Get iModel Permissions - iModels

REST API Overview

Reference

iModels

Download API definition:

GET https://api.bentley.com/imodels/{id}/permissions

Retrieves a list of permissions the user has for the specified iModel. iModels permissions may be configured on an iTwin level or an iModel level. iModel level permissions can be configured per role or per user. This operation will return permissions configured for this specific iModel or iTwin permissions if iModel permissions are not configured.

imodels_webview - allows to view iModel in web browser, but does not allow to get its local copy and view in desktop app.

imodels_read - allows to open and view an iModel only in read-only state.

imodels_write - allows to make changes to an iModel. Allows to create and modify named versions. Allows to create mapping between PW connection and iModel to facilitate bridges.

imodels_manage - allows to create an iModel. Allows to configure access per iModel. Allows to manage locks, codes or local copies for the entire iModel. This permission is both iModel and iTwin level permission, but Create iModel operation requires that user has imodels_manage permission on the iTwin level.

imodels_delete - allows to delete an iModel. This permission is only available on the iTwin level.

Authentication

Requires Authorization header with valid Bearer token for scope itwin-platform.

For more documentation on authorization and how to get access token visit OAUTH2 Authorization page.

Authorization

User must have imodels_webview permission assigned at the iModel level. If iModel Role permissions at the iModel level are configured, then user must additionally have at least imodels_webview permission assigned at the iTwin level. If permissions at the iModel level are not configured, then user must have imodels_webview permission assigned at the iTwin level.

Alternatively the user should be an Organization Administrator for the Organization that owns a given iTwin the iModel belongs to.

For more information please refer to Account Administrator documentation section on Access Control API documentation page.

Rate limits

All iTwin Platform API operations have a rate limit. For more documentation on that visit Rate limits and quotas page.

Request

Request parameters

Yes

iModel Id

Request headers

Authorization

Yes

OAuth access token with itwin-platform scope

Yes

Setting to application/vnd.bentley.itwin-platform.v2+json is recommended.

Response

Response 200 OK

json

{
    "permissions": [
        "imodels_webview",
        "imodels_read",
        "imodels_write",
        "imodels_manage"
    ]
}

Response 401 Unauthorized

This response indicates that request lacks valid authentication credentials. Access token might not been provided, issued by the wrong issuer, does not have required scopes or request headers were malformed.

json

{
    "error": {
        "code": "HeaderNotFound",
        "message": "Header Authorization was not found in the request. Access denied."
    }
}

Response 404 Not Found

Requested iModel is not available.

json

{
    "error": {
        "code": "iModelNotFound",
        "message": "Requested iModel is not available."
    }
}

Response 429 Too many requests

This response indicates that the user has sent too many requests in a given amount of time.

json

{
    "error": {
        "code": "TooManyRequests",
        "message": "More requests were received than the subscription rate-limit allows."
    }
}

Response headers

retry-after

The number of requests exceeds the rate-limit for the client subscription.

Definitions

Permissions

List of permission user has on a given iModel.

permissions

String[]

Array of permissions user has on an iModel.

Error

Contains error information.

code

String

One of a server-defined set of error codes.

message

String

A human-readable representation of the error.

target

String, null

The target of the error.

Error Response

Gives details for an error that occurred while handling the request. Note that clients MUST NOT assume that every failed request will produce an object of this schema, or that all of the properties in the response will be non-null, as the error may have prevented this response from being constructed.

error

Error

Error information.