Manage Organization Permissions
The MANAGE
Organization permission gives the access to actions and resources across the entire GoodData deployment. This permission should be reserved for administrators.
Supported Permissions
The following permissions are applicable to the organization
object:
MANAGE
User has access to any protected action or resource.
SELF_CREATE_TOKEN
User can create their own API access tokens. Users without this permission can still delete any of their pre-existing API tokens. Note that to create API access tokens for other users, you still need the
MANAGE
permission.
Permissions limit who can create new tokens, but they do not block the utilization of pre-existing tokens, whether generated by an admin for the user (if applicable) or older tokens (e.g., if the user previously had the permission, which was subsequently revoked).
Set Permissions For an Organization
Permissions for an organization are set using the /api/v1/layout/organization
declarative API endpoint. Note that you need the Organization.MANAGE
permission to change the organization
layout.
Note that there always has to be at least one user with MANAGE
permission in an organization. API calls that would result in an organization having no users with MANAGE
permission are not valid.
Steps:
Make the following API call to fetch an up-to-date
json
definition of your organization layout:curl -H "Authorization: Bearer $API_TOKEN" \ -H "Content-Type: application/json" \ -X GET \ $HOST_URL/api/v1/layout/organization
In the organization layout
json
file, update thepermissions
definition:{ "organization": { ..., "permissions": [ { "assignee": { "id": "<user_id_or_user_group_id>", "type": "<user_or_userGroup>" }, "name": "MANAGE" } ] } }
Update the organization using your updated
json
in the following API call:curl -H "Authorization: Bearer $API_TOKEN" \ -H "Content-Type: application/json" \ -X PUT \ $HOST_URL/api/v1/layout/organization -d @<your_updated_organization_layout>.json