X

Best Practices from Oracle Development's A‑Team

One easy way of settting permissions for Oracle Content and Experience with the REST API

Dolf Dijkstra
Cloud Solutions Architect

Setting permissions with the REST API

Oracle Content and Experience has a REST API endpoint for setting Permissions or various objects like ContentTypes and Repositories. You can use this endpoint to add or revoke permissions.

To invoke the API you need to send a POST request to https://host.cec.ocp.oraclecloud.com/content/management/api/v1.1/permissionOperations?links=none

As with any POST operation, you have to send a body. The body has to be an JSON document. Therefore, you have to set the Content-Type header to application/json.

The API body is simple. To add or change permissions, send a body with this structure.

{
    "operations": {
        "share": {
            "resource": {
                "id": "0E59C237D0054270885122215E6567D0",
                "name": "Article",
                "type": "type"
            },
            "roles": [
                {
                    "name": "contributor",
                    "users": [
                        {
                            "name": "EDITORS",
                            "type": "group",
                            "groupType": "CEC"
                        }
                    ]
                }
            ]
        }
    }
}

With curl

With curl the request will look like this:

curl --location --request POST 'https://host.cec.ocp.oraclecloud.com/content/management/api/v1.1/permissionOperations?links=none' \
--header 'X-Requested-With: XMLHttpRequest' \
--header 'Content-Type: application/json' \
--user <user:secret> \
--data-raw '{
    "operations": {
        "share": {
            "resource": {
                "id": "0E59C237D0054270885122215E6567D0",
                "name": "Article",
                "type": "type"
            },
            "roles": [
                {
                    "name": "contributor",
                    "users": [
                        {
                            "name": "EDITORS",
                            "type": "group",
                            "groupType": "CEC"
                        }
                    ]
                }
            ]
        }
    }
}'

Operations

In the JSON body, the operation can be "share" or "unshare". Unshare is used to remove a user or group as a member.

Resource types

There are 3 types of Content-as-a-Service objects that can have members and thus permissions. The "type" field under "resource" can have these values.

Resource Type
ContentType type
Repository repository
Channels channel

Roles

The "roles" can have "name" of “manager”, “contributor” or “viewer”.

Groups or individual user

The objects in the array for the "users" field can have a type of “group” or “user” . If is is of type group, the "groupType" can be of “IDP” for an IDCS managed group or “CEC” for an Oracle Content and Experienced managed group.

Unsharing

The body for an unshare operation has this structure:

{
    "operations": {
      "unshare": {
        "resource": {
          "id": "E876FBCC753246E7AEF86BD20A6060FC",
          "name": "MyRepo",
          "type": "repository"
        },
        "users": [{ "name": "MyGroup", "type": "group", "groupType": "IDP" }]
      }
    }
  }

Sharing for the first time

When you share a resource for the first time with a group, you can add an additional message, that can be send out as an email to the user or group members.

{
    "operations": {
      "share": {
        "resource": {
          "id": "E876FBCC753246E7AEF86BD20A6060FC",
          "name": "MyRepo",
          "type": "repository"
        },
        "roles": [
          {
            "name": "contributor",
            "message": "I added you as a member to repository \"MyRepo.\" It should appear in your list when you sign in to Oracle Content and Experience.",
            "users": [
              { "name": "MyGroup", "type": "group", "groupType": "IDP" }
            ]
          }
        ]
      }
    }
  }

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha