Manage ContainerPermissions with SCIM endpoints

This topic provides examples of common requests supported by the scim/ContainerPermissions endpoint.

Send requests to scim/ContainerPermissions to manage Safe members for Privilege Cloud Safes. This endpoint currently supports the following methods:

  • GET
  • POST
  • DELETE
  • PUT

Examples

Refer to the following examples for common requests to ContainerPermissions.

GET

GET https://mytenant.idaptive.app/scim/ContainerPermissions

📘

Tip

You can narrow your responses with a pagination query parameter. For example:
GET https://mytenant.idaptive.app/scim/ContainerPermissions?startIndex=1&count=5 would show five results starting with the first resource returned.

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 2,
    "itemsPerPage": 2,
    "startIndex": 1,
    "Resources": [
        {
            "container": {
                "value": "1",
                "$ref": "https://mytenant.idaptive.app/scim/v2/Containers/myContainer",
                "name": "myContainer",
                "display": "myContainer"
            },
            "user": {
                "value": "1",
                "$ref": "https://mytenant.idaptive.app/scim/v2/Users/1",
                "display": "myuser1"
            },
            "rights": [
                "useAccounts",
                "retrieveAccounts",
                "listAccounts",
                "addAccounts",
                "updateAccountContent",
                "updateAccountProperties",
                "initiateCPMAccountManagementOperations",
                "specifyNextAccountContent",
                "renameAccounts",
                "deleteAccounts",
                "unlockAccounts",
                "manageSafe",
                "manageSafeMembers",
                "backupSafe",
                "viewAuditLog",
                "viewSafeMembers",
                "accessWithoutConfirmation",
                "createFolders",
                "deleteFolders",
                "moveAccountsAndFolders",
                "requestsAuthorizationLevel1"
            ],
            "schemas": [
                "urn:ietf:params:scim:schemas:pam:1.0:ContainerPermission"
            ],
            "id": "myContainer:myUser",
            "meta": {
                "resourceType": "ContainerPermission",
                "created": "2021-04-14T15:33:05.5981119Z",
                "lastModified": "2021-04-14T15:33:05.5981119Z",
                "location": "https://mytenant.idaptive.app/scim/v2/ContainerPermissions/myContainer:myUser"
            }
        },
        {
            "container": {
                "value": "2",
                "$ref": "https://mytenant.idaptive.app/scim/v2/Containers/myContainer",
                "name": "myContainer",
                "display": "myContainer"
            },
            "group": {
                "value": "1",
                "$ref": "https://mytenant.idaptive.app/scim/v2/Groups/1",
                "display": "myGroup"
            },
            "rights": [
                "listAccounts",
                "unlockAccounts"
            ],
            "schemas": [
                "urn:ietf:params:scim:schemas:pam:1.0:ContainerPermission"
            ],
            "id": "myContainer:myGroup",
            "meta": {
                "resourceType": "ContainerPermission",
                "created": "2021-04-14T15:33:05.5981119Z",
                "lastModified": "2021-04-14T15:33:05.5981119Z",
                "location": "https://mytenant.idaptive.app/scim/v2/ContainerPermissions/myContainer:myGroup"
            }
        }
    ]
}

Sort results when you GET all ContainerPermissions.
GET https://mytenant.idaptive.app/scim/ContainerPermissions?sortby=id&sortorder=descending
GET https://mytenant.idaptive.app/scim/ContainerPermissions?sortby=id&sortorder=descending

GET {{baseURL}}/scim/ContainerPermissions [Available with 12.2 version of PVWA.]

{
    "container": {
        "value": "myContainer",
        "$ref": "https://myTenant.idaptive.app/scim/v2/Containers/myContainer",
        "name": "myContainer",
        "display": "myContainer"
    },
    "user": {
        "value": "1",
        "$ref": "https://myTenant.idaptive.app/Scim/v2/Users/1",
        "display": "myUser"
    },
    "rights": [
        "useAccounts",
        "retrieveAccounts",
        "listAccounts",
        "addAccounts",
        "updateAccountContent",
        "updateAccountProperties",
        "initiateCPMAccountManagementOperations",
        "specifyNextAccountContent",
        "renameAccounts",
        "deleteAccounts",
        "unlockAccounts",
        "manageSafe",
        "manageSafeMembers",
        "backupSafe",
        "viewAuditLog",
        "viewSafeMembers",
        "accessWithoutConfirmation",
        "createFolders",
        "deleteFolders",
        "moveAccountsAndFolders",
        "requestsAuthorizationLevel1"
    ],
    "schemas": [
        "urn:ietf:params:scim:schemas:pam:1.0:ContainerPermission"
    ],
    "id": "myContainer:myUser",
    "meta": {
        "resourceType": "ContainerPermission",
        "created": "2021-07-19T11:19:59.8058658Z",
        "lastModified": "2021-07-19T11:19:59.8058658Z",
        "location": "https://myTenant.idaptive.app/scim/v2/ContainerPermissions/myContainer:myUser"
    }
}

POST

POST {{baseURL}/scim/ContainerPermissions

{
   "schemas":[
      "urn:ietf:params:scim:schemas:pam:1.0:ContainerPermission"
   ],
   "user":{
      "display":"myUser"
   },
   "container":{
      "name":"myContainer"
   },
   "rights":[
      "UseAccounts",
      "RetrieveAccounts",
      "UpdateAccountProperties",
      "InitiateCPMAccountManagementOperations",
      "SpecifyNextAccountContent",
      "UnlockAccounts",
      "ManageSafe",
      "ManageSafeMembers",
      "BackupSafe",
      "ViewAuditLog",
      "ViewSafeMembers",
      "AccessWithoutConfirmation",
      "CreateFolders",
      "DeleteFolders",
      "MoveAccountsAndFolders",
      "RequestsAuthorizationLevel1"
   ]
}
{
   "container":{
      "value":"stsafe17",
      "$ref":"https://mytenant.idaptive.app/Scim/Containers/stsafe17",
      "name":"stsafe17",
      "display":"stsafe17"
   },
   "user":{
      "value":"70",
      "$ref":"https://mytenant.idaptive.app/Scim/Users/70",
      "display":"shweta89"
   },
   "rights":[
      "useAccounts",
      "retrieveAccounts",
      "updateAccountProperties",
      "initiateCPMAccountManagementOperations",
      "specifyNextAccountContent",
      "unlockAccounts",
      "manageSafe",
      "manageSafeMembers",
      "backupSafe",
      "viewAuditLog",
      "viewSafeMembers",
      "accessWithoutConfirmation",
      "createFolders",
      "deleteFolders",
      "moveAccountsAndFolders",
      "requestsAuthorizationLevel1"
   ],
   "schemas":[
      "urn:ietf:params:scim:schemas:pam:1.0:ContainerPermission"
   ],
   "id":"stsafe17shweta89",
   "meta":{
      "resourceType":"ContainerPermission",
      "created":"2021-01-05T08:32:38.5610648Z",
      "lastModified":"2021-01-05T08:32:38.5610648Z",
      "location":"\"\"
}
}"

DELETE

Delete the ContainerPermission using the ID attribute. For example:

DELETE https://mytenant.idaptive.app/scim/ContainerPermissions/myContainer:myUser

PUT

`PUT {idaptivebaseurl}}scim/ContainerPermissions/. Available with 12.2 version of PVWA.

  1. Create one Container Permissions
{
"schemas":["urn:ietf:params:scim:schemas:pam:1.0:ContainerPermission"],
"container": {
"name": "myContainer"
},
"user":{
"display":"myUser"
},
"rights": [
        ]
    }
{
"container": {
"value": "myContainer",
"$ref": "https://mytenant.idaptive.app/Scim/v2/Containers/myContainer",
"name": "myContainer",
"display": "myContainer"
},
"user": {
"value": "28",
"$ref": "https://mytenant.idaptive.app/Scim/v2/Users/1",
"display": "myUser"
},
"schemas": [
"urn:ietf:params:scim:schemas:pam:1.0:ContainerPermission"
],
"id": "myContainer:myUser",
"meta": {
"resourceType": "ContainerPermission",
"created": "2021-05-12T09:27:38.145556Z",
"lastModified": "2021-05-12T09:27:38.145556Z",
"location": "https://mytenant.idaptive.app/scim/v2/ContainerPermissions/myContainer:myUser"
}
}
  1. Update Container Permissions
{
"container": {
    "name": "myContainer"
},
"user": {
    "display": "myUser"
},

"rights": [

    "moveAccountsAndFolders",
    "requestsAuthorizationLevel1",
    "InitiateCPMAccountManagementOperations",
    "ManageSafe"
],
"schemas": [
    "urn:ietf:params:scim:schemas:pam:1.0:ContainerPermission"
]
}
{
"container": {
"value": "myContainer",
"$ref": "https://mytenant.idaptive.app/Scim/v2/Containers/myContainer",
"name": "myContainer",
"display": "myContainer"
},
"user": {
"value": "1",
"$ref": "https://mytenant.idaptive.app/Scim/v2/Users/1",
"display": "myUser"
},
"rights": [
"initiateCPMAccountManagementOperations",
"manageSafe",
"moveAccountsAndFolders",
"requestsAuthorizationLevel1"
],
"schemas": [
"urn:ietf:params:scim:schemas:pam:1.0:ContainerPermission"
],
"id": "myContainer:myUser",
"meta": {
"resourceType": "ContainerPermission",
"created": "2021-05-12T11:30:21.1087842Z",
"lastModified": "2021-05-12T11:30:21.1087842Z",
"location": "https://mytenant.idaptive.app/Scim/v2/ContainerPermissions/myContainer:myUser"
}
}