Identify Admin's fine-grained authorization
Introduction
Applicable versions:
- Identify 5.15.0.6 and newer
- Identify 5.14.0.11 quality improvements and newer
The Identify Admin has a fine-grained authorization system that allows for granular control over user privileges. Some of the most important pre-defined roles include:
- ConfigurationContributor: This role has the ability to view and modify all resources except for Users.
- ConfigurationObserver: This role can view all resources but does not have permission to modify them. Additionally, it does not have access to view user data.
- UserContributor: This role has the ability to view and modify user information exclusively, without access to any other resources.
Pre-defined roles
Currently, the Identify Admin supports the following pre-defined roles:
| Name | Description |
|---|---|
| ConfigurationObserver | • Can view all resources except Users • Cannot make any changes to any resources. • Cannot view or make changes to self (requires User.ReadSelf and User.ReadWriteSelf permissions). • Cannot view logs. |
| ConfigurationContributor | • Can view and make changes to all resources except Users. • Cannot view logs. |
| UserObserver | • Can view own profile on My Profile page. • Can view Users, including self, via the user list. • Cannot view or make changes to other resources. • Cannot make changes to self (requires User.ReadWriteSelf permission). |
| UserContributor | • Can view and make changes to own profile on My Profile page. • Can view and make changes to Users, including self, via the user list. • Cannot view or make changes to other resources. |
| MonitorObserver | • Can view all resources on the Settings and Logging pages. • Can view Analytics page. • Cannot view or make changes to any other resources. |
| OrganizationObserver, GroupObserver, ClaimTransformationObserver, ConnectionObserver, ClaimObserver, ScriptLibraryObserver |
• Can view the specific resource type as indicated by the name. • Cannot view or make changes to other resources. |
| OrganizationContributor, GroupContributor, ClaimTransformationContributor, ConnectionContributor, ClaimContributor, ScriptLibraryContributor |
• Can view and make changes to the specific resource type as indicated by the name. • Cannot view or make changes to other resources. |
| CustomContentObserver | • Can view the Hosted forms. • Cannot view or make changes to other resources. |
| CustomContentContributor | • Can view or make changes to the Hosted forms. • Cannot view or make changes to other resources. |
| OtherSettingsObserver | • Can view all remaining resources such as SMS, Email, etc. |
| OtherSettingsContributor | • Can view and make changes to all remaining resources such as SMS, Email, etc. |
Note: Please exercise caution when granting the ClaimTransformationContributor, ConnectionContributor, and ScriptLibraryContributor roles. Due to the way claim transformations function in Identify, users with one of these roles may potentially exploit the existing setup to grant themselves higher permissions.
Note: The ConfigurationContributor role covers the MonitorContributor role, including all settings and Logging settings. As a result, only the MonitorObserver role is necessary to monitor all Logging resources.
How to assign roles to an existing user
Select an existing user to edit.
Scroll down to the setting Identify REST API role, where you can select one or more items to assign multiple roles to a user.
Detail of access right to REST API
The list below provides details about access rights for all endpoints of the REST API, with the following values:
- Yes: Indicates that a role has permission to call the endpoint.
- Yes(*): Indicates that a role has permission to call the endpoint but only affects the user specified in the access token, not other users.
- Yes (**): Indicates that a role has permission to call the endpoint, which can affect all users except the one specified in the access token.
- No: Indicates that a role does not have permission to call the endpoint.
| Endpoint | ConfigurationObserver | ConfigurationContributor | UserObserver | UserContributor | MonitorObserver | ConnectionObserver | ConnectionContributor | CustomContentObserver | CustomContentContributor | Administrator | Observer | User | ClaimTransformationObserver | ClaimTransformationContributor | ClaimObserver | ClaimContributor | OrganizationObserver | OrganizationContributor | OtherSettingsObserver | OtherSettingsContributor | ScriptLibraryObserver | ScriptLibraryContributor | GroupObserver | GroupContributor |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| GET /api/rest/v2/certificates | Yes | Yes | No | No | Yes | Yes | Yes | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/certificates | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/certificates/{thumbprint} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/certificates/{thumbprint} | Yes | Yes | No | No | Yes | Yes | Yes | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/certificates/many | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/certificates/many | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/claimdefinitions | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No | No | No | No | Yes | Yes |
| POST /api/rest/v2/claimdefinitions | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No |
| PUT /api/rest/v2/claimdefinitions | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/claimdefinitions/.filter | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No | No | No | No | Yes | Yes |
| POST /api/rest/v2/claimdefinitions/.search | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No | No | No | No | Yes | Yes |
| DELETE /api/rest/v2/claimdefinitions/{claimType} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/claimdefinitions/{claimType} | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No | No | No | No | Yes | Yes |
| PATCH /api/rest/v2/claimdefinitions/{claimType} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/claimdefinitions/{id} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/claimdefinitions/{id} | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No | No | No | No | Yes | Yes |
| DELETE /api/rest/v2/claimdefinitions/claimtypes | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/claimdefinitions/ids | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/claimdefinitions/many | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No |
| PUT /api/rest/v2/claimdefinitions/many | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/connections | Yes | Yes | No | No | No | Yes | Yes | No | No | Yes | Yes | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/connections | No | Yes | No | No | No | No | Yes | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| PUT /api/rest/v2/connections | No | Yes | No | No | No | No | Yes | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/connections/.filter | Yes | Yes | No | No | No | Yes | Yes | No | No | Yes | Yes | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No |
| PUT /api/rest/v2/connections/resetconsent/{connectionName} | No | Yes | No | No | No | No | Yes | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/connections/{connectionName} | No | Yes | No | No | No | No | Yes | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/connections/{connectionName} | Yes | Yes | No | No | No | Yes | Yes | No | No | Yes | Yes | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No |
| PATCH /api/rest/v2/connections/{connectionName} | No | Yes | No | No | No | No | Yes | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| PUT /api/rest/v2/connections/certificate | No | Yes | No | No | No | No | Yes | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/connections/certificate/{connectionName} | Yes | Yes | No | No | No | Yes | Yes | No | No | Yes | Yes | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/connections/transformation | No | Yes | No | No | No | No | Yes | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| PUT /api/rest/v2/connections/transformation | No | Yes | No | No | No | No | Yes | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/connections/transformations | No | Yes | No | No | No | No | Yes | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| PUT /api/rest/v2/connections/transformations | No | Yes | No | No | No | No | Yes | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/groups | Yes | Yes | Yes | Yes | No | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | Yes | Yes |
| POST /api/rest/v2/groups | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | Yes |
| PUT /api/rest/v2/groups | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | Yes |
| GET /api/rest/v2/groups/.filter | Yes | Yes | Yes | Yes | No | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | Yes | Yes |
| DELETE /api/rest/v2/groups/{groupName} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | Yes |
| GET /api/rest/v2/groups/{groupName} | Yes | Yes | Yes | Yes | No | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | Yes | Yes |
| DELETE /api/rest/v2/groups/many | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | Yes |
| GET /api/rest/v2/organizations | Yes | Yes | Yes | Yes | No | Yes | Yes | No | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No | No | Yes | Yes |
| POST /api/rest/v2/organizations | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No |
| PUT /api/rest/v2/organizations | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No |
| GET /api/rest/v2/organizations/.filter | Yes | Yes | Yes | Yes | No | Yes | Yes | No | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No | No | Yes | Yes |
| DELETE /api/rest/v2/organizations/{organizationName} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No |
| GET /api/rest/v2/organizations/{organizationName} | Yes | Yes | Yes | Yes | No | Yes | Yes | No | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No | No | Yes | Yes |
| GET /api/rest/v2/organizations/{organizationName}/childs | Yes | Yes | Yes | Yes | No | Yes | Yes | No | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No | No | Yes | Yes |
| DELETE /api/rest/v2/organizations/many | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No |
| GET /api/rest/v2/systemsetup | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No |
| PUT /api/rest/v2/systemsetup | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/systemsetup/cleanupsession | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/systemsetup/license | Yes | Yes | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/transformations | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No |
| PUT /api/rest/v2/transformations | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/transformations/.filter | Yes | Yes | No | No | No | Yes | Yes | No | No | Yes | Yes | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/transformations/{claimTransformationName} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/transformations/{claimTransformationName} | Yes | Yes | No | No | No | Yes | Yes | No | No | Yes | Yes | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/transformations/excludeIdentifyClaimOptions | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No |
| PUT /api/rest/v2/transformations/excludeIdentifyClaimOptions | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/transformations/excludePassthroughClaimOptions | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No |
| PUT /api/rest/v2/transformations/excludePassthroughClaimOptions | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/transformations/testscript | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/users | No | No | Yes | Yes | No | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/users | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| PUT /api/rest/v2/users | No | No | No | Yes | No | No | No | No | No | Yes | No | Yes(*) | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/users/.filter | No | No | Yes | Yes | No | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/users/.batch | No | No | No | Yes(**) | No | No | No | No | No | Yes(**) | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/users/.batch | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| PUT /api/rest/v2/users/.batch | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| PUT /api/rest/v2/users/.batchStatus | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/users/.search | No | No | Yes | Yes | No | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/users/{userId} | No | No | No | Yes(**) | No | No | No | No | No | Yes(**) | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/users/{userId} | Yes(*) | Yes(*) | Yes | Yes | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes | Yes | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) |
| PATCH /api/rest/v2/users/{userId} | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/users/refreshtoken | No | No | No | No | No | No | No | No | No | Yes(*) | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/users/refreshtoken | No | No | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/users/authenticators | Yes(*) | Yes(*) | Yes | Yes | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes | Yes | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) |
| DELETE /api/rest/v2/users/authenticators | No | No | No | Yes | No | No | No | No | No | Yes | No | Yes(*) | No | No | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/users/resetauthenticator | No | No | No | Yes | No | No | No | No | No | Yes | No | Yes(*) | No | No | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/users/onboardauthenticator | No | No | No | Yes | No | No | No | No | No | Yes | No | Yes(*) | No | No | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/users/consent | No | No | No | Yes | No | No | No | No | No | Yes | No | Yes(*) | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/users/consent | Yes(*) | Yes(*) | Yes | Yes | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes | Yes | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) | Yes(*) |
| DELETE /api/rest/v2/users/resetwebauthn | No | No | No | Yes | No | No | No | No | No | Yes | No | Yes(*) | No | No | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/users/resetdeviceauthentication | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/lockedusers | No | No | Yes | Yes | No | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No |
| PATCH /api/rest/v2/lockedusers | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| get(itself) /api/rest/v2/users/myprofile | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| GET /api/rest/v2/attributeservices | Yes | Yes | No | No | No | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/attributeservices | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| PUT /api/rest/v2/attributeservices | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/attributeservices/.filter | Yes | Yes | No | No | No | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/attributeservices/{attributeServiceName} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/attributeservices/{attributeServiceName} | Yes | Yes | No | No | No | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/messagequeues | Yes | Yes | No | No | No | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/messagequeues | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| PUT /api/rest/v2/messagequeues | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/messagequeues/.filter | Yes | Yes | No | No | No | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/messagequeues/{displayName} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/messagequeues/{displayName} | Yes | Yes | No | No | No | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/customcontents/{name} | No | Yes | No | No | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/customcontents/{name} | Yes | Yes | No | No | No | No | No | Yes | Yes | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No |
| PUT /api/rest/v2/customcontents | No | Yes | No | No | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/sharedconfigurablesettings | Yes | Yes | No | No | Yes | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/sharedconfigurablesettings | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| PUT /api/rest/v2/sharedconfigurablesettings | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/sharedconfigurablesettings/{settingName} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/sharedconfigurablesettings/{settingName} | Yes | Yes | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| PATCH /api/rest/v2/sharedconfigurablesettings/{settingName} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/sharedconfigurablesettings/resourcekey/{resourceKey} | Yes | Yes | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/claimsets | Yes | Yes | No | No | No | Yes | Yes | No | No | Yes | Yes | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/claimsets | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No |
| PUT /api/rest/v2/claimsets | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/claimsets/{claimSetName} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/claimsets/{claimSetName} | Yes | Yes | No | No | No | Yes | Yes | No | No | Yes | Yes | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/claimsets/{id} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/claimsets/{id} | Yes | Yes | No | No | No | Yes | Yes | No | No | Yes | Yes | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/claimsets/.filter | Yes | Yes | No | No | No | Yes | Yes | No | No | Yes | Yes | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/userselfservice/{userId}/resetpassword | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/userselfservice/{userId}/offboard | No | No | No | Yes | No | No | No | No | No | Yes | No | Yes(*) | No | No | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/communication/{userId}/{emailTemplateName} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | Yes | No | No | No | No |
| POST /api/rest/v2/communication/{userId}/customizedEmailTemplateAndEmailServer | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | Yes | No | No | No | No |
| POST /api/rest/v2/communication/{phoneNumber}/customizedSmsGateway | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | Yes | No | No | No | No |
| POST /api/rest/v2/communication/{phoneNumber}/customizedSmsMessage | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | Yes | No | No | No | No |
| GET /api/rest/v2/emailconfiguration/emailservers | Yes | Yes | No | No | No | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | Yes | Yes | No | No | No | No |
| POST /api/rest/v2/emailconfiguration/emailservers | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | Yes | No | No | No | No |
| PUT /api/rest/v2/emailconfiguration/emailservers | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | Yes | No | No | No | No |
| DELETE /api/rest/v2/emailconfiguration/emailservers/{emailServerName} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | Yes | No | No | No | No |
| GET /api/rest/v2/emailconfiguration/emailtemplates | Yes | Yes | No | No | No | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | Yes | Yes | No | No | No | No |
| POST /api/rest/v2/emailconfiguration/emailtemplates | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | Yes | No | No | No | No |
| PUT /api/rest/v2/emailconfiguration/emailtemplates | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | Yes | No | No | No | No |
| GET /api/rest/v2/smsconfiguration/smsgateway | Yes | Yes | No | No | No | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | Yes | Yes | No | No | No | No |
| POST /api/rest/v2/smsconfiguration/smsgateway | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | Yes | No | No | No | No |
| PUT /api/rest/v2/smsconfiguration/smsgateway | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | Yes | No | No | No | No |
| DELETE /api/rest/v2/smsconfiguration/smsgateway/{name} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | Yes | No | No | No | No |
| GET /api/rest/v2/smsconfiguration/smstemplate | Yes | Yes | No | No | No | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | Yes | Yes | No | No | No | No |
| POST /api/rest/v2/smsconfiguration/smstemplate | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | Yes | No | No | No | No |
| PUT /api/rest/v2/smsconfiguration/smstemplate | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | Yes | No | No | No | No |
| DELETE /api/rest/v2/smsconfiguration/smstemplate/{smsTemplateName} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | Yes | No | No | No | No |
| GET /api/rest/v2/authenticationcontextmethodclass | Yes | Yes | No | No | Yes | Yes | Yes | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/authenticationcontextmethodclass | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| PUT /api/rest/v2/authenticationcontextmethodclass | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/authenticationcontextmethodclass/{methodClass} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/authenticationcontextmethodclass/{methodClass} | Yes | Yes | No | No | Yes | Yes | Yes | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/correlationerror/{correlationId} | No | No | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/correlationerror/{correlationId} | No | No | No | No | Yes | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/correlationerror/.search | No | No | No | No | Yes | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/localization/text | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/localization/text/{container}/{key} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/localization/text/bulkinsert | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/localization/container | Yes | Yes | No | No | Yes | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/localization/container | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/localization/container/{container} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/localization/container/{container} | Yes | Yes | No | No | Yes | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/localization/container/import | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/ldapattributedefinitions | Yes | Yes | No | No | Yes | Yes | Yes | No | No | Yes | Yes | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/ldapattributedefinitions | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| PUT /api/rest/v2/ldapattributedefinitions | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/ldapattributedefinitions/{ldapAttributeName} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/ldapattributedefinitions/{ldapAttributeName} | Yes | Yes | No | No | Yes | Yes | Yes | No | No | Yes | Yes | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/ldapwebservices | Yes | Yes | No | No | Yes | Yes | Yes | No | No | Yes | Yes | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/ldapwebservices | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| PUT /api/rest/v2/ldapwebservices | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/ldapwebservices/pingserviceconnection | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/ldapwebservices/{ldapWebServiceName} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/ldapwebservices/{ldapWebServiceName} | Yes | Yes | No | No | Yes | Yes | Yes | No | No | Yes | Yes | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/auditusercreated | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/audituserupdated | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/audituserrequest | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/auditclaimdefinition | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/audituserclaim | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/auditclaimtransformation | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/auditorganization | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/auditincomingassertion | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/auditclaimsissuance | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/auditauthenticationconnection | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/auditoauthaccesstoken | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/auditclaimset | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/auditmassupdateuserclaimvalue | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/auditprotocolconnection | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/auditauthenticationcontextmethodclass | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/auditadminsiteauthentication | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/auditgroup | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/auditidentityproviderconfiguration | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/auditldapattributedefinition | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/auditcorrelationerror | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/auditpersistentpseudonym | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/auditattributeserviceconnection | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/auditapprovedconsent | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/auditlogs/auditdeletedresource | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/systemlogs | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/systemlogs/export | No | No | No | No | Yes | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
| GET /api/rest/v2/scriptlibraries | Yes | Yes | No | No | No | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | Yes | Yes | No | No |
| POST /api/rest/v2/scriptlibraries | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | Yes | No | No |
| PUT /api/rest/v2/scriptlibraries | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | Yes | No | No |
| DELETE /api/rest/v2/scriptlibraries/{scriptName} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | Yes | No | No |
| GET /api/rest/v2/scriptlibraries/{scriptName} | Yes | Yes | No | No | No | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | Yes | Yes | No | No |
| GET /api/rest/v2/uniquefreeuserclaimvalues | Yes | Yes | No | No | No | No | No | No | No | Yes | Yes | No | No | No | Yes | Yes | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/uniquefreeuserclaimvalues/{claimType} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No |
| POST /api/rest/v2/uniquefreeuserclaimvalues/{claimType} | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No |
| DELETE /api/rest/v2/uniquefreeuserclaimvalues | No | Yes | No | No | No | No | No | No | No | Yes | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No |
Handling unauthorized requests
If a user attempts to access an endpoint that requires any of the mentioned privileges and he lacks the necessary privilege, the enpoint will respond with a 403 Forbidden status code. The user will receive an error message indicating the reason for the denial of access.
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error"
],
"status": "403",
"scimType": null,
"detail": "Your account lacks the necessary privileges to perform the request. RequestId: ec82ab95-f18c-4ff1-a95c-68f4337f4606."
}