Skip to main content

Access & Permissions

Per Resource Access Permissions

Owners of any resource can grant collaborator access (read only permissions) or administrator access (read and manage permissions) of that resource to other users and teams in the org. Note that access permissions can only be extended within the org.

Org administrators automatically have administrative rights to all resources in the org.

View Resource Access Permission

Issue a POST request on the /resource_authorize endpoint to check the user's access(read/manage) permissions of a resource.

Two attributes resource_type and resource_id are required and access_mode param is optional in the JSON body request. If you don't send access_mode then api will check read access permission.

View Resource Access Permission: Request
POST /resource_authorize
...
Example Request Payload
{
  "resource_type": "SOURCE",
  "resource_id": 966
}
View Resource Access Permission: Response
API will return status code:
401 - If given Authorization header fails user authentication.
403 - If user doesn't have correct access permission on given resource.
200 - User is allowed to access the resource.

Set or Update Resource Access Permission

Granular Access Permissions can be granted to all Nexla resources, including data sources, datasets, destinations, transforms, credentials, and lookups.

Issue a POST request on {resource_type}/{resource_id}/accessors to grant access permissions to one or more users and teams.

Set Or Update Access Permission: Request
POST /{resource_type}/{resource_id}/accessors
...
Example Request Payload
{
  "accessors":[
    {
      "type":"user",
      "id":<user_id>,
      "access_role":"collaborator"
    },
    ...
    {
      "type":"user",
      "id":<user_id>,
      "access_role":"administrator"
    },
    ...
    {
      "type":"team",
      "id":<team_id>,
      "access_role":"collaborator"
    },
  ]
}

For example, the sample request makes user 122 a collaborator to credential 7900, so that user 122 can set up a source or destination using credential 7900 but not modify it.

Set Or Update Access Permission: Sample Request
POST /data_credentials/7900/accessors
{
  "accessors":[
    {
      "type":"user",
      "access_role":"collaborator",
      "id":122
    }

  ]
}

Update Access Permissions

Replace the POST with a PUT to append access permissions instead of overwriting existing access permissions. You can also use this method to upgrade, downgrade, or revoke a specific user/team's access rights without impacting the other granted access permissions.

Update Access Permission: Request
PUT /{resource_type}/{resource_id}/accessors
{
  "accessors":[
    {
      "type":"user",
      "id":<user_id>,
      "access_role":"collaborator"
    },
    ...
    {
      "type":"user",
      "id":<user_id>,
      "access_role":"administrator"
    },
    ...
    {
      "type":"team",
      "id":<team_id>,
      "access_role":"collaborator"
    },
  ]
}

Revoke Access Permission

You can revoke all previously granted access permissions to a resource by issuing a DELETE call on the /{resource_type}/{resource_id}/accessors endpoint. Alternately, you can conditionally revoking access to only some users or teams by issues PUT call on /{resource_type}/{resource_id}/accessors endpoint