Retrieve a User’s Folder Permissions
This tutorial demonstrates how to retrieve a user’s permissions for a folder in BIM 360 Document Management.
The complete list of the user’s permissions for the folder is the aggregate of the user’s individual permissions combined with the permissions of the company that was assigned to the user (if that company was also assigned to the folder), and the permissions of any roles that were assigned to the user (if those roles were also assigned to the folder).
The tutorial steps include retrieving the user’s permissions for the folder, retrieving the roles and companies that were assigned to the folder, and retrieving the company and roles that were assigned to the user.
For more infomation about folder permissions, see the Help documentation.
Before You Begin
- Register an app.
- Provision your app to acquire access to your BIM 360 account to both BIM 360 Account Administration and Document Management.
- Acquire a 3-legged OAuth token or a 2-legged OAuth token with
account:read
anddata:create
scopes. - Find the project ID and folder ID of the folder that you want to find the user’s permissions for, by following the initial steps of the Upload Files tutorial.
Step 1: Retrieve Folder Permissions
Call Get permissions using the project ID and folder ID to get all permissions for the folder, including the user’s individual permissions, and the permissions of the comapanies and roles that were assigned to the folder.
curl -X GET \
https://developer.api.autodesk.com/bim360/docs/v1/projects/5a9ac886-0441-44da-a64a-bbea5b1e2ba3/folders/urn%3Aadsk.wipprod%3Afs.folder%3Aco.hGZHbcx2QHufgVMs_IDFlg/permissions \
-H 'Authorization: Bearer nFRJxzCD8OOUr7hzBwbr06D76zAT' \
[
{
"subjectId": "12ea2c20-1fde-43ad-b4ec-6d4c4ca84994",
"autodeskId": "WDF5NJDPVJUV",
"name": "Tom",
"email": "tom@autodesk.com",
"userType": "PROJECT_MEMBER",
"subjectStatus": "ACTIVE",
"subjectType": "USER",
"actions": [
"VIEW",
"DOWNLOAD",
"COLLABORATE"
],
"inheritActions": [
"VIEW",
"COLLABORATE"
]
},
{
"subjectId": "7cd13d3a-1b53-4747-b332-2252d2d19808",
"autodeskId": "28658742",
"name": "Architect",
"subjectStatus": "ACTIVE",
"subjectType": "ROLE",
"actions": [],
"inheritActions": [
"PUBLISH"
]
}
]
Find the relevant user, and note the user’s individual permissions (actions
and inheritActions
). See the documentation for information about how to convert the actions into BIM 360 permission levels. Also note the user’s subjectId
(12ea2c20-1fde-43ad-b4ec-6d4c4ca84994
) for the next step.
The complete list of the user’s permissions is the aggregate of the user’s individual permissions combined with the permissions of the company (subjectType
) that was assigned to the user (if that company was also assigned to the folder), and the permissions of any roles (subjectType
) that were assigned to the user (if those roles were also assigned to the folder).
Note also the subjectId
that corresponds to each role and company (subjectType
). In the next step, you need to check whether any of the companies or roles (subjectId
) were also assigned to the user.
Step 2: Retrieve the Company and Roles Assigned to the User
Call GET projects/users/:id using the user’s ID that you retrieved from the previous step ("subjectId": "12ea2c20-1fde-43ad-b4ec-6d4c4ca84994"
), and the project ID to get information about the company and roles that were assigned to the user.
curl -X GET -H "Authorization: Bearer nFRJxzCD8OOUr7hzBwbr06D76zAT" "https://developer.api.autodesk.com/bim360/admin/v1/projects/5a9ac886-0441-44da-a64a-bbea5b1e2ba3/users/12ea2c20-1fde-43ad-b4ec-6d4c4ca84994"
{
"id": "12ea2c20-1fde-43ad-b4ec-6d4c4ca84994",
"email": "tom@autodesk.com",
"name": "Tom",
"autodeskId": "WDF5NJDPVJUV",
"companyId": "572c7a25-bf4b-4f21-bbe5-ff4a806be56e",
"roleIds": [
"7cd13d3a-1b53-4747-b332-2252d2d19808"
],
"services": [
{
"serviceName": "documentManagement",
"access": "member"
}
],
"accessLevels": {
"accountAdmin": true,
"projectAdmin": true,
"executive": false
}
}
In this step you need to do the following:
- Note whether a company (
results.companyId
) is assigned to the user. - Check whether any
subjectType
s in the previous step are companies (COMPANY
), and whether thesubjectId
of any of the companies matchresults.companyId
. - Note whether any roles (
results.roleIds
) are assigned to the user. - Check whether any
subjectType
s in the previous step are roles (ROLE
), and whether thesubjectId
of any of the roles matchresults.roleId
.
In this example, the user was assigned a company, however, in the previous step there is no subjectType
with a value of COMPANY
, which means that no company has been assigned to the folder. The user was assigned a role ("roleIds": ["7cd13d3a-1b53-4747-b332-2252d2d19808"]
), and in the previous step there is a subjectType
with a value of ROLE
. The subjectId
of the role matches the roleIds
, which means that the role (Architect) has been assigned to both the user and the folder. We can therefore conclude that the user had been assigned permissions associated with that role - PUBLISH
.
The complete list of the user’s permissions for the folder is, VIEW
, DOWNLOAD
, COLLABORATE
, PUBLISH
.