Role to Permission Maps are the critical linking objects in the Role-Based Access Control (RBAC) system that establish the relationship between roles and permissions. They define which permissions are associated with specific roles, enabling the flexible assignment of access rights to users through role assignments.
API Endpoints
Role to Permission Maps are managed via the Configuration server API at [http|https]://[hostname]:[port]/v1.0/tenants/[tenant-guid]/rolepermissionmaps
Supported HTTP Methods: GET, HEAD, PUT, DELETE
Important: All role permission map operations require administrator-level access tokens.
Role Permission Map Object Structure
Role Permission Map objects contain the essential linking information between roles and permissions. Here's the complete structure:
{
"GUID": "00000000-0000-0000-0000-000000000000",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"RoleGUID": "00000000-0000-0000-0000-000000000000",
"PermissionGUID": "00000000-0000-0000-0000-000000000000",
"Active": true,
"IsProtected": true,
"CreatedUtc": "2025-10-09T17:27:05.247203Z"
}Field Descriptions
- GUID (GUID): Globally unique identifier for the role permission map object
- TenantGUID (GUID): Globally unique identifier for the tenant
- RoleGUID (GUID): GUID of the role this map belongs to
- PermissionGUID (GUID): GUID of the permission being mapped to the role
- Active (boolean): Indicates whether the role permission map is active and can be used
- IsProtected (boolean): Indicates whether the role permission map is protected from modification
- CreatedUtc (datetime): UTC timestamp when the role permission map was created
Enumerate Role Permission Maps
Retrieves a paginated list of all role permission map objects in the system using GET /v2.0/tenants/[tenant-guid]/rolepermissionmaps/. This endpoint provides comprehensive enumeration with pagination support for managing multiple role permission mappings.
Request Parameters
No additional parameters required beyond authentication.
curl --location 'http://localhost:8000/v2.0/tenants/00000000-0000-0000-0000-000000000000/rolepermissionmaps/' \
--header 'Authorization: ••••••'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
const enumerateRolePermissionMap = async () => {
try {
const response = await api.Rbac.RolePermissionMap.enumerate();
console.log(response, 'Role permission map fetched successfully');
} catch (err) {
console.log('Error fetching Role permission map:', err);
}
};
enumerateRolePermissionMaps();Response
Returns a paginated enumeration result containing role permission map objects:
{
"Success": true,
"Timestamp": {
"Start": "2025-10-15T08:19:14.669794Z",
"TotalMs": 6.26,
"Messages": {}
},
"MaxResults": 1000,
"Skip": 0,
"IterationsRequired": 1,
"EndOfResults": true,
"TotalRecords": 1,
"RecordsRemaining": 0,
"Objects": [
{
"GUID": "00000000-0000-0000-0000-000000000000",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"RoleGUID": "00000000-0000-0000-0000-000000000000",
"PermissionGUID": "00000000-0000-0000-0000-000000000000",
"Active": true,
"IsProtected": true,
"CreatedUtc": "2025-10-09T17:27:05.247203Z"
}
]
}Read All Role Permission Maps
Retrieves all role permission map objects in a single request using GET /v1.0/tenants/[tenant-guid]/rolepermissionmaps. This endpoint provides a simple way to get all role permission mappings without pagination.
Request Parameters
No additional parameters required beyond authentication.
curl --location 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/rolepermissionmaps' \
--header 'Authorization: ••••••'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
const readAllRolePermissionMap = async () => {
try {
const response = await api.Rbac.RolePermissionMap.readAll();
console.log(response, 'Role permission map fetched successfully');
} catch (err) {
console.log('Error fetching Role permission map:', err);
}
};
readAllRolePermissionMap();Response
Returns an array of all role permission map objects:
[
{
"GUID": "00000000-0000-0000-0000-000000000000",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"RoleGUID": "00000000-0000-0000-0000-000000000000",
"PermissionGUID": "00000000-0000-0000-0000-000000000000",
"Active": true,
"IsProtected": true,
"CreatedUtc": "2025-10-09T17:27:05.247203Z"
}
]Read Role Permission Map
Retrieves a specific role permission map object by its GUID using GET /v1.0/tenants/[tenant-guid]/rolepermissionmaps/[map-guid]. This endpoint allows you to get detailed information about a single role permission mapping.
Request Parameters
- map-guid (string, Path, Required): GUID of the role permission map to retrieve
curl --location 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/rolepermissionmaps/00000000-0000-0000-0000-000000000000' \
--header 'Authorization: ••••••'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
const readRolePermissionMap = async () => {
try {
const response = await api.Rbac.RolePermissionMap.read('00000000-0000-0000-0000-000000000000');
console.log(response, 'Role permission map fetched successfully');
} catch (err) {
console.log('Error fetching Role permission map:', err);
}
};
readRolePermissionMap();Response
Returns the requested role permission map object:
{
"GUID": "00000000-0000-0000-0000-000000000000",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"RoleGUID": "00000000-0000-0000-0000-000000000000",
"PermissionGUID": "00000000-0000-0000-0000-000000000000",
"Active": true,
"IsProtected": true,
"CreatedUtc": "2025-10-09T17:27:05.247203Z"
}Create Role Permission Map
Creates a new role permission map object using PUT /v1.0/tenants/[tenant-guid]/rolepermissionmaps. This endpoint allows you to establish new relationships between roles and permissions.
Request Parameters
{
"RoleGUID": "11111111-1111-1111-1111-111111111111",
"PermissionGUID": "22222222-2222-2222-2222-222222222222",
"Active": true,
}curl --location --request PUT 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/rolepermissionmaps' \
--header 'content-type: application/json' \
--header 'Authorization: ••••••' \
--data '{
"RoleGUID": "00000000-0000-0000-0000-000000000000",
"PermissionGUID": "00000000-0000-0000-0000-000000000000",
"Active": true
}'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
const createRolePermissionMap = async () => {
try {
const response = await api.Rbac.RolePermissionMap.create({
RoleGUID: '00000000-0000-0000-0000-000000000000',
PermissionGUID: '00000000-0000-0000-0000-000000000000',
Active: true,
});
console.log(response, 'Role permission map created successfully');
} catch (err) {
console.log('Error creating Role permission map:', err);
}
};
createRolePermissionMap();Response
Returns the created role permission map object with generated GUID and timestamps:
{
"GUID": "33333333-3333-3333-3333-333333333333",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"RoleGUID": "11111111-1111-1111-1111-111111111111",
"PermissionGUID": "22222222-2222-2222-2222-222222222222",
"Active": true,
"IsProtected": false,
"CreatedUtc": "2025-10-09T17:27:05.247203Z"
}Update Role Permission Map
Updates an existing role permission map object using PUT /v1.0/tenants/[tenant-guid]/rolepermissionmaps/[map-guid]. This endpoint allows you to modify role permission mapping configurations.
Request Parameters
{
"GUID": "33333333-3333-3333-3333-333333333333",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"RoleGUID": "11111111-1111-1111-1111-111111111111",
"PermissionGUID": "44444444-4444-4444-4444-444444444444",
"Active": true,
"IsProtected": false
}curl --location --request PUT 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/rolepermissionmaps/00000000-0000-0000-0000-000000000000' \
--header 'content-type: application/json' \
--header 'Authorization: ••••••' \
--data '{
"RoleGUID": "00000000-0000-0000-0000-000000000000",
"PermissionGUID": "00000000-0000-0000-0000-000000000000",
"Active": true
}'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
api.accessToken = "<adminToken>"; //This API requires Admin access
const updateRolePermissionMap = async () => {
try {
const response = await api.Rbac.RolePermissionMap.update({
GUID: '211d79c3-9f86-4259-bca9-2ca238aa4eb2',
TenantGUID: '00000000-0000-0000-0000-000000000000',
RoleGUID: '00000000-0000-0000-0000-000000000000',
PermissionGUID: '00000000-0000-0000-0000-000000000000',
Active: true,
IsProtected: false,
CreatedUtc: '2025-10-15T06:19:39.028501Z',
});
console.log(response, 'Role permission map updated successfully');
} catch (err) {
console.log('Error updating Role permission map:', err);
}
};
updateRolePermissionMap();Response
Returns the updated role permission map object:
{
"GUID": "33333333-3333-3333-3333-333333333333",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"RoleGUID": "11111111-1111-1111-1111-111111111111",
"PermissionGUID": "44444444-4444-4444-4444-444444444444",
"Active": true,
"IsProtected": false,
"CreatedUtc": "2025-10-09T17:27:05.247203Z"
}Delete Role Permission Map
Deletes a role permission map object by its GUID using DELETE /v1.0/tenants/[tenant-guid]/rolepermissionmaps/[map-guid]. This endpoint permanently removes the role permission mapping from the system.
Request Parameters
- map-guid (string, Path, Required): GUID of the role permission map to delete
curl --location --request DELETE 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/rolepermissionmaps/33333333-3333-3333-3333-333333333333' \
--header 'Authorization: ••••••'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
const deleteRolePermissionMap = async () => {
try {
const response = await api.Rbac.RolePermissionMap.delete('211d79c3-9f86-4259-bca9-2ca238aa4eb2');
console.log(response, 'Role permission map deleted successfully');
} catch (err) {
console.log('Error deleting Role permission map:', err);
}
};
deleteRolePermissionMap();Check Role Permission Map Existence
Checks if a role permission map exists by its GUID using HEAD /v1.0/tenants/[tenant-guid]/rolepermissionmaps/[map-guid]. This endpoint allows you to verify role permission map presence without retrieving the full object.
Request Parameters
- map-guid (string, Path, Required): GUID of the role permission map to check
curl --location --head 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/rolepermissionmaps/33333333-3333-3333-3333-333333333333' \
--header 'Authorization: ••••••'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
const existsRolePermissionMap = async () => {
try {
const response = await api.Rbac.RolePermissionMap.exists('211d79c3-9f86-4259-bca9-2ca238aa4eb2');
console.log(response, 'Role permission map exists successfully');
} catch (err) {
console.log('Error checking Role permission map existence:', err);
}
};
checkRolePermissionMapExists();Best Practices
- Consistent Mapping: Ensure all necessary permissions are mapped to appropriate roles
- Regular Auditing: Periodically review role permission mappings for accuracy
- Principle of Least Privilege: Only map permissions that are actually needed for the role
- Testing: Test role permission changes in a development environment before production deployment
- Documentation: Maintain documentation of role permission mappings and their business justification
- Monitoring: Monitor the impact of role permission changes on user access patterns