Permissions API Code Samples
Selection of code samples that demonstrate the use of the Permissions API. Copy and edit these code samples to suit your needs.
When using the code samples, remember to replace:
- {vanity_name} with your tenant name
- {api_key} with your API key
- {security_token} with a valid security token
These code samples may not include all available parameters and request body fields for each endpoint. For the endpoint's full request schema, see "Permissions" in API Reference.
Note: Permissions are versioned in Visier, meaning any permission changes through the API cause a project to publish to production with your changes. We recommend that you make permission changes sequentially and in bulk; for example, wait until your create call is successful before trying to update a permission. You can make up to 1000 definitions (create, update, delete) per API call.
Retrieve a list of all permission capabilities
Use this sample request to retrieve all the existing permission capabilities in your tenant. You can use the returned capabilities in other API calls such as Update permissions and Create permissions.
curl -X GET --url 'https://{vanity_name}.api.visier.io/v1/admin/capabilities?tenantCode=WFF_j1r' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'
The response returns details about each permission capability in your tenant.
{
"capabilities": [
{
"name": "AccessAltSite",
"displayName": "Preview Access",
"description": "Access the Preview release of the application when available. Administrators get access by default."
},
{
"name": "AdHocAnalysis",
"displayName": "Ad Hoc Analysis",
"description": "Access Explore. Perform additional analysis on any metric or chart in the application."
}
]
}
Retrieve a permission capability's details
Use this sample request to retrieve the details of a specific capability.
curl -X GET --url 'https://{vanity_name}.api.visier.io/v1/admin/capabilities/AccessAltSite?tenantCode=WFF_v7r' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'
The response returns details about the specified capability.
{
"name": "AccessAltSite",
"displayName": "Preview Access",
"description": "Access the Preview release of the application when available. Administrators get access by default."
}
Retrieve a list of all content packages
Use this sample request to retrieve all the existing content packages in your tenant. You can use the returned content packages in other API calls such as Update permissions and Create permissions.
curl -X GET --url 'https://{vanity_name}.api.visier.io/v1/admin/content-packages?tenantCode=WFF_v7r' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'
The response returns details about the content packages.
{
"contentPackages": [
{
"contentPackageId": "Visier_All_Content",
"displayName": "Visier - All Content",
"description": "This is a default content package that provides access to content across all solutions, based on a user's security setting."
},
{
"contentPackageId": "1c4c6b6d-7f92-4b73-b0ec-49cb105a7695",
"displayName": "Business User Core Content - Visier Template",
"description": "This package contains the recommended core content that would be shared with a business user as part of rolling out Visier People."
},
{
"contentPackageId": "Usage_Module",
"displayName": "USAGE - All Content",
"description": "Enabled all and any new content for the USAGE solution"
}
]
}
Retrieve a content package's details
Use this sample request to retrieve the details of a specific content package.
curl -X GET --url 'https://{vanity_name}.api.visier.io/v1/admin/content-packages/Visier_All_Content?tenantCode=WFF_v7r' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'
The response returns details about the specified content package.
{
"contentPackageId": "Visier_All_Content",
"displayName": "Visier - All Content",
"description": "This is a default content package that provides access to content across all solutions, based on a user's security setting."
}
Retrieve a list of data security objects
Use this sample request to retrieve all the data security objects in your tenant. Data security objects are analytic objects and their related objects that are available to define permissions' data security profiles.
curl -X GET --url 'https://{vanity_name}.api.visier.io/v1/admin/data-security-objects?includeDetails=true&tenantCode=WFF_v7r' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'
The response returns details about the data security objects.
{
"analyticObjects": [
{
"analyticObjectId": "Employee",
"displayName": "Employee",
"objectType": "Subject",
"relatedObjects": [
{
"analyticObjectId": "Absenteeism",
"displayName": "Absence"
},
{
"analyticObjectId": "Compensation_Payout",
"displayName": "Compensation Payout"
},
{
"analyticObjectId": "Employee_Exit",
"displayName": "Employee Exit"
},
{
"analyticObjectId": "Employment_Start",
"displayName": "Employment Start"
}
],
"securableProperties": [
{
"propertyId": "Absence_Days",
"displayName": "Absence Days",
"analyticObjectId": "Absenteeism"
},
{
"propertyId": "Birth_Date",
"displayName": "Birth Date",
"analyticObjectId": "Employee"
},
{
"propertyId": "Ethnicity",
"displayName": "Ethnicity (US)",
"analyticObjectId": "Employee"
},
{
"propertyId": "Gender",
"displayName": "Gender",
"analyticObjectId": "Employee"
},
{
"propertyId": "Last_Name",
"displayName": "Last Name",
"analyticObjectId": "Employee"
},
{
"propertyId": "Location",
"displayName": "Location",
"analyticObjectId": "Employee"
},
{
"propertyId": "Payout_Amount",
"displayName": "Payout Amount",
"analyticObjectId": "Compensation_Payout"
},
{
"propertyId": "Payout_Type",
"displayName": "Payout Item",
"analyticObjectId": "Compensation_Payout"
},
{
"propertyId": "Termination_Reason",
"displayName": "Employee Exit Reason",
"analyticObjectId": "Employee_Exit"
}
],
"securableDimensions": [
{
"dimensionId": "Absence_Reason",
"displayName": "Absence Reason",
"analyticObjectIds": [
"Absenteeism"
],
"hierarchyProperties": [
{
"hierarchyPropertyId": "Absence_Reason_0",
"displayName": "Absence Reason 0"
},
{
"hierarchyPropertyId": "Absence_Reason_1",
"displayName": "Absence Reason 1"
},
{
"displayName": "Name Property"
}
]
},
{
"dimensionId": "Gender",
"displayName": "Gender",
"analyticObjectIds": [
"Employee"
],
"hierarchyProperties": [
{
"displayName": "Name Property"
}
]
},
{
"dimensionId": "Job_Family",
"displayName": "Job Family",
"analyticObjectIds": [
"Employee"
],
"hierarchyProperties": [
{
"displayName": "Name Property"
}
]
},
{
"dimensionId": "Location",
"displayName": "Location",
"analyticObjectIds": [
"Employee"
],
"hierarchyProperties": [
{
"displayName": "Name Property"
}
]
}
]
}
]
}
Retrieve a list of all permissions
Use this sample request to retrieve all the permissions in your tenant.
curl -X GET --url 'https://{vanity_name}.api.visier.io/v1/admin/permissions?tenantCode=WFF_v7r' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'
The response returns details about the permissions.
{
"permissions": [
{
"permissionId": "ad07a919-187c-4ca7-b20a-9fc11996c6ce",
"displayName": "HR Analytics",
"description": "Detailed access to the workforce analytics module."
},
{
"permissionId": "b066fdf7-426b-43b3-a55a-7e5239467409",
"displayName": "Permission ABC"
},
{
"permissionId": "29f98fd7-bc09-4378-a390-3ba4734cbf33",
"displayName": "Recruiter Sales",
"description": "Recruiters have detailed access to requisitions and applicants that hiring manager is in sales organization. "
}
]
}
Retrieve a permission's details
Use this sample request to retrieve the details of a specified permission.
curl -X GET --url 'https://{vanity_name}.api.visier.io/v1/admin/permissions/b066fdf7-426b-43b3-a55a-7e5239467409?tenantCode=WFF_v7r' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'
To retrieve the details of a permission in a project that hasn't been published to production, use the ProjectID request header, as shown in the following sample.
curl -X GET --url 'https://{vanity_name}.api.visier.io/v1/admin/permissions/b066fdf7-426b-43b3-a55a-7e5239467409' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'
-H 'ProjectID:a1a02d74-2c54-40fd-b171-ec7d9a4c0952'
The response returns information about the specified permission.
{
"permissionId": "b066fdf7-426b-43b3-a55a-7e5239467409",
"displayName": "Permission ABC",
"dataSecurityProfiles": [
{
"analyticObjectId": "Employee",
"propertySetConfig": {
"propertyAccessConfigs": [
{
"propertyId": "EmployeeID",
"analyticObjectId": "Employee",
"accessLevel": "Detailed"
},
{
"propertyId": "Birth_Date",
"analyticObjectId": "Employee",
"accessLevel": "Aggregate"
},
{
"propertyId": "Career_Level",
"analyticObjectId": "Employee",
"accessLevel": "Detailed"
},
{
"propertyId": "Contract_Type",
"analyticObjectId": "Employee",
"accessLevel": "Detailed"
}
]
},
"allDataPointAccess": true
}
],
"adminCapabilityConfig": {
"capabilities": [
"AdHocAnalysis",
"AuthorDataConnectors",
"ExportExcel"
]
},
"roleModulesConfig": {
"contentPackageIds": [
"Visier_All_Content"
]
}
}
Use this sample request to retrieve the details and status of a particular permission.
curl -X GET --url 'https://{vanity_name}.api.visier.io/v1/admin/permissions/b066fdf7-426b-43b3-a55a-7e5239467409?includeDetailsWithStatus=true' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}'
The response returns information about the specified permission, including the status for each property's data access and each population access filter. This response says:
- The permission has a Valid status for EmployeeID (data access is assigned in the permission, data is available in Visier, and the property exists in Visier).
- The permission has a NotFound status for New_Employee_Property (data access is assigned in the permission but the property doesn't exist in Visier). This means you need to create the property in Visier and map your new data column to the property.
- The permission has a NotFound status for New_Dimension and New_Dimension_Member (data access is assigned in the permission but the dimension and dimension member don't exist in Visier). This means you need to create the dimension in Visier and map your new data column to the dimension.
{
"permissionId": "b066fdf7-426b-43b3-a55a-7e5239467409",
"displayName": "Permission for New Data Columns",
"dataSecurityProfiles": [
{
"analyticObjectId": "Employee",
"propertySetConfig": {
"propertyAccessConfigs": [
{
"propertyId": "EmployeeID",
"analyticObjectId": "Employee",
"accessLevel": "Detailed",
"propertyStatus": "Valid"
},
{
"propertyId": "New_Employee_Property",
"analyticObjectId": "Employee",
"accessLevel": "Detailed",
"propertyStatus": "NotFound"
}
]
},
"memberFilterConfigs": [
{
"dimensionFilters": [
{
"staticDimensionFilter": {
"dimensionId": "New_Dimension",
"memberSelections": [
{
"namePath": [
"New_Dimension_Member"
],
"dimensionMemberStatus": "NotFound"
}
],
"dimensionStatus": "NotFound"
}
}
]
}
]
}
],
"adminCapabilityConfig": {
"allCapabilitiesAccess": true
},
"roleModulesConfig": {
"contentPackageIds": [
"Visier_All_Content"
]
}
}
Update permissions
Use this sample request to update one or more permissions in your tenant.
Caution: In PUT (update) API calls, the request body replaces the target resource. When updating a permission, the PUT request body must contain all data security objects, capabilities, and content packages applicable to the permission.
curl -X PUT --url 'https://{vanity_name}.api.visier.io/v1/admin/permissions?tenantCode=WFF_v7r'' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}' \
-d -d '{
"permissions": [
{
"permissionId": "b066fdf7-426b-43b3-a55a-7e5239467409",
"displayName": "Permission ABC",
"description": "Detailed access to ABC module",
"dataSecurityProfiles": [
{
"analyticObjectId": "Employee",
"propertySetConfig": {
"propertyAccessConfigs": [
{
"propertyId": "EmployeeID",
"analyticObjectId": "Employee",
"accessLevel": "Detailed"
},
{
"propertyId": "Birth_Date",
"analyticObjectId": "Employee",
"accessLevel": "Aggregate"
},
{
"propertyId": "Career_Level",
"analyticObjectId": "Employee",
"accessLevel": "Detailed"
},
{
"propertyId": "Contract_Type",
"analyticObjectId": "Employee",
"accessLevel": "Detailed"
}
]
},
"allDataPointAccess": true
}
],
"adminCapabilityConfig": {
"capabilities": [
"AdHocAnalysis",
"AuthorDataConnectors",
"ExportExcel"
]
},
"roleModulesConfig": {
"contentPackageIds": [
"Visier_All_Content"
]
}
}
]
}'
The response returns the results of the API call.
{
"successes": [
{
"permissionId": "b066fdf7-426b-43b3-a55a-7e5239467409",
"displayName": "Permission ABC"
}
]
}
Create permissions
This endpoint supports the ProjectID request header to make changes in a project. For more information, see Projects API. Use the following sample request to create permissions in a project. If you omit the ProjectID request header, the request is immediately published to your production version.
curl -X POST --url 'https://{vanity_name}.api.visier.io/v1/admin/permissions' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}' \
-H 'ProjectID:a1a02d74-2c54-40fd-b171-ec7d9a4c0952'
-d '{
"permissions": [
{
"displayName": "Sample Permission 1",
"dataSecurityProfiles": [
{
"analyticObjectId": "Employee",
"propertySetConfig": {
"propertyAccessConfigs": [
{
"propertyId": "EmployeeID",
"analyticObjectId": "Employee",
"accessLevel": "Detailed"
},
{
"propertyId": "Birth_Date",
"analyticObjectId": "Employee",
"accessLevel": "Aggregate"
}
]
},
"allDataPointAccess": true
}
],
"adminCapabilityConfig": {
"capabilities": [
"AdHocAnalysis"
]
},
"roleModulesConfig": {
"contentPackageIds": [
"Visier_All_Content"
]
}
},
{
"displayName": "Sample Permission 2",
"adminCapabilityConfig": {
"capabilities": [
"AuthorDataConnectors"
]
}
}
]
}'
Use this sample request to create one or more permissions.
curl -X POST --url 'https://{vanity_name}.api.visier.io/v1/admin/permissions?tenantCode=WFF_v7r' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}' \
-d '{
"permissions": [
{
"displayName": "Permission ABC",
"dataSecurityProfiles": [
{
"analyticObjectId": "Employee",
"propertySetConfig": {
"propertyAccessConfigs": [
{
"propertyId": "EmployeeID",
"analyticObjectId": "Employee",
"accessLevel": "Detailed"
},
{
"propertyId": "Birth_Date",
"analyticObjectId": "Employee",
"accessLevel": "Aggregate"
},
{
"propertyId": "Career_Level",
"analyticObjectId": "Employee",
"accessLevel": "Detailed"
},
{
"propertyId": "Contract_Type",
"analyticObjectId": "Employee",
"accessLevel": "Detailed"
}
]
},
"allDataPointAccess": true
}
],
"adminCapabilityConfig": {
"capabilities": [
"AdHocAnalysis",
"AuthorDataConnectors",
"ExportExcel"
]
},
"roleModulesConfig": {
"contentPackageIds": [
"Visier_All_Content"
]
}
},
{
"displayName": "Permission XXX",
"adminCapabilityConfig": {
"capabilities": [
"AdHocAnalysisXXX"
]
}
}
]
}'
The response returns the results of the API call.
{
"successes": [
{
"permissionId": "b066fdf7-426b-43b3-a55a-7e5239467409",
"displayName": "Permission ABC"
}
],
"failures": [
{
"displayName": "Permission XXX",
"error": {
"message": "Bad request: Invalid capability ID [AdHocAnalysisXXX]",
"rci": "RCIY17000016"
}
}
]
}
Use this sample request to create a permission that assigns data access for a property and dimension that don't exist yet in Visier. This request also shows assigning data access to an analytic object that doesn't exist yet. In the response, you'll see that the property and dimension are successful, but the analytic object fails. This is because the API requires that the analytic object exists and has data in Visier before assigning data access and population access in a permission. To assign access to analytic objects that aren't in Visier yet, contact your
curl -X POST --url 'https://{vanity_name}.api.visier.io/v1/admin/permissions?tenantCode=WFF_v7r' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}' \
-d '{
"permissions": [
{
"permissionId": "",
"displayName": "Permission for New Data Columns",
"description": "",
"dataSecurityProfiles": [
{
"analyticObjectId": "Employee",
"propertySetConfig": {
"propertyAccessConfigs": [
{
"propertyId": "EmployeeID",
"analyticObjectId": "Employee",
"accessLevel": "Detailed"
},
{
"propertyId": "New_Employee_Property",
"analyticObjectId": "Employee",
"accessLevel": "Detailed"
}
]
},
"allDataPointAccess": false,
"memberFilterConfigs": [
{
"dimensionFilters": [
{
"staticDimensionFilter": {
"dimensionId": "New_Dimension",
"memberSelections": [
{
"namePath": [
"New_Dimension_Member"
]
}
]
}
}
]
}
]
}
],
"adminCapabilityConfig": {
"allCapabilitiesAccess": true
},
"roleModulesConfig": {
"contentPackageIds": [
"Visier_All_Content"
]
}
},
{
"permissionId": "",
"displayName": "Permission for Employeee and New Analytic Object",
"description": "",
"dataSecurityProfiles": [
{
"analyticObjectId": "Employee",
"propertySetConfig": {
"propertyAccessConfigs": [
{
"propertyId": "EmployeeID",
"analyticObjectId": "Employee",
"accessLevel": "Detailed"
},
{
"propertyId": "New_Property",
"analyticObjectId": "New_Analytic_Object",
"accessLevel": "Detailed"
}
]
},
"allDataPointAccess": true
}
],
"adminCapabilityConfig": {
"allCapabilitiesAccess": true
},
"roleModulesConfig": {
"contentPackageIds": [
"Visier_All_Content"
]
}
}
]
}'
The response returns the results of the API call. This response says that Permission for New Data Columns was created successfully but Permission for Employee and New Analytic Object wasn't created.
{
"successes": [
{
"permissionId": "b066fdf7-426b-43b3-a55a-7e5239467409",
"displayName": "Permission for New Data Columns"
}
],
"failures": [
{
"displayName": "Permission for Employee and New Analytic Object",
"error": {
"message": "Bad request: Invalid analytic object with ID [New_Analytic_Object]",
"rci": "RCIY60200003"
}
}
]
}
Delete permissions
Use this sample request to delete permissions from your tenant.
Note: If the permission is assigned to any users or user groups, deleting the permission removes it from their security context. We recommend reviewing permission assignments before deleting it to ensure your users will have the correct capabilities, access to content, and data security after you delete the permission.
curl -X DELETE --url 'https://{vanity_name}.api.visier.io/v1/admin/permissions?tenantCode=WFF_v7r' \
-H 'apikey:{api_key}' \
-H 'Cookie:VisierASIDToken={security_token}' \
-d '{
"permissionIds": [
"b066fdf7-426b-43b3-a55a-7e5239467409"
]
}'
The response returns the results of the API call.
{
"successes": [
{
"permissionId": "b066fdf7-426b-43b3-a55a-7e5239467409",
"displayName": "Permission ABC"
}
]
}