Platform
ScaiWave ScaiGrid ScaiCore ScaiBot ScaiDrive ScaiKey Models Tools & Services
Solutions
Organisations Developers Internet Service Providers Managed Service Providers AI-in-a-Box
Resources
Support Documentation Blog Downloads
Company
About Research Careers Investment Opportunities Contact
Log in

Permissions Reference

Permission checks, effective permissions, ACL management, and ownership transfer.

Base path: /api/v1/permissions/

Permission values#

String values used in API bodies:

  • READ
  • WRITE
  • DELETE
  • CREATE
  • SHARE
  • MANAGE_PERMISSIONS

In effective-permission responses, also available as boolean flags: can_read, can_write, etc.

GET /api/v1/permissions/check#

Check a single permission.

Query:

Param Notes
resource_type file, folder, share
resource_id
permission One of the values above

Response: {allowed: true}.

POST /api/v1/permissions/check#

Same as GET with a JSON body.

Body: resource_type, resource_id, permission.

POST /api/v1/permissions/check/batch#

Batch check — up to 100 checks per request.

Body:

json
1
2
3
4
5
6
{
  "checks": [
    {"resource_type": "file", "resource_id": "fil_A", "permission": "WRITE"},
    {"resource_type": "file", "resource_id": "fil_B", "permission": "DELETE"}
  ]
}

Response:

json
1
2
3
4
5
6
{
  "results": [
    {"resource_type": "file", "resource_id": "fil_A", "permission": "WRITE", "allowed": true},
    {"resource_type": "file", "resource_id": "fil_B", "permission": "DELETE", "allowed": false}
  ]
}

GET /api/v1/permissions/effective#

Full set of effective permissions on a resource.

Query: resource_type, resource_id.

Response:

json
1
2
3
4
5
6
7
8
{
  "can_read": true,
  "can_write": true,
  "can_delete": false,
  "can_create": true,
  "can_share": false,
  "can_manage_permissions": false
}

ACL management#

GET /api/v1/permissions/acl/{resource_type}/{resource_id}#

Full ACL for a resource.

Response:

json
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
{
  "resource_type": "folder",
  "resource_id": "fld_01J3M",
  "inherit_from_parent": true,
  "entries": [
    {
      "id": "ace_01J3N",
      "principal_type": "group",
      "principal_id": "grp_01J3L",
      "principal_name": "Engineering",
      "principal_email": null,
      "permissions": ["READ", "WRITE", "CREATE", "DELETE"],
      "ace_type": "allow",
      "inherited": false,
      "inherit_to_children": true
    }
  ]
}

Required permission: MANAGE_PERMISSIONS.

POST /api/v1/permissions/acl/{resource_type}/{resource_id}#

Add an ACE. Returns 201.

Body:

Field Notes
principal_type user, group, everyone
principal_id Matching ID, or "everyone"
permissions Array of permission names
ace_type allow or deny
inherit_to_children Default true

Required permission: MANAGE_PERMISSIONS.

DELETE /api/v1/permissions/acl/{resource_type}/{resource_id}#

Remove an ACE. Returns 204.

Body: principal_type, principal_id, ace_type.

Required permission: MANAGE_PERMISSIONS.

PUT /api/v1/permissions/acl/{resource_type}/{resource_id}/inheritance#

Set inheritance mode.

Body:

Field Notes
inherit_from_parent true or false
copy_inherited When disabling: copy inherited ACEs as direct entries first. Default false

Response: {resource_type, resource_id, inherit_from_parent}.

Required permission: MANAGE_PERMISSIONS.

Ownership#

POST /api/v1/permissions/ownership/{resource_type}/{resource_id}/transfer#

Transfer resource ownership.

Query: new_owner_id (user or group).

Response: {resource_type, resource_id, new_owner_id}.

Requires: Current owner, or tenant admin.

Error codes#

Code HTTP When
AUTHZ_PERMISSION_DENIED 403 Missing MANAGE_PERMISSIONS
VALIDATION_ERROR 422 Invalid permission name, principal type mismatch
NOT_FOUND 404 Resource or principal doesn't exist
Updated 2026-05-18 15:04:17 View source (.md) rev 2