Permissions define granular access control rules that specify what operations can be performed on specific resource types within the View system. They serve as the foundation of the Role-Based Access Control (RBAC) system, allowing administrators to create fine-grained security policies
API Endpoints
Permissions are managed via the Configuration server API at [http|https]://[hostname]:[port]/v1.0/tenants/[tenant-guid]/permissions
Supported HTTP Methods: GET, HEAD, PUT, DELETE
Important: All permission operations require administrator-level access tokens.
Permission Object Structure
Permission objects contain comprehensive access control definitions for resource and operation combinations. Here's the complete structure:
{
"GUID": "00000000-0000-0000-0000-000000000000",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"ResourceTypes": ["All"],
"OperationTypes": ["All"],
"PermissionType": "Permit",
"Active": true,
"IsProtected": false,
"CreatedUtc": "2024-07-10T05:09:31.000000Z"
}Field Descriptions
- GUID (GUID): Globally unique identifier for the permission object
- TenantGUID (GUID): Globally unique identifier for the tenant
- ResourceTypes (string[]): Array of resource types this permission applies to (e.g., "All", "Documents", "Users", "Roles")
- OperationTypes (string[]): Array of operations this permission allows (e.g., "All", "Read", "Write", "Delete", "Create")
- PermissionType (enum): Type of permission - either "Permit" or "Deny"
- Active (boolean): Indicates whether the permission is active and can be used
- IsProtected (boolean): Indicates whether the permission is protected from modification
- CreatedUtc (datetime): UTC timestamp when the permission was created
Permission Types
The PermissionType property can be one of the following:
- Permit: Allows the specified operations on the specified resource types
- Deny: Explicitly denies the specified operations on the specified resource types
Enumerate Permissions
Retrieves a paginated list of all permission objects in the system using GET /v2.0/tenants/[tenant-guid]/permissions/. This endpoint provides comprehensive enumeration with pagination support for managing multiple permissions.
Request Parameters
No additional parameters required beyond authentication.
curl --location 'http://localhost:8000/v2.0/tenants/00000000-0000-0000-0000-000000000000/permissions/' \
--header 'Authorization: ••••••'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
const enumeratePermission = async () => {
try {
const response = await api.Rbac.Permission.enumerate();
console.log(response, 'Permission fetched successfully');
} catch (err) {
console.log('Error fetching Permission:', err);
}
};
enumeratePermission();using View.Sdk;
using View.Sdk.Configuration;
ViewConfigurationSdk sdk = new ViewConfigurationSdk(Guid.Parse("<tenant-guid>"),"default", "http://localhost:8000/");
EnumerationResult<Permission> response =await sdk.Permission.Enumerate();import view_sdk
from view_sdk import configuration
from view_sdk.sdk_configuration import Service
from datetime import datetime, timezone
sdk = view_sdk.configure(
access_key="default",
base_url=""http://localhost/",
tenant_guid="default",
service_ports={Service.DEFAULT: 8000},
)
def enumeratePermissions():
permissions = configuration.Permission.enumerate()
print(permissions)
enumeratePermissions()Response
Returns a paginated enumeration result containing permission objects:
{
"Success": true,
"Timestamp": {
"Start": "2025-10-15T07:57:13.648057Z",
"TotalMs": 8.71,
"Messages": {}
},
"MaxResults": 1000,
"Skip": 0,
"IterationsRequired": 1,
"EndOfResults": true,
"TotalRecords": 1,
"RecordsRemaining": 0,
"Objects": [
{
"GUID": "00000000-0000-0000-0000-000000000000",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"ResourceTypes": [
"All"
],
"OperationTypes": [
"All"
],
"PermissionType": "Permit",
"Active": true,
"IsProtected": true,
"CreatedUtc": "2025-10-09T17:27:05.247203Z"
}
]
}Read All Permissions
Retrieves all permission objects in a single request using GET /v1.0/tenants/[tenant-guid]/permissions. This endpoint provides a simple way to get all permissions without pagination.
Request Parameters
No additional parameters required beyond authentication.
curl --location 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/permissions' \
--header 'Authorization: ••••••'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
const readAllPermission = async () => {
try {
const response = await api.Rbac.Permission.readAll();
console.log(response, 'Permission fetched successfully');
} catch (err) {
console.log('Error fetching Permission:', err);
}
};
readAllPermission();using View.Sdk;
using View.Sdk.Configuration;
ViewConfigurationSdk sdk = new ViewConfigurationSdk(Guid.Parse("<tenant-guid>"),"default", "http://localhost:8000/");
List<Permission> response =await sdk.Permission.RetrieveMany();import view_sdk
from view_sdk import configuration
from view_sdk.sdk_configuration import Service
from datetime import datetime, timezone
sdk = view_sdk.configure(
access_key="default",
base_url=""http://localhost/",
tenant_guid="default",
service_ports={Service.DEFAULT: 8000},
)
def readAllPermissions():
permissions = configuration.Permission.retrieve_all()
print(permissions)
readAllPermissions()Response
Returns an array of all permission objects:
[
{
"GUID": "00000000-0000-0000-0000-000000000000",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"ResourceTypes": ["All"],
"OperationTypes": ["All"],
"PermissionType": "Permit",
"Active": true,
"IsProtected": true,
"CreatedUtc": "2024-07-10T05:09:31.000000Z"
}
]Read Permission
Retrieves a specific permission object by its GUID using GET /v1.0/tenants/[tenant-guid]/permissions/[permission-guid]. This endpoint allows you to get detailed information about a single permission.
Request Parameters
- permission-guid (string, Path, Required): GUID of the permission to retrieve
curl --location 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/permissions/00000000-0000-0000-0000-000000000000' \
--header 'Authorization: ••••••'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
const readPermission = async () => {
try {
const response = await api.Rbac.Permission.read('00000000-0000-0000-0000-000000000000');
console.log(response, 'Permission fetched successfully');
} catch (err) {
console.log('Error fetching Permission:', err);
}
};
readPermission();using View.Sdk;
using View.Sdk.Configuration;
ViewConfigurationSdk sdk = new ViewConfigurationSdk(Guid.Parse("<tenant-guid>"),"default", "http://localhost:8000/");
Permission response =await sdk.Permission.Retrieve(Guid.Parse("<permission-guid>"));import view_sdk
from view_sdk import configuration
from view_sdk.sdk_configuration import Service
from datetime import datetime, timezone
sdk = view_sdk.configure(
access_key="default",
base_url=""http://localhost/",
tenant_guid="default",
service_ports={Service.DEFAULT: 8000},
)
def readPermission():
permission = configuration.Permission.retrieve("permission-guid")
print(permission)
readPermission()Response
Returns the requested permission object:
{
"GUID": "00000000-0000-0000-0000-000000000000",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"ResourceTypes": ["All"],
"OperationTypes": ["All"],
"PermissionType": "Permit",
"Active": true,
"IsProtected": true,
"CreatedUtc": "2024-07-10T05:09:31.000000Z"
}Create Permission
Creates a new permission object using PUT /v1.0/tenants/[tenant-guid]/permissions. This endpoint allows you to define new access control rules for your system.
Request Parameters
{
"ResourceTypes": ["Documents", "Users"],
"OperationTypes": ["Read", "Write"],
"PermissionType": "Permit"
}curl --location --request PUT 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/permissions' \
--header 'content-type: application/json' \
--header 'Authorization: ••••••' \
--data '{
"ResourceTypes": [ "Blob", "Bucket" ],
"OperationTypes": [ "Create", "Read", "Update", "Delete", "Execute" ],
"PermissionType": "Permit",
"Active": true
}'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
const createPermission = async () => {
try {
const response = await api.Rbac.Permission.create({
ResourceTypes: ['Blob', 'Bucket'],
OperationTypes: ['Create', 'Read', 'Update', 'Delete', 'Execute'],
PermissionType: 'Permit',
Active: true,
});
console.log(response, 'Permission created successfully');
} catch (err) {
console.log('Error creating Permission:', err);
}
};
createPermission();import view_sdk
from view_sdk import configuration
from view_sdk.sdk_configuration import Service
from datetime import datetime, timezone
sdk = view_sdk.configure(
access_key="default",
base_url=""http://localhost/",
tenant_guid="default",
service_ports={Service.DEFAULT: 8000},
)
def createPermission():
permission = configuration.Permission.create(
Name="My permission",
Active=True,
IsProtected=False,
CreatedUtc=datetime.now(timezone.utc),
)
print(permission)
createPermission()using View.Sdk;
using View.Sdk.Configuration;
ViewConfigurationSdk sdk = new ViewConfigurationSdk(Guid.Parse("<tenant-guid>"),"default", "http://locahost:8000/");
Permission permission = new Permission()
{
ResourceTypes = new List<string> { "Blob", "Bucket" },
OperationTypes = new List<string> { "Create", "Read", "Update", "Delete", "Execute" },
PermissionType = "Permit",
Active = true
};
Permission response = await sdk.Permission.Create(permission);Response
Returns the created permission object with generated GUID and timestamps:
{
"GUID": "11111111-1111-1111-1111-111111111111",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"ResourceTypes": ["Documents", "Users"],
"OperationTypes": ["Read", "Write"],
"PermissionType": "Permit",
"Active": true,
"IsProtected": false,
"CreatedUtc": "2024-07-10T05:15:45.000000Z"
}Update Permission
Updates an existing permission object using PUT /v1.0/tenants/[tenant-guid]/permissions/[permission-guid]. This endpoint allows you to modify permission definitions.
Request Parameters
- permission-guid (string, Path, Required): GUID of the permission to update
- Permission (object, Body, Required): Updated permission information
{
"GUID": "11111111-1111-1111-1111-111111111111",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"ResourceTypes": ["Documents", "Users", "Roles"],
"OperationTypes": ["Read", "Write", "Delete"],
"PermissionType": "Permit",
"Active": true,
"IsProtected": false
}curl --location --request PUT 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/permissions/00000000-0000-0000-0000-000000000000' \
--header 'content-type: application/json' \
--header 'Authorization: ••••••' \
--data '{
"ResourceTypes": [ "Blob", "Bucket" ],
"OperationTypes": [ "Create", "Read", "Update", "Delete", "Execute" ],
"PermissionType": "Permit",
"Active": true
}'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
const updatePermission = async () => {
try {
const response = await api.Rbac.Permission.update({
GUID: '5c9ae6af-13ca-4a17-9ad3-c9109a8ccb8c',
TenantGUID: '00000000-0000-0000-0000-000000000000',
ResourceTypes: ['Blob', 'Bucket'],
OperationTypes: ['Create', 'Read', 'Update', 'Delete', 'Execute'],
PermissionType: 'Permit',
Active: true,
IsProtected: false,
CreatedUtc: '2025-10-14T11:37:34.826109Z',
});
console.log(response, 'Permission updated successfully');
} catch (err) {
console.log('Error updating Permission:', err);
}
};
updatePermission();import view_sdk
from view_sdk import configuration
from view_sdk.sdk_configuration import Service
from datetime import datetime, timezone
sdk = view_sdk.configure(
access_key="default",
base_url=""http://localhost/",
tenant_guid="default",
service_ports={Service.DEFAULT: 8000},
)
def updatePermission():
permission = configuration.Permission.update(
"permission-guid",
Name="My permission [updated]",
Active=True,
IsProtected=False,
CreatedUtc=datetime.now(timezone.utc),
)
print(permission)
updatePermission()using View.Sdk;
using View.Sdk.Configuration;
ViewConfigurationSdk sdk = new ViewConfigurationSdk(Guid.Parse("<tenant-guid>"),"default", "http://locahost:8000/");
Permission permission = new Permission()
{
GUID = Guid.Parse("<permission-guid>"),
ResourceTypes = new List<string> { "Blob", "Bucket" },
OperationTypes = new List<string> { "Create", "Read", "Update", "Delete", "Execute" },
PermissionType = "Permit",
Active = true
};
Permission response = await sdk.Permission.Update(permission);Response
Returns the updated permission object:
{
"GUID": "11111111-1111-1111-1111-111111111111",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"ResourceTypes": ["Documents", "Users", "Roles"],
"OperationTypes": ["Read", "Write", "Delete"],
"PermissionType": "Permit",
"Active": true,
"IsProtected": false,
"CreatedUtc": "2024-07-10T05:15:45.000000Z"
}Delete Permission
Deletes a permission object by its GUID using DELETE /v1.0/tenants/[tenant-guid]/permissions/[permission-guid]. This endpoint permanently removes the permission from the system.
Request Parameters
- permission-guid (string, Path, Required): GUID of the permission to delete
curl --location --request DELETE 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/permissions/11111111-1111-1111-1111-111111111111' \
--header 'Authorization: ••••••'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
const deletePermission = async () => {
try {
const response = await api.Rbac.Permission.delete('5c9ae6af-13ca-4a17-9ad3-c9109a8ccb8c');
console.log(response, 'Permission deleted successfully');
} catch (err) {
console.log('Error deleting Permission:', err);
}
};
deletePermission();import view_sdk
from view_sdk import configuration
from view_sdk.sdk_configuration import Service
from datetime import datetime, timezone
sdk = view_sdk.configure(
access_key="default",
base_url=""http://localhost/",
tenant_guid="default",
service_ports={Service.DEFAULT: 8000},
)
def deletePermission():
permission = configuration.Permission.delete("permission-guid")
print(permission)
deletePermission()using View.Sdk;
using View.Sdk.Configuration;
ViewConfigurationSdk sdk = new ViewConfigurationSdk(Guid.Parse("<tenant-guid>"),"default", "http://locahost:8000/");
bool deleted = await sdk.Permission.Delete(Guid.Parse("<permission-guid>"));Check Permission Existence
Checks if a permission exists by its GUID using HEAD /v1.0/tenants/[tenant-guid]/permissions/[permission-guid]. This endpoint allows you to verify permission presence without retrieving the full object.
Request Parameters
- permission-guid (string, Path, Required): GUID of the permission to check
curl --location --head 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/permissions/11111111-1111-1111-1111-111111111111' \
--header 'Authorization: ••••••'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
const existsPermission = async () => {
try {
const response = await api.Rbac.Permission.exists('5c9ae6af-13ca-4a17-9ad3-c9109a8ccb8c');
console.log(response, 'Permission exists');
} catch (err) {
console.log('Error checking Permission:', err);
}
};
existsPermission();import view_sdk
from view_sdk import configuration
from view_sdk.sdk_configuration import Service
from datetime import datetime, timezone
sdk = view_sdk.configure(
access_key="default",
base_url=""http://localhost/",
tenant_guid="default",
service_ports={Service.DEFAULT: 8000},
)
def existsPermission():
permission = configuration.Permission.exists("permission-guid")
print(permission)
existsPermission()using View.Sdk;
using View.Sdk.Configuration;
ViewConfigurationSdk sdk = new ViewConfigurationSdk(Guid.Parse("<tenant-guid>"),"default", "http://locahost:8000/");
bool exists = await sdk.Permission.Exists(Guid.Parse("<permission-guid>"));Best Practices
- Principle of Least Privilege: Create permissions that grant only the minimum necessary access
- Regular Auditing: Periodically review and audit permission assignments
- Descriptive Naming: Use clear, descriptive names for custom permissions
- Testing: Test permission configurations in a development environment before production deployment
- Documentation: Maintain documentation of custom permission definitions and their intended use