Retrieves configured RBAC user permissions for the specified iModel.
Individual iModel permissions allow to have more granular permissions than assigned at iTwin level. This either broadens or shrinks the set of permission the user has at iTwin level. That is, once at least one user permission is configured on the given iModel, then this configuration takes precedence over permissions configured at iTwin level.
Please refer to Access Control API to learn more about Role Based Access Control principles.
iModel permissions that could be returned for the configured users:
imodels_webview
- allows to view iModel in web browser, but does not allow to get its local copy and view in desktop app.
imodels_read
- allows to open and view an iModel only in read-only state.
imodels_write
- allows to make changes to an iModel. Allows to create and modify named versions. Allows to create mapping between PW connection and iModel to facilitate bridges.
imodels_manage
- allows to manage locks, codes or local copies for the entire iModel.
Authentication
Requires Authorization
header with valid Bearer token for scope itwin-platform
.
For more documentation on authorization and how to get access token visit OAUTH2 Authorization page.
Authorization
User must have imodels_webview
permission assigned at the iModel level. If iModel Role permissions at the iModel level are configured, then user must additionally have at least imodels_webview
permission assigned at the iTwin level. If permissions at the iModel level are not configured, then user must have imodels_webview
permission assigned at the iTwin level.
Alternatively the user should be an Organization Administrator for the Organization that owns a given iTwin the iModel belongs to.
For more information please refer to Account Administrator documentation section on Access Control API documentation page.
Rate limits
All iTwin Platform API operations have a rate limit. For more documentation on that visit Rate limits and quotas page.
Was this page helpful?