See api-docs Menu

Update a Privilege

Use this API to update an existing privilege object.

For a detailed explanation of a privilege object, see Create a Privilege.

Required Feature

A OneLogin subscription that includes Delegated Administration is required to use the privileges API.

Resource URL

PUT https://<subdomain>/api/1/privileges/:id

Header Parameters

Authorization

required

string

Set to Bearer <access_token>.

Set <access_token> to the access token generated using the Generate Token API.

Generate the access token with the API credential pair created using the scope required to call this API. Call this API using the Manage All scope.

Content-Type

required

string

Set to application/json.

Resource Parameter

id

required

string

Set to the id of the privilege you want to update.

Request Parameters

name

required

string

The name of this privilege

description

string

The description for this privilege

privilege

required

object

An object containing statements that describe the level of access granted by this privilege.

  • Version - The version for the privilege schema. This is always 2018-05-18.
  • Statement - An array of statment objects. For a detailed explanation of a Statement object, including possible Actions, see Create a Privilege.

Sample Request Body

Allow the following user actions on any user in OneLogin.

{
    "name": "User Administrator",
  "description": "Can administer users",
    "privilege":  {
        "Version": "2018-05-18",
        "Statement": [{
            "Effect": "Allow",
            "Action": [
                "users:Get",
                "users:Unlock",
                "users:ResetPassword",
                "users:ForceLogout",
                "users:Delete"
            ],
            "Scope": ["*"]
        }]
    }
}

Sample Response

{
    "id": "5e43a548-e9c6-47be-9341-92160902f7a6"
}

No statement or statement is missing an Actions array.

{
    "statusCode": 400,
    "name": "BadRequestError",
    "message": "The request could not be understood by the server due to malformed syntax: Statement required Action array"
}

Effect is missing in the statement

{
    "statusCode": 400,
    "name": "BadRequestError",
    "message": "The request could not be understood by the server due to malformed syntax: Effect is required and must be 'Allow'"
}

Invalid action was supplied. e.g. users:MadeUpAction

{
    "statusCode": 400,
    "name": "BadRequestError",
    "message": "The request could not be understood by the server due to malformed syntax: Operation 'MadeUpAction' does not exist"
}

Typically, this error means that your access token value is invalid.

{
    "statusCode": 401,
    "name": "UnauthorizedError",
    "message": "The request requires user authentication."
}

Sample Code

cURL

curl 'https://<subdomain>/api/1/privileges/<privilege_id>' \
-X PUT \
-H "Authorization: Bearer <access_token>" \
-H "Content-Type: application/json" \
-d '{
    "name": "Super Administrator",
  "description": "Can do super things",
    "privilege":  {
        "Version": "2018-05-18",
        "Statement": [{
            "Effect": "Allow",
            "Action": ["*"],
            "Scope": ["*"]
        }]
    }
}'

Postman Collection

Replace sample variables indicated by {{ }} with your actual values.

Run in Postman

    Clicking Run in Postman button navigates to the page where you can fork the collection to your workspace. Forking the collection into your workspace will enable you to contribute to the source collection using pull requests. You can also view the collection in a public workspace if you like and even import a copy of the collection using the links present on the screen.

ask


Have a Question?

Found a problem or a bug? Submit a support ticket.

Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.

Have a product idea or request? Share it with us in our Ideas Portal.