Table of contents
Access Control
Download API definition:
GET https://api.bentley.com/accesscontrol/itwins/{id}/roles

Retrieves a list of available user roles that are defined for a specified iTwin.

Authentication

Requires Authorization header with valid Bearer token for scope itwin-platform.

For more documentation on authorization and how to get access token visit OAUTH2 Authorization page.

Authorization

User must have the administration_manage_roles permission assigned at the iTwin level or be an Organization Administrator for the Organization that owns a given iTwin.

An Organization Administrator must have at least one of the following roles assigned in User Management: Account Administrator, Co-Administrator, or CONNECT Services Administrator. For more information about User Management please visit our Bentley Communities Licensing, Cloud, and Web Services wiki page.

Request parameters

Name
Required?
Description
id
Yes

The iTwin ID

Request headers

Name
Required?
Description
Authorization
Yes

OAuth access token with itwin-platform scope

Accept
No

Setting to application/vnd.bentley.itwin-platform.v2+json is recommended.

Response 200 OK

OK

json
{
    "roles": [{
            "id": "752b5a3d-b9f2-4845-824a-99dd310b4898",
            "displayName": "iTwin Reader",
            "description": "iTwin Reader description",
            "permissions": [
                "read"
            ]
        },
        {
            "id": "ce5399cc-088c-4c48-9f7b-0bff2d72fc25",
            "displayName": "iTwin Contributor",
            "description": "iTwin Contributor description",
            "permissions": [
                "read",
                "write"
            ]
        }
    ]
}

Response 401 Unauthorized

This response indicates that request lacks valid authentication credentials. Access token might not been provided, issued by the wrong issuer, does not have required scopes or request headers were malformed.

json
{
    "error": {
        "code": "HeaderNotFound",
        "message": "Header Authorization was not found in the request. Access denied."
    }
}

Response 403 Forbidden

The user has insufficient permissions for the requested operation.

json
{
    "error": {
        "code": "InsufficientPermissions",
        "message": "The user has insufficient permissions for the requested operation."
    }
}

Response 404 Not Found

This response indicates that iTwin with specified ID was not found.

json
{
    "error": {
        "code": "ItwinNotFound",
        "message": "Requested iTwin is not available."
    }
}

Response 429 Too many requests

This response indicates that the user has sent too many requests in a given amount of time.

json
{
    "error": {
        "code": "TooManyRequests",
        "message": "More requests were received than the subscription rate-limit allows."
    }
}

Response headers

Name
Description
retry-after

The number of requests exceeds the rate-limit for the client subscription.

Role

Name
Type
Description
id
String

The role id.

displayName
String

The display name of your Role.

description
String

A description of your Role.

permissions
String[]

List of permissions assigned to the role.

RolesResponse

Name
Type
Description
roles

List of roles.

Error

Contains error information.

Name
Type
Description
code
String

One of a server-defined set of error codes.

message
String

A human-readable representation of the error.

target
String, null

The target of the error.

Error Response

Gives details for an error that occurred while handling the request. Note that clients MUST NOT assume that every failed request will produce an object of this schema, or that all of the properties in the response will be non-null, as the error may have prevented this response from being constructed.

Name
Type
Description
error

Error information.