Working with data source permissions

The Data Sources API allows administrators to create their own data sources and create data sources on behalf of users. When creating a data source on behalf of a user, administrators can set permissions on the data source to limit user access to the data source. Data source permissions override individual user permissions whether inherited through a role or set explicitly for the user. When an administrator creates a data source on behalf of a user, any administrator with the appropriate permissions would have access to the data source through the on-behalf-of functionality.

Create a data source on behalf of a user

The following POST request creates a data source on behalf of a user. The user query parameter (?user) is used to specify the owner of the data source. The administrator must have the Administrator (12) permission; or the administrator must have the MgmtAPI (11) permission, the OnBehalfOf (21) permission, administrative access on the tenant to which the user belongs, and the CreateDataSource (1) permission.

{
"name": "ODataSF",
"dataStore": "1",
"connectionType": "Cloud",
"description": "Test OData access to Salesforce",
"options": {
"Database": "Accounting",
"User": "mySForceUserId",
"Password": "mySForcePassword",
"SecurityToken": "mySecurityToken",
"StmtCallLimit": "60",
"ODataSchemaMap": "{\"odata_mapping_v2\":{\"schemas\":[{\"name\":\"D2CQA01\"
,\"tables\":{\"Dept_Emp\":{},\"Employees\":{},\"Departments\":{},\"Salaries\":{}
,\"Titles\":{},\"Dept_Manager\":{}}}]}}",
"ODataVersion": "2"
}
}

Retrieve permissions on behalf of a user

The following GET request retrieves the effective permissions on the data source on behalf of the data source owner, where 16 is the ID of the data source.

The administrator must have the Administrator (12) permission; or the administrator must have the MgmtAPI (11) permission, the OnBehalfOf (21) permission, administrative access on the tenant to which the user belongs, and the ViewDataSource (2) permission.

Note: When no permissions have been set on a data source, then the permissions of the user are returned. When permissions have been set on a data source, they will be returned instead of the user's permissions. The permissions on a data source override user and role permissions.

Update permissions on a data source

With the following PUT request, an administrator can modify permissions on the data source on behalf of the data source owner. In this example, the administrator allows the ODataUser several additional permissions.

The user query parameter (?user) is used to specify the owner of the data source. The administrator must have the Administrator (12) permission; or the administrator must have the MgmtAPI (11) permission, the OnBehalfOf (21) permission, administrative access on the tenant to which the user belongs, and the ModifyDataSource (3) permission.

Retrieve the effective permissions on a data source

An administrator can then retrieve the updated effective permissions with a GET request.

Note: When permissions have been set on a data source, the effective permissions are the permissions set on the data source. Since data source permissions override user permissions, the user permissions are excluded from the response payload.