1. REST API for Sites Management
  2. Tasks
  3. Policies
  4. Access Lists

Add or Remove Users, Applications or Groups from the Access List

patch

/sites/management/api/v1/policies/{id}/access

COLLECTION

Specify a set of users, applications or groups to add and remove from the access list. An invalid user, client application or group error response will be returned if any user, client application or group name does not match a user, client application or group. Attempts to add the same user, client application or group are ignored, as are any attempts to remove a user, client application or group that is not a member of the access list. Note that this operation only allows a maximum of 50 users and/or groups to be added or removed per request.

Introduced in release 19.3.1.

Authorization

Users, client applications and groups can be added or removed from the access list by site administrators.

Enabling the Access List

The access list is only used if the accessType of the associated policy is set to restricted. If the access type is set to everyone the members of the access list are ignored. However, it is valid to alter the access list members when the policy access type is set to everyone.

For more information, see Update the Fields of a Policy.

Successful Response Examples

This operation responds with the following success (2xx) responses. For a full list of response HTTP status codes and example bodies, consult the Response section of this operation.

200OK - Add

Users, client applications and groups can be added in the same request. A group is identified using the group:groupname syntax. A user is identified using the user:username syntax. A client application is identified using the user:applicationname syntax.

Request

PATCH https://api.example.com/sites/management/api/v1/policies/{id}/access

Request Body

{
  "add": [
      "user:jsmith",
      "group:marketing"
  ]
}

200OK - Remove

Users, client applications and groups can be removed in the same request. A group is identified using the group:groupname syntax. A user is identified using the user:username syntax. A client application is identified using the user:applicationname syntax.

Request

PATCH https://api.example.com/sites/management/api/v1/policies/{id}/access

Request Body

{
  "remove": [
      "user:jsmith",
      "group:marketing"
  ]
}

200OK - Add and Remove

Users, client applications and groups can be added and removed in the same request. A group is identified using the group:groupname syntax. A user is identified using the user:username syntax. A client application is identified using the user:applicationname syntax.

Request

PATCH https://api.example.com/sites/management/api/v1/policies/{id}/access

Request Body

{
  "add": [
      "user:jsmith",
      "user:jdoe"
  ],
  "remove": [
      "group:marketing"
  ]
}

Client Error Response Examples

This operation responds with following client error (4xx) responses with exception details in the response body. For a full list of response HTTP status codes and example bodies, consult the Response section of this operation.

400Bad Request - Invalid User or Application

A user or client application identified cannot be found.

Error Code

OCE-IDS-001004

Resolution - Check User Exists

Check that the user name is valid.

Resolution - Check Client Application Exists

Check that the client application name is valid.

Exception Detail Fields

This error type includes the following fields/values in the response:

Field NameDescription
userUser or application that does not exist.

For detailed information about this exception detail type, consult the InvalidIdentityExceptionDetail schema in the definitions section of the swagger document.

Example Response Body
{
  "type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
  "title": "Invalid User or Application",
  "status": "400",
  "detail": "User or client application does not exist.",
  "o:errorCode": "OCE-IDS-001004",
  "user": {
    "id": "1234"
  }
}

Introduced in release 19.3.1.

400Bad Request - Invalid Group

A group identified with an identifier such as the group name cannot be found.

Error Code

OCE-IDS-001007

Resolution - Check Group Exists

Check that the group identifier or group name is valid.

Exception Detail Fields

This error type includes the following fields/values in the response:

Field NameDescription
groupGroup that does not exist.

For detailed information about this exception detail type, consult the InvalidGroupExceptionDetail schema in the definitions section of the swagger document.

Example Response Body
{
  "type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
  "title": "Invalid Group",
  "status": "400",
  "detail": "Group does not exist.",
  "o:errorCode": "OCE-IDS-001007",
  "group": {
    "id": "1234"
  }
}

Introduced in release 19.3.1.

400Bad Request - Too Many Members

When adding, removing or replacing users, applications or groups in a members list the server may enforce a maximum number of elements that can be processed in a single call. This is to ensure that a single synchronous request does not have an unbounded processing time.

Error Code

OCE-IDS-001028

Resolution - Reduce the Number of Members

Reduce the number of users and groups to be equal or less than the maximum number specified.

Resolution - Add Members Individually

Use the POST on the collection resource to add members individually.

Resolution - Remove Members Individually

Use the member resource to remove members individually.

Exception Detail Fields

This error type includes the following fields/values in the response:

Field NameDescription
maximumMaximum number of elements.
actualNumber of elements provided.

For detailed information about this exception detail type, consult the TooManyMembersExceptionDetail schema in the definitions section of the swagger document.

Example Response Body
{
  "type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
  "title": "Too Many Members",
  "status": "400",
  "detail": "A single request cannot process more than '{maximum}' users and groups. The number of users and groups provided was '{actual}'.",
  "o:errorCode": "OCE-IDS-001028",
  "maximum": 1234,
  "actual": 1234
}

Introduced in release 19.3.1.

400Bad Request - Unsupported Policy Field

Indicates that a field in the policy should not be provided. For example, a repository should not be specified in a policy for a standard template.

Error Code

OCE-SITEMGMT-009036

Resolution - Remove Localization Policy Allowed

Remove the policy localizationPolicyAllowed field if the associated template is a standard template.

Resolution - Remove Site Prefix Allowed

Remove the policy sitePrefixAllowed field if the associated template is a standard template.

Resolution - Remove Repository

Remove the policy repository field if the associated template is a standard template.

Exception Detail Fields

This error type includes the following fields/values in the response:

Field NameDescription
fieldField name that is incompatible with the type of site.

For detailed information about this exception detail type, consult the UnsupportedPolicyFieldExceptionDetail schema in the definitions section of the swagger document.

Example Response Body
{
  "type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
  "title": "Unsupported Policy Field",
  "status": "400",
  "detail": "Field '{field}' should not be provided for this policy.",
  "o:errorCode": "OCE-SITEMGMT-009036",
  "field": "repository"
}

404Not Found - Policy Not Found

The policy does not exist or has been deleted, or the authenticated user or client application does not have access to the policy.

Error Code

OCE-SITEMGMT-009022

Resolution - Check Identifier

Check that the policy identifier is valid.

Resolution - Check Role

Check that the authenticated user is a site administrator.

Resolution - Check Access

If the user is not a site administrator then check the policy 'accessType' includes the authenticated user.

Exception Detail Fields

This error type includes the following fields/values in the response:

Field NameDescription
policyPolicy that does not exist or is not visible to the authenticated user.

For detailed information about this exception detail type, consult the PolicyNotFoundExceptionDetail schema in the definitions section of the swagger document.

Example Response Body
{
  "type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
  "title": "Policy Not Found",
  "status": "404",
  "detail": "Policy does not exist or has been deleted, or the authenticated user or client application does not have access to the policy.",
  "o:errorCode": "OCE-SITEMGMT-009022",
  "policy": {
    "id": "721af08b-32db-4eee-b6af-0c38d3ba4681"
  }
}

409Conflict - Policy Read Only

The policy is read only and cannot be modified. Only policies associated with a template or site can be edited. Policies associated with a request are read only.

Error Code

OCE-SITEMGMT-009032

Resolution - Edit Template Policy

If the intention was to change the policy associated with a template, use the policy identifier from the template policy resource.

Resolution - Edit Copy Site Policy

If the intention was to change the policy associated with the copy site operation, use the policy identifier from the copy operation policy resource.

Resolution - Edit Extend Site Expiration Policy

If the intention was to change the policy associated with the copy site operation, use the policy identifier from the extend site expiration operation policy resource.

Exception Detail Fields

This error type includes the following fields/values in the response:

Field NameDescription
policyPolicy that is read only.

For detailed information about this exception detail type, consult the PolicyReadOnlyExceptionDetail schema in the definitions section of the swagger document.

Example Response Body
{
  "type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
  "title": "Policy Read Only",
  "status": "409",
  "detail": "The policy is read-only and cannot be modified.",
  "o:errorCode": "OCE-SITEMGMT-009032",
  "policy": {
    "id": "721af08b-32db-4eee-b6af-0c38d3ba4681"
  }
}

Request

Supported Media Types
Path Parameters
Body ()

Users and groups to add or remove from the access list.

Root Schema : schema
Type: object
Show Source
Example:
{
    "add":[
        "user:jsmith",
        "user:jdoe"
    ],
    "remove":[
        "group:marketing"
    ]
}
Nested Schema : add
Type: array

Members to add.

Introduced in release 19.3.1.
Show Source
Nested Schema : remove
Type: array

Members to remove.

Introduced in release 19.3.1.
Show Source
Back to Top

Response

200 Response

OK
Headers

  • Opaque identifier assigned by the origin server to a specific version of a resource.

400 Response

Bad Request
Body ()
Root Schema : schema
Match All
Show Source
Nested Schema : InvalidIdentityExceptionDetail
Introduced in release 19.3.1.
Match All
Show Source
Nested Schema : ExceptionDetail
Type: object

In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.

Show Source
Nested Schema : InvalidIdentityExceptionDetail-allOf[1]
Type: object
Show Source
Nested Schema : o:errorDetails
Type: array

Multiple errors can be organized in a hierarchical structure.

Show Source
Nested Schema : items
Match All
Show Source
  • ExceptionDetail

    In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.

Example Response (Invalid User or Application)
{
    "type":"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
    "title":"Invalid User or Application",
    "status":"400",
    "detail":"User or client application does not exist.",
    "o:errorCode":"OCE-IDS-001004",
    "user":{
        "id":"1234"
    }
}
Example Response (Invalid Group)
{
    "type":"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
    "title":"Invalid Group",
    "status":"400",
    "detail":"Group does not exist.",
    "o:errorCode":"OCE-IDS-001007",
    "group":{
        "id":"1234"
    }
}
Example Response (Too Many Members)
{
    "type":"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
    "title":"Too Many Members",
    "status":"400",
    "detail":"A single request cannot process more than '{maximum}' users and groups. The number of users and groups provided was '{actual}'.",
    "o:errorCode":"OCE-IDS-001028",
    "maximum":1234,
    "actual":1234
}
Example Response (Unsupported Policy Field)
{
    "type":"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
    "title":"Unsupported Policy Field",
    "status":"400",
    "detail":"Field '{field}' should not be provided for this policy.",
    "o:errorCode":"OCE-SITEMGMT-009036",
    "field":"repository"
}

401 Response

Unauthorized

403 Response

Forbidden

404 Response

Not Found
Headers
Body ()
Root Schema : schema
Match All
Show Source
Nested Schema : PolicyNotFoundExceptionDetail
Match All
Show Source
Nested Schema : ExceptionDetail
Type: object

In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.

Show Source
Nested Schema : PolicyNotFoundExceptionDetail-allOf[1]
Type: object
Show Source
Nested Schema : o:errorDetails
Type: array

Multiple errors can be organized in a hierarchical structure.

Show Source
Nested Schema : items
Match All
Show Source
  • ExceptionDetail

    In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.

Example Response (Policy Not Found)
{
    "type":"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
    "title":"Policy Not Found",
    "status":"404",
    "detail":"Policy does not exist or has been deleted, or the authenticated user or client application does not have access to the policy.",
    "o:errorCode":"OCE-SITEMGMT-009022",
    "policy":{
        "id":"721af08b-32db-4eee-b6af-0c38d3ba4681"
    }
}

409 Response

Conflict
Body ()
Root Schema : schema
Match All
Show Source
Nested Schema : PolicyReadOnlyExceptionDetail
Match All
Show Source
Nested Schema : ExceptionDetail
Type: object

In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.

Show Source
Nested Schema : PolicyReadOnlyExceptionDetail-allOf[1]
Type: object
Show Source
Nested Schema : o:errorDetails
Type: array

Multiple errors can be organized in a hierarchical structure.

Show Source
Nested Schema : items
Match All
Show Source
  • ExceptionDetail

    In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.

Example Response (Policy Read Only)
{
    "type":"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
    "title":"Policy Read Only",
    "status":"409",
    "detail":"The policy is read-only and cannot be modified.",
    "o:errorCode":"OCE-SITEMGMT-009032",
    "policy":{
        "id":"721af08b-32db-4eee-b6af-0c38d3ba4681"
    }
}

413 Response

Payload Too Large

415 Response

Unsupported Media Type

429 Response

Too Many Requests

500 Response

Internal Server Error

501 Response

Not Implemented

502 Response

Bad Gateway

503 Response

Service Unavailable

504 Response

Gateway Timeout
Back to Top