected (boolean): Indicates whether the permission is protected from modification
- CreatedUtc (datetime): UTC timestamp when the permission was created
Permission Types
The PermissionType property can be one of the following:
- Permit: Allows the specified operations on the specified resource types
- Deny: Explicitly denies the specified operations on the specified resource types
Enumerate Permissions
Retrieves a paginated list of all permission objects in the system using GET /v2.0/tenants/[tenant-guid]/permissions/. This endpoint provides comprehensive enumeration with pagination support for managing multiple permissions.
Request Parameters
No additional parameters required beyond authentication.
curl --location 'http://localhost:8000/v2.0/tenants/00000000-0000-0000-0000-000000000000/permissions/' \
--header 'Authorization: ••••••'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
const enumeratePermission = async () => {
try {
const response = await api.Rbac.Permission.enumerate();
console.log(response, 'Permission fetched successfully');
} catch (err) {
console.log('Error fetching Permission:', err);
}
};
enumeratePermission();Response
Returns a paginated enumeration result containing permission objects:
{
"Success": true,
"Timestamp": {
"Start": "2025-10-15T07:57:13.648057Z",
"TotalMs": 8.71,
"Messages": {}
},
"MaxResults": 1000,
"Skip": 0,
"IterationsRequired": 1,
"EndOfResults": true,
"TotalRecords": 1,
"RecordsRemaining": 0,
"Objects": [
{
"GUID": "00000000-0000-0000-0000-000000000000",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"ResourceTypes": [
"All"
],
"OperationTypes": [
"All"
],
"PermissionType": "Permit",
"Active": true,
"IsProtected": true,
"CreatedUtc": "2025-10-09T17:27:05.247203Z"
}
]
}Read All Permissions
Retrieves all permission objects in a single request using GET /v1.0/tenants/[tenant-guid]/permissions. This endpoint provides a simple way to get all permissions without pagination.
Request Parameters
No additional parameters required beyond authentication.
curl --location 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/permissions' \
--header 'Authorization: ••••••'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
const readAllPermission = async () => {
try {
const response = await api.Rbac.Permission.readAll();
console.log(response, 'Permission fetched successfully');
} catch (err) {
console.log('Error fetching Permission:', err);
}
};
readAllPermission();Response
Returns an array of all permission objects:
[
{
"GUID": "00000000-0000-0000-0000-000000000000",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"ResourceTypes": ["All"],
"OperationTypes": ["All"],
"PermissionType": "Permit",
"Active": true,
"IsProtected": true,
"CreatedUtc": "2024-07-10T05:09:31.000000Z"
}
]Read Permission
Retrieves a specific permission object by its GUID using GET /v1.0/tenants/[tenant-guid]/permissions/[permission-guid]. This endpoint allows you to get detailed information about a single permission.
Request Parameters
- permission-guid (string, Path, Required): GUID of the permission to retrieve
curl --location 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/permissions/00000000-0000-0000-0000-000000000000' \
--header 'Authorization: ••••••'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
const readPermission = async () => {
try {
const response = await api.Rbac.Permission.read('00000000-0000-0000-0000-000000000000');
console.log(response, 'Permission fetched successfully');
} catch (err) {
console.log('Error fetching Permission:', err);
}
};
readPermission();Response
Returns the requested permission object:
{
"GUID": "00000000-0000-0000-0000-000000000000",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"ResourceTypes": ["All"],
"OperationTypes": ["All"],
"PermissionType": "Permit",
"Active": true,
"IsProtected": true,
"CreatedUtc": "2024-07-10T05:09:31.000000Z"
}Create Permission
Creates a new permission object using PUT /v1.0/tenants/[tenant-guid]/permissions. This endpoint allows you to define new access control rules for your system.
Request Parameters
{
"ResourceTypes": ["Documents", "Users"],
"OperationTypes": ["Read", "Write"],
"PermissionType": "Permit"
}curl --location --request PUT 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/permissions' \
--header 'content-type: application/json' \
--header 'Authorization: ••••••' \
--data '{
"ResourceTypes": [ "Blob", "Bucket" ],
"OperationTypes": [ "Create", "Read", "Update", "Delete", "Execute" ],
"PermissionType": "Permit",
"Active": true
}'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
const createPermission = async () => {
try {
const response = await api.Rbac.Permission.create({
ResourceTypes: ['Blob', 'Bucket'],
OperationTypes: ['Create', 'Read', 'Update', 'Delete', 'Execute'],
PermissionType: 'Permit',
Active: true,
});
console.log(response, 'Permission created successfully');
} catch (err) {
console.log('Error creating Permission:', err);
}
};
createPermission();Response
Returns the created permission object with generated GUID and timestamps:
{
"GUID": "11111111-1111-1111-1111-111111111111",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"ResourceTypes": ["Documents", "Users"],
"OperationTypes": ["Read", "Write"],
"PermissionType": "Permit",
"Active": true,
"IsProtected": false,
"CreatedUtc": "2024-07-10T05:15:45.000000Z"
}Update Permission
Updates an existing permission object using PUT /v1.0/tenants/[tenant-guid]/permissions/[permission-guid]. This endpoint allows you to modify permission definitions.
Request Parameters
- permission-guid (string, Path, Required): GUID of the permission to update
- Permission (object, Body, Required): Updated permission information
{
"GUID": "11111111-1111-1111-1111-111111111111",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"ResourceTypes": ["Documents", "Users", "Roles"],
"OperationTypes": ["Read", "Write", "Delete"],
"PermissionType": "Permit",
"Active": true,
"IsProtected": false
}curl --location --request PUT 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/permissions/00000000-0000-0000-0000-000000000000' \
--header 'content-type: application/json' \
--header 'Authorization: ••••••' \
--data '{
"ResourceTypes": [ "Blob", "Bucket" ],
"OperationTypes": [ "Create", "Read", "Update", "Delete", "Execute" ],
"PermissionType": "Permit",
"Active": true
}'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
const updatePermission = async () => {
try {
const response = await api.Rbac.Permission.update({
GUID: '5c9ae6af-13ca-4a17-9ad3-c9109a8ccb8c',
TenantGUID: '00000000-0000-0000-0000-000000000000',
ResourceTypes: ['Blob', 'Bucket'],
OperationTypes: ['Create', 'Read', 'Update', 'Delete', 'Execute'],
PermissionType: 'Permit',
Active: true,
IsProtected: false,
CreatedUtc: '2025-10-14T11:37:34.826109Z',
});
console.log(response, 'Permission updated successfully');
} catch (err) {
console.log('Error updating Permission:', err);
}
};
updatePermission();Response
Returns the updated permission object:
{
"GUID": "11111111-1111-1111-1111-111111111111",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"ResourceTypes": ["Documents", "Users", "Roles"],
"OperationTypes": ["Read", "Write", "Delete"],
"PermissionType": "Permit",
"Active": true,
"IsProtected": false,
"CreatedUtc": "2024-07-10T05:15:45.000000Z"
}Delete Permission
Deletes a permission object by its GUID using DELETE /v1.0/tenants/[tenant-guid]/permissions/[permission-guid]. This endpoint permanently removes the permission from the system.
Request Parameters
- permission-guid (string, Path, Required): GUID of the permission to delete
curl --location --request DELETE 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/permissions/11111111-1111-1111-1111-111111111111' \
--header 'Authorization: ••••••'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
const deletePermission = async () => {
try {
const response = await api.Rbac.Permission.delete('5c9ae6af-13ca-4a17-9ad3-c9109a8ccb8c');
console.log(response, 'Permission deleted successfully');
} catch (err) {
console.log('Error deleting Permission:', err);
}
};
deletePermission();Check Permission Existence
Checks if a permission exists by its GUID using HEAD /v1.0/tenants/[tenant-guid]/permissions/[permission-guid]. This endpoint allows you to verify permission presence without retrieving the full object.
Request Parameters
- permission-guid (string, Path, Required): GUID of the permission to check
curl --location --head 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/permissions/11111111-1111-1111-1111-111111111111' \
--header 'Authorization: ••••••'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
const existsPermission = async () => {
try {
const response = await api.Rbac.Permission.exists('5c9ae6af-13ca-4a17-9ad3-c9109a8ccb8c');
console.log(response, 'Permission exists');
} catch (err) {
console.log('Error checking Permission:', err);
}
};
existsPermission();Best Practices
- Principle of Least Privilege: Create permissions that grant only the minimum necessary access
- Regular Auditing: Periodically review and audit permission assignments
- Descriptive Naming: Use clear, descriptive names for custom permissions
- Testing: Test permission configurations in a development environment before production deployment
- Documentation: Maintain documentation of custom permission definitions and their intended use