Manage Organization Permissions

The MANAGE Organization permission gives the access to actions and resources across the entire GoodData deployment. This permission should be reserved for administrators.

Supported Permissions

The following permissions are applicable to the organization object:

• MANAGE

  User has access to any protected action or resource.

Set Permissions For an Organization

Permissions for an organization are set using the /api/v1/layout/organization declarative API endpoint. Note that you need the Organization.MANAGE permission to change the organization layout.

Note that there always has to be at least one user with MANAGE permission in an organization. API calls that would result in an organization having no users with MANAGE permission are not valid.

Steps:

1. Make the following API call to fetch an up-to-date json definition of your organization layout:

   curl -H "Authorization: Bearer $API_TOKEN" \
       -H "Content-Type: application/json" \
       -X GET \
       $HOST_URL/api/v1/layout/organization
   

2. In the organization layout json file, update the permissions definition:

   {
     "organization": {
       ...,
       "permissions": [
           {
               "assignee": {
                   "id": "<user_id_or_user_group_id>",
                   "type": "<user_or_userGroup>"
               },
               "name": "MANAGE"
           }
       ]
     }
   }
   

3. Update the organization using your updated json in the following API call:

   curl -H "Authorization: Bearer $API_TOKEN" \
     -H "Content-Type: application/json" \
     -X PUT \
     $HOST_URL/api/v1/layout/organization -d @<your_updated_organization_layout>.json