12 Jun 2019

Changes on Data Management for BIM 360 Docs permissions

BIM 360 Document Manager will introduce a new permission: View without download. This affects applications downloading files from BIM 360 Hubs with Data Management API.

As of today, if the user in the given access token (3LO access token or a 2LO access token + the impersonated user) has the “View Only” permission on a folder assigned through BIM Docs UI, it was assumed that the user also had permission to download the files in that folder (using storage url).

With this change, if the user is assigned “View Only” permission using the new permission model through BIM 360 Document Manager, the user will have permission to view a version (e.g. using Viewer), but will not be able to download the original file (e.g. Revit file).

How should an application adjust for this change?

  • Check permissions command: use this endpoint to check if the user has the required permissions on the folder(s), in this case, “download”.
  • Storage URL: the relationships.storage.meta.link.href attribute will return 403 if the access token has no permission to download the file.

Additional information for an existing consumer of Check Permission API:

  • “View” permission check from the user will return permission: true for users who have permission to view the file (with or without download permission).
  • "Read" permission check from the user will return permission: true for users who have permission to view and download the file, so it will return permission: false response if users have “View Only” or “Upload Only” permission.

Related Article

Posted By

Augusto Goncalves

Developer Advocate at Autodesk since 2008, working with both desktop and web/cloud apps using top technologies, like C#, JavaScript, NodeJS and any other that can solve problems and improve workflows. See my samples on Github and follow me on Twitter for updates.