Permissions API Code Samples

Selection of code samples that demonstrate the use of the Permissions API. Copy and edit these code samples to suit your needs.

When using the code samples, remember to replace:

  • {vanity_name} with your tenant name
  • {api_key} with your API key
  • {security_token} with a valid security token

These code samples may not include all available parameters and request body fields for each endpoint. For the endpoint's full request schema, see "Permissions" in API Reference.

Note: Permissions are versioned in Visier, meaning any permission changes through the API cause a project to publish to production with your changes. We recommend that you make permission changes sequentially and in bulk; for example, wait until your create call is successful before trying to update a permission. You can make up to 1000 definitions (create, update, delete) per API call.

Retrieve a list of all permission capabilities

Use this sample request to retrieve all the existing permission capabilities in your tenant. You can use the returned capabilities in other API calls such as Update permissions and Create permissions.

Copy
cURL sample request: Retrieve a list of all permission capabilities
curl -X GET --url 'https://{vanity_name}.api.visier.io/v1/admin/capabilities?tenantCode=WFF_j1r' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'

The response returns details about each permission capability in your tenant.

Retrieve a permission capability's details

Use this sample request to retrieve the details of a specific capability.

Copy
cURL sample request: Retrieve the details of capability AccessAltSite
curl -X GET --url 'https://{vanity_name}.api.visier.io/v1/admin/capabilities/AccessAltSite?tenantCode=WFF_v7r' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'

The response returns details about the specified capability.

Retrieve a list of all content packages

Use this sample request to retrieve all the existing content packages in your tenant. You can use the returned content packages in other API calls such as Update permissions and Create permissions.

Copy
cURL sample request: Retrieve all content packages
curl -X GET --url 'https://{vanity_name}.api.visier.io/v1/admin/content-packages?tenantCode=WFF_v7r' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'

The response returns details about the content packages.

Retrieve a content package's details

Use this sample request to retrieve the details of a specific content package.

Copy
cURL sample request: Retrieve the details of content package Visier_All_Content
curl -X GET --url 'https://{vanity_name}.api.visier.io/v1/admin/content-packages/Visier_All_Content?tenantCode=WFF_v7r' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'

The response returns details about the specified content package.

Retrieve a list of data security objects

Use this sample request to retrieve all the data security objects in your tenant. Data security objects are analytic objects and their related objects that are available to define permissions' data security profiles.

Copy
cURL sample request: Retrieve all data security objects
curl -X GET --url 'https://{vanity_name}.api.visier.io/v1/admin/data-security-objects?includeDetails=true&tenantCode=WFF_v7r' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'

The response returns details about the data security objects.

Retrieve a list of all permissions

Use this sample request to retrieve all the permissions in your tenant.

Copy
cURL sample request: Retrieve all permissions in the default tenant
curl -X GET --url 'https://{vanity_name}.api.visier.io/v1/admin/permissions?tenantCode=WFF_v7r' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'

The response returns details about the permissions.

Retrieve a permission's details

Use this sample request to retrieve the details of a specified permission.

Copy
cURL sample request: Retrieve the details of permission b066fdf7-426b-43b3-a55a-7e5239467409
curl -X GET --url 'https://{vanity_name}.api.visier.io/v1/admin/permissions/b066fdf7-426b-43b3-a55a-7e5239467409?tenantCode=WFF_v7r' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'

To retrieve the details of a permission in a project that hasn't been published to production, use the ProjectID request header, as shown in the following sample.

Copy
cURL sample request: Retrieve a permission in a project
curl -X GET --url 'https://{vanity_name}.api.visier.io/v1/admin/permissions/b066fdf7-426b-43b3-a55a-7e5239467409' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'
-H 'ProjectID:a1a02d74-2c54-40fd-b171-ec7d9a4c0952'

The response returns information about the specified permission.

Use this sample request to retrieve the details and status of a particular permission.

Copy
cURL sample request: Retrieve the details of permission b066fdf7-426b-43b3-a55a-7e5239467409
curl -X GET --url 'https://{vanity_name}.api.visier.io/v1/admin/permissions/b066fdf7-426b-43b3-a55a-7e5239467409?includeDetailsWithStatus=true' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'

The response returns information about the specified permission, including the status for each property's data access and each population access filter. This response says:

  • The permission has a Valid status for EmployeeID (data access is assigned in the permission, data is available in Visier, and the property exists in Visier).
  • The permission has a NotFound status for New_Employee_Property (data access is assigned in the permission but the property doesn't exist in Visier). This means you need to create the property in Visier and map your new data column to the property.
  • The permission has a NotFound status for New_Dimension and New_Dimension_Member (data access is assigned in the permission but the dimension and dimension member don't exist in Visier). This means you need to create the dimension in Visier and map your new data column to the dimension.

Update permissions

Use this sample request to update one or more permissions in your tenant.

Caution: In PUT (update) API calls, the request body replaces the target resource. When updating a permission, the PUT request body must contain all data security objects, capabilities, and content packages applicable to the permission.

Copy
cURL sample request: Update permission b066fdf7-426b-43b3-a55a-7e5239467409
curl -X PUT --url 'https://{vanity_name}.api.visier.io/v1/admin/permissions?tenantCode=WFF_v7r'' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'
-d -d '{
    "permissions": [
        {
            "permissionId": "b066fdf7-426b-43b3-a55a-7e5239467409",
            "displayName": "Permission ABC",
            "description": "Detailed access to ABC module",
            "dataSecurityProfiles": [
                {
                    "analyticObjectId": "Employee",
                    "propertySetConfig": {
                        "propertyAccessConfigs": [
                            {
                                "propertyId": "EmployeeID",
                                "analyticObjectId": "Employee",
                                "accessLevel": "Detailed"
                            },
                            {
                                "propertyId": "Birth_Date",
                                "analyticObjectId": "Employee",
                                "accessLevel": "Aggregate"
                            },
                            {
                                "propertyId": "Career_Level",
                                "analyticObjectId": "Employee",
                                "accessLevel": "Detailed"
                            },
                            {
                                "propertyId": "Contract_Type",
                                "analyticObjectId": "Employee",
                                "accessLevel": "Detailed"
                            }
                        ]
                    },
                    "allDataPointAccess": true
                }
            ],
            "adminCapabilityConfig": {
                "capabilities": [
                    "AdHocAnalysis",
                    "AuthorDataConnectors",
                    "ExportExcel"
                ]
            },
            "roleModulesConfig": {
                "contentPackageIds": [
                    "Visier_All_Content"
                ]
            }
        }
    ]
}'

The response returns the results of the API call.

Create permissions

This endpoint supports the ProjectID request header to make changes in a project. For more information, see Projects API. Use the following sample request to create permissions in a project. If you omit the ProjectID request header, the request is immediately published to your production version.

Copy
cURL sample request: Create permissions in a project
curl -X POST --url 'https://{vanity_name}.api.visier.io/v1/admin/permissions' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'
-H 'ProjectID:a1a02d74-2c54-40fd-b171-ec7d9a4c0952'
-d '{
    "permissions": [
      {
        "displayName": "Sample Permission 1",
        "dataSecurityProfiles": [
          {
            "analyticObjectId": "Employee",
            "propertySetConfig": {
              "propertyAccessConfigs": [
                {
                  "propertyId": "EmployeeID",
                  "analyticObjectId": "Employee",
                  "accessLevel": "Detailed"
                },
                {
                  "propertyId": "Birth_Date",
                  "analyticObjectId": "Employee",
                  "accessLevel": "Aggregate"
                }
              ]
            },
            "allDataPointAccess": true
          }
        ],
        "adminCapabilityConfig": {
          "capabilities": [
            "AdHocAnalysis"
          ]
        },
        "roleModulesConfig": {
          "contentPackageIds": [
            "Visier_All_Content"
          ]
        }
      },
      {
        "displayName": "Sample Permission 2",
        "adminCapabilityConfig": {
          "capabilities": [
            "AuthorDataConnectors"
          ]
        }
      }
    ]
}'

Use this sample request to create one or more permissions. Because ProjectID isn't defined in the request header, the new permissions are published to production immediately.

Copy
cURL sample request: Create new permissions Permission ABC and Permission XXX
curl -X POST --url 'https://{vanity_name}.api.visier.io/v1/admin/permissions?tenantCode=WFF_v7r' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'
-d '{
    "permissions": [
        {
            "displayName": "Permission ABC",
            "dataSecurityProfiles": [
                {
                    "analyticObjectId": "Employee",
                    "propertySetConfig": {
                        "propertyAccessConfigs": [
                            {
                                "propertyId": "EmployeeID",
                                "analyticObjectId": "Employee",
                                "accessLevel": "Detailed"
                            },
                            {
                                "propertyId": "Birth_Date",
                                "analyticObjectId": "Employee",
                                "accessLevel": "Aggregate"
                            },
                            {
                                "propertyId": "Career_Level",
                                "analyticObjectId": "Employee",
                                "accessLevel": "Detailed"
                            },
                            {
                                "propertyId": "Contract_Type",
                                "analyticObjectId": "Employee",
                                "accessLevel": "Detailed"
                            }
                        ]
                    },
                    "allDataPointAccess": true
                }
            ],
            "adminCapabilityConfig": {
                "capabilities": [
                    "AdHocAnalysis",
                    "AuthorDataConnectors",
                    "ExportExcel"
                ]
            },
            "roleModulesConfig": {
                "contentPackageIds": [
                    "Visier_All_Content"
                ]
            }
        },
        {
            "displayName": "Permission XXX",
            "adminCapabilityConfig": {
                "capabilities": [
                    "AdHocAnalysisXXX"
                ]
            }
        }
    ]
}'

The response returns the results of the API call.

Use this sample request to create a permission that assigns data access for a property and dimension that don't exist yet in Visier. This request also shows assigning data access to an analytic object that doesn't exist yet. In the response, you'll see that the property and dimension are successful, but the analytic object fails. This is because the API requires that the analytic object exists and has data in Visier before assigning data access and population access in a permission. To assign access to analytic objects that aren't in Visier yet, contact your Customer Success Manager.

Copy
cURL sample request: Create new permissions Permissions for New Data Columns and Permission for Employee and New Analytic Object
curl -X POST --url 'https://{vanity_name}.api.visier.io/v1/admin/permissions?tenantCode=WFF_v7r' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'
-d '{
    "permissions": [
    {
      "permissionId": "",
      "displayName": "Permission for New Data Columns",
      "description": "",
      "dataSecurityProfiles": [
        {
          "analyticObjectId": "Employee",
          "propertySetConfig": {
            "propertyAccessConfigs": [
              {
                "propertyId": "EmployeeID",
                "analyticObjectId": "Employee",
                "accessLevel": "Detailed"
              },
              {
                "propertyId": "New_Employee_Property",
                "analyticObjectId": "Employee",
                "accessLevel": "Detailed"
              }
            ]
          },
          "allDataPointAccess": false,
          "memberFilterConfigs": [
            {
              "dimensionFilters": [
                {
                  "staticDimensionFilter": {
                    "dimensionId": "New_Dimension",
                    "memberSelections": [
                      {
                        "namePath": [
                          "New_Dimension_Member"
                        ]
                      }
                    ]
                  }
                }
              ]
            }
          ]
        }
      ],
      "adminCapabilityConfig": {
        "allCapabilitiesAccess": true
      },
      "roleModulesConfig": {
        "contentPackageIds": [
          "Visier_All_Content"
        ]
      }
    },
    {
      "permissionId": "",
      "displayName": "Permission for Employeee and New Analytic Object",
      "description": "",
      "dataSecurityProfiles": [
        {
          "analyticObjectId": "Employee",
          "propertySetConfig": {
            "propertyAccessConfigs": [
              {
                "propertyId": "EmployeeID",
                "analyticObjectId": "Employee",
                "accessLevel": "Detailed"
              },
              {
                "propertyId": "New_Property",
                "analyticObjectId": "New_Analytic_Object",
                "accessLevel": "Detailed"
              }
            ]
          },
          "allDataPointAccess": true
        }
      ],
      "adminCapabilityConfig": {
        "allCapabilitiesAccess": true
      },
      "roleModulesConfig": {
        "contentPackageIds": [
          "Visier_All_Content"
        ]
      }
    }
  ]
}'

The response returns the results of the API call. This response says that Permission for New Data Columns was created successfully but Permission for Employee and New Analytic Object wasn't created.

Delete permissions

Use this sample request to delete permissions from your tenant.

Note: If the permission is assigned to any users or user groups, deleting the permission removes it from their security context. We recommend reviewing permission assignments before deleting it to ensure your users will have the correct capabilities, access to content, and data security after you delete the permission.

Copy
cURL sample request: Delete permissions
curl -X DELETE --url 'https://{vanity_name}.api.visier.io/v1/admin/permissions?tenantCode=WFF_v7r' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'
-d '{
    "permissionIds": [
        "b066fdf7-426b-43b3-a55a-7e5239467409"
    ]
}'

The response returns the results of the API call.