The Data Sources API allows administrators to create their own data sources and create data sources on behalf of users. When creating a data source on behalf of a user, administrators can set permissions on the data source to limit user access to the data source. Data source permissions override individual user permissions whether inherited through a role or set explicitly for the user. When an administrator creates a data source on behalf of a user, any administrator with the appropriate permissions would have access to the data source through the on-behalf-of functionality.
The following POST request creates a data source on behalf of a user. The user query parameter (?user) is used to specify the owner of the data source. The administrator must have the Administrator (12) permission; or the administrator must have the MgmtAPI (11) permission, the OnBehalfOf (21) permission, administrative access on the tenant to which the user belongs, and the CreateDataSource (1) permission.
Request
POST https://MyServer:8443/api/mgmt/datasources?user=ODataUser
The following GET request retrieves the effective permissions on the data source on behalf of the data source owner, where 16 is the ID of the data source.
The administrator must have the Administrator (12) permission; or the administrator must have the MgmtAPI (11) permission, the OnBehalfOf (21) permission, administrative access on the tenant to which the user belongs, and the ViewDataSource (2) permission.
Note: When no permissions have been set on a data source, then the permissions of the user are returned. When permissions have been set on a data source, they will be returned instead of the user's permissions. The permissions on a data source override user and role permissions.
Request
GET https://MyServer:8443/api/mgmt/datasources/16/permissions?user=ODataUser
Response Payload
{
"permissions": [
7
]
}
Update permissions on a data source
With the following PUT request, an administrator can modify permissions on the data source on behalf of the data source owner. In this example, the administrator allows the ODataUser several additional permissions.
The user query parameter (?user) is used to specify the owner of the data source. The administrator must have the Administrator (12) permission; or the administrator must have the MgmtAPI (11) permission, the OnBehalfOf (21) permission, administrative access on the tenant to which the user belongs, and the ModifyDataSource (3) permission.
Request
PUT https://MyServer:8443/api/mgmt/datasources/16/permissions?user=ODataUser
Request Payload
{
"permissions": [
2,
3,
4,
7,
10
]
}
Retrieve the effective permissions on a data source
An administrator can then retrieve the updated effective permissions with a GET request.
The user query parameter (?user) is used to specify the owner of the data source. The administrator must have the Administrator (12) permission; or the administrator must have the MgmtAPI (11) permission, the OnBehalfOf (21) permission, administrative access on the tenant to which the user belongs, and the ViewDataSource (2) permission.
Note: When permissions have been set on a data source, the effective permissions are the permissions set on the data source. Since data source permissions override user permissions, the user permissions are excluded from the response payload.
Request
GET https://MyServer:8443/api/mgmt/datasources/16/permissions?user=ODataUser