UserPermission Resource

Using the Surpass API, it is possible to retrieve a list of all the user permissions that are available in Surpass. This information can then be used to assign the relevant user permissions to your users in Surpass by calling subsequent methods.

UserPermission Resource

Below we have listed the operations, http verbs and an example URL for the UserPermission resource within the Surpass API. 
Operation HTTP Verb Example URL
List GET
Filter GET$filter=user/reference eq ‘btljamesl’
Read (Individual) GET
Create POST
Attributes for the UserPermission Resource

Within the table below we have provided all of the attributes included in the UserPermission resource. This includes the attribute name, data type, if the attribute is orderable when requesting the GET method and if the attribute is available to filter when requesting the GET method.
Attribute Name Type Order (GET) Filter (GET) Available Operators (GET) Unique Identifier Mandatory for Create (POST)
id int X X eq, le, ge X
href String
centre Resource *
subject Resource *
permission Resource X
user Resource X
* user and permission always mandatory for POST. If subject is not null then centre should be not null. If centre and subject are null then permissions will be set at site level.

GET Request and Return

The UserPermission resource can be called directly by browsing to the URL. Below we have provided examples of JSON and XML responses that would be returned from the Surpass API when requesting the GET method for the UserPermission resource. It is important to remember that the return information will be included within the response object that forms part of the standard GET response. This is detailed in the page understanding the Surpass API.

Example GET request & response (JSON)
Example GET request & response (XML)

POST Request and Return

The POST UserPermission method requires the attributes listed above to be submitted as part of the body of the request. This can be submitted in either JSON or XML format, the content-type used will need to be submitted as part of the header of the request. An example of the address, header and body of the request for both formats can be found below.

Example POST request & response (JSON)
Example POST request & response (XML)

Example DELETE request

DELETE requests should reference the ID of the UserPermission you want to delete. Successful deletes will return a status of 200 and will return the base resource with all values set to null. An example of the DELETE user permission request has been provided below.

Required Permissions

To successfully call the UserPermission method, the user specified in the header of the request must have the "Site Administrator" permission in Surpass.

Feedback and Knowledge Base