API Permissions

The following table lists out all the available APIs and their operations and specifies the permissions of each operation.

Service	Operation	Permission Level

Service	Operation	Permission Level
IdentityProviderMgtService	addIdP	/permission/admin/manage
	deleteIdP	/permission/admin/manage
	getAllFederatedAuthenticators	/permission/admin/manage
	getAllIdPs	/permission/admin/login
	getAllLocalClaimUris	/permission/admin/manage
	getAllProvisioningConnectors	/permission/admin/manage
	getEnabledAllIdPs	/permission/admin/manage
	getIdPByName	/permission/admin/manage
	getResidentIdP	/permission/admin/manage
	updateIdP	/permission/admin/manage
	updateResidentIdP	/permission/admin/manage

IdentityApplicationManagementService	createApplication	/permission/admin/manage
	deleteApplication	/permission/admin/manage
	getAllApplicationBasicInfo	/permission/admin/manage
	getAllIdentityProviders	/permission/admin/manage
	getAllLocalAuthenticators	/permission/admin/manage
	getAllLocalClaimUris	/permission/admin/manage
	getAllRequestPathAuthenticators	/permission/admin/manage
	getApplication	/permission/admin/manage
	getIdentityProvider	/permission/admin/manage
	updateApplication	/permission/admin/manage

TenantMgtAdminService	activateTenant	/permission/protected/manage/modify/tenants
	addSkeletonTenant	/permission/protected/manage/monitor/tenants
	addTenant	/permission/protected/manage/monitor/tenants
	deactivateTenant	/permission/protected/manage/modify/tenants
	deleteTenant	/permission/protected/manage/modify/tenants
	getTenant	/permission/protected/manage/monitor/tenants
	retrievePaginatedPartialSearchTenants	/permission/protected/manage/monitor/tenants
	retrievePaginatedTenants	/permission/protected/manage/monitor/tenants
	retrievePartialSearchTenants	/permission/protected/manage/monitor/tenants
	retrieveTenants	/permission/protected/manage/monitor/tenants
	updateTenant	/permission/protected/manage/modify/tenants

UserStoreConfigAdminService	addUserStore	/permission/admin/manage/identity/userstore/config/create
	changeUserStoreState	/permission/admin/manage/identity/userstore/config/update
	deleteUserStore	/permission/admin/manage/identity/userstore/config/delete
	deleteUserStoresSet	/permission/admin/manage/identity/userstore/config/delete
	editUserStore	/permission/admin/manage/identity/userstore/config/update
	editUserStoreWithDomainName	/permission/admin/manage/identity/userstore/config/update
	getAvailableUserStoreClasses	/permission/admin/manage/identity/userstore/config/view
	getSecondaryRealmConfigurations	/permission/admin/manage/identity/userstore/config/view
	getUserStoreManagerProperties	/permission/admin/manage/identity/userstore/config/view
	testRDBMSConnection	/permission/admin/manage/identity/userstore/config/view

OAuthAdminService	getAllOAuthApplicationData	/permission/admin/manage/identity/applicationmgt/view
	getAllowedGrantTypes	/permission/admin/manage/identity/applicationmgt/view
	getAppsAuthorizedByUser	/permission/admin/login
	getOAuthApplicationData	/permission/admin/manage/identity/applicationmgt/view
	getOAuthApplicationDataByAppName	/permission/admin/manage/identity/applicationmgt/view
	registerOAuthApplicationData	/permission/admin/manage/identity/applicationmgt/create
	registerOAuthConsumer	/permission/admin/manage/identity/applicationmgt/create
	removeOAuthApplicationData	/permission/admin/manage/identity/applicationmgt/delete
	revokeAuthzForAppsByResoureOwner	/permission/admin/login
	updateConsumerApplication	/permission/admin/manage/identity/applicationmgt/update

OAuth2TokenValidationService	findOAuthConsumerIfTokenIsValid	/permission/admin/manage
	validate	/permission/admin/manage

ClaimManagementService	addNewClaimDialect	/permission/admin/configure/security
	addNewClaimMapping	/permission/admin/configure/security
	getClaimMappingByDialect	/permission/admin/configure/security
	getClaimMappings	/permission/admin/configure/security
	removeClaimDialect	/permission/admin/configure/security
	removeClaimMapping	/permission/admin/configure/security
	upateClaimMapping	/permission/admin/configure/security

RemoteUserStoreManagerService	addRole	/permission/admin/configure/security
	addUser	/permission/admin/configure/security
	addUserClaimValue	/permission/admin/configure/security
	addUserClaimValues	/permission/admin/configure/security
	authenticate	/permission/admin/configure/security
	deleteRole	/permission/admin/configure/security
	deleteUser	/permission/admin/configure/security
	deleteUserClaimValue	/permission/admin/configure/security
	deleteUserClaimValues	/permission/admin/configure/security
	getAllProfileNames	/permission/admin/configure/security
	getHybridRoles	/permission/admin/configure/security
	getPasswordExpirationTime	/permission/admin/configure/security
	getProfileNames	/permission/admin/configure/security
	getProperties	/permission/admin/configure/security
	getRoleListOfUser	/permission/admin/configure/security
	getRoleNames	/permission/admin/configure/security
	getTenantId	/permission/admin/configure/security
	getTenantIdofUser	/permission/admin/configure/security
	getUserClaimValue	/permission/admin/configure/security
	getUserClaimValues	/permission/admin/configure/security
	getUserClaimValuesForClaims	/permission/admin/configure/security
	getUserId	/permission/admin/configure/security
	getUserList	/permission/admin/configure/security
	getUserListOfRole	/permission/admin/configure/security
	isExistingRole	/permission/admin/configure/security
	isExistingUser	/permission/admin/configure/security
	isReadOnly	/permission/admin/configure/security
	listUsers	/permission/admin/configure/security
	setUserClaimValue	/permission/admin/configure/security
	setUserClaimValues	/permission/admin/configure/security
	updateCredential