• Get Started
  • Documentation
  • Samples
  • Blog
  • Pricing
    • Free Trial
    Table of contents
    Overview
    Available Events
    Tutorials
    Samples
    Changelog
    Access Control
    Download API definition:
    Update iTwin role
    PATCH https://dev-api.bentley.com/accesscontrol/itwins/{id}/roles/{roleId}

    Update the specified iTwin role.

    Authentication

    Requires Authorization header with valid Bearer token for scope itwin-platform.

    For more documentation on authorization and how to get access token visit OAUTH2 Authorization page.

    Authorization

    User must have the administration_manage_roles permission assigned at the iTwin level or be an Organization Administrator for the Organization that owns a given iTwin.

    An Organization Administrator must have at least one of the following roles assigned in User Management: Account Administrator, Co-Administrator, or CONNECT Services Administrator. For more information about User Management please visit our Bentley Communities Licensing, Cloud, and Web Services wiki page.

    Request

    Request parameters

    Name
    Required?
    Description
    id
    Yes

    The iTwin ID

    roleId
    Yes

    iTwin role ID

    Request headers

    Name
    Required?
    Description
    Authorization
    Yes

    OAuth access token with itwin-platform scope

    Accept
    No

    Setting to application/vnd.bentley.itwin-platform.v2+json is recommended.

    A iTwin role instance with the fields that should be updated.

    Request body

    Role (update)

    Name
    Type
    Required?
    Description
    displayName
    String
    No

    The display name of your Role.

    description
    String
    No

    A description of your Role.

    permissions
    String[]
    No

    Example

    json
    {
    "displayName": "A new Role display name",
    "description": "A new Role description",
    "permissions": ["administration_manage_roles"]
}

    Response

    Response 200 OK

    OK

    json
    {
    "role": {
        "id": "752b5a3d-b9f2-4845-824a-99dd310b4898",
        "displayName": "iTwin Role Manager",
        "description": "The Role to control who can manage iTwin Roles",
        "permissions": ["administration_manage_roles"]
    }
}

    Response 401 Unauthorized

    This response indicates that request lacks valid authentication credentials. Access token might not been provided, issued by the wrong issuer, does not have required scopes or request headers were malformed.

    json
    {
    "error": {
        "code": "HeaderNotFound",
        "message": "Header Authorization was not found in the request. Access denied."
    }
}

    Response 403 Forbidden

    The user has insufficient permissions for the requested operation.

    json
    {
    "error": {
        "code": "InsufficientPermissions",
        "message": "The user has insufficient permissions for the requested operation."
    }
}

    Response 404 Not Found

    This response indicates that iTwin with specified ID was not found.

    json
    {
    "error": {
        "code": "ItwinNotFound",
        "message": "Requested iTwin is not available."
    }
}

    Response 422 Unprocessable Entity

    Invalid request to update iTwin role. Make sure request had required properties and does not pass in readonly properties.

    json
    {
    "error": {
        "code": "InvalidiTwinsRoleRequest",
        "message": "Cannot create/update Role.",
        "details": [{
                "code": "MissingRequiredProperty",
                "message": "Required property is missing.",
                "target": "displayName"
            },
            {
                "code": "MissingRequiredProperty",
                "message": "Required property is missing.",
                "target": "description"
            },
            {
                "code": "MissingRequiredProperty",
                "message": "Required property is missing.",
                "target": "permissions[0]"
            },
            {
                "code": "InvalidRequestBody",
                "message": "Failed to parse request body or collection is empty."
            }
        ]
    }
}

    Response 429 Too many requests

    This response indicates that the client sent more requests than allowed by this API for the current tier of the client.

    json
    {
    "error": {
        "code": "RateLimitExceeded",
        "message": "The client sent more requests than allowed by this API for the current tier of the client."
    }
}

    Response headers

    Name
    Description
    retry-after

    Number of seconds to wait until client is allowed to make more requests.

    Definitions

    RoleResponse

    Name
    Type
    Description
    role
    Role

    Role

    Name
    Type
    Description
    id
    String

    The role id.

    displayName
    String

    The display name of your Role.

    description
    String

    A description of your Role.

    permissions
    String[]

    List of permissions assigned to the role.

    Role (update)

    Name
    Type
    Description
    displayName
    String

    The display name of your Role.

    description
    String

    A description of your Role.

    permissions
    String[]

    Error

    Contains error information.

    Name
    Type
    Description
    code
    String

    One of a server-defined set of error codes.

    message
    String

    A human-readable representation of the error.

    target
    String, null

    The target of the error.

    Error Response

    Gives details for an error that occurred while handling the request. Note that clients MUST NOT assume that every failed request will produce an object of this schema, or that all of the properties in the response will be non-null, as the error may have prevented this response from being constructed.

    Name
    Type
    Description
    error
    Error

    Error information.

    Was this page helpful?