1. REST API for Sites Management
  2. Tasks
  3. Policies
  4. Access Lists

Add a User, Application or Group to the Access List

post

/sites/management/api/v1/policies/{id}/access

COLLECTION

Add a single user, client application or group to the access list. An invalid user, client application or group error response will be returned if the user, client application or group name does not match a user, client application or group. If the user, client application or group is already a member of the access list then the response will contain a member already exists error.

Introduced in release 19.3.1.

Authorization

Users, client applications and groups can only be added to the access list by site administrators.

Enabling the Access List

The access list is only used if the accessType of the associated policy is set to restricted. If the access type is set to everyone the members of the access list are ignored. However, it is valid to alter the access list members when the policy access type is set to everyone.

For more information, see Update the Fields of a Policy.

Successful Response Examples

This operation responds with the following success (2xx) responses. For a full list of response HTTP status codes and example bodies, consult the Response section of this operation.

200OK - Add User

A user is added using the user:username syntax.

Request

POST https://api.example.com/sites/management/api/v1/policies/{id}/access

Request Body

"user:jsmith"

200OK - Add Application

A client application is added using the user:applicationname syntax.

Request

POST https://api.example.com/sites/management/api/v1/policies/{id}/access

Request Body

"application:MyProduct_APPID"
Introduced in release 20.3.3.

200OK - Add Group

A group is added using the group:groupname syntax. If both an Oracle Content Management group and Identity Provider group have the same name, the OCE group is used.

Request

POST https://api.example.com/sites/management/api/v1/policies/{id}/access

Request Body

"group:marketing"

200OK - Add Oracle Content Management Group

An Oracle Content Management group is referenced using the group:oce:groupname syntax. If there is a name clash between an OCE group and an identity provider group this syntax can be used to be explicit about the type of group being added.

Request

POST https://api.example.com/sites/management/api/v1/policies/{id}/access

Request Body

"group:oce:marketing"

200OK - Add Identity Provider Group

An identity provider supplied group is referenced using the group:idp:groupname syntax. If there is a name clash between an Oracle Content Management group and an IDP group this syntax can be used to be explicit about the type of group being added.

Request

POST https://api.example.com/sites/management/api/v1/policies/{id}/access

Request Body

"group:idp:marketing"

200OK

Request

POST https://api.example.com/sites/management/api/v1/policies/{id}/access

Response Body

{
  "id": "user:jsmith",
  "type": "user",
  "name": "jsmith",
  "displayName": "John Smith",
  "isExternalUser": false
}

Client Error Response Examples

This operation responds with following client error (4xx) responses with exception details in the response body. For a full list of response HTTP status codes and example bodies, consult the Response section of this operation.

400Bad Request - Invalid User or Application

A user or client application identified cannot be found.

Error Code

OCE-IDS-001004

Resolution - Check User Exists

Check that the user name is valid.

Resolution - Check Client Application Exists

Check that the client application name is valid.

Exception Detail Fields

This error type includes the following fields/values in the response:

Field NameDescription
userUser or application that does not exist.

For detailed information about this exception detail type, consult the InvalidIdentityExceptionDetail schema in the definitions section of the swagger document.

Example Response Body
{
  "type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
  "title": "Invalid User or Application",
  "status": "400",
  "detail": "User or client application does not exist.",
  "o:errorCode": "OCE-IDS-001004",
  "user": {
    "id": "1234"
  }
}

Introduced in release 19.3.1.

400Bad Request - Invalid Group

A group identified with an identifier such as the group name cannot be found.

Error Code

OCE-IDS-001007

Resolution - Check Group Exists

Check that the group identifier or group name is valid.

Exception Detail Fields

This error type includes the following fields/values in the response:

Field NameDescription
groupGroup that does not exist.

For detailed information about this exception detail type, consult the InvalidGroupExceptionDetail schema in the definitions section of the swagger document.

Example Response Body
{
  "type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
  "title": "Invalid Group",
  "status": "400",
  "detail": "Group does not exist.",
  "o:errorCode": "OCE-IDS-001007",
  "group": {
    "id": "1234"
  }
}

Introduced in release 19.3.1.

400Bad Request - Unsupported Policy Field

Indicates that a field in the policy should not be provided. For example, a repository should not be specified in a policy for a standard template.

Error Code

OCE-SITEMGMT-009036

Resolution - Remove Localization Policy Allowed

Remove the policy localizationPolicyAllowed field if the associated template is a standard template.

Resolution - Remove Site Prefix Allowed

Remove the policy sitePrefixAllowed field if the associated template is a standard template.

Resolution - Remove Repository

Remove the policy repository field if the associated template is a standard template.

Exception Detail Fields

This error type includes the following fields/values in the response:

Field NameDescription
fieldField name that is incompatible with the type of site.

For detailed information about this exception detail type, consult the UnsupportedPolicyFieldExceptionDetail schema in the definitions section of the swagger document.

Example Response Body
{
  "type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
  "title": "Unsupported Policy Field",
  "status": "400",
  "detail": "Field '{field}' should not be provided for this policy.",
  "o:errorCode": "OCE-SITEMGMT-009036",
  "field": "repository"
}

404Not Found - Policy Not Found

The policy does not exist or has been deleted, or the authenticated user or client application does not have access to the policy.

Error Code

OCE-SITEMGMT-009022

Resolution - Check Identifier

Check that the policy identifier is valid.

Resolution - Check Role

Check that the authenticated user is a site administrator.

Resolution - Check Access

If the user is not a site administrator then check the policy 'accessType' includes the authenticated user.

Exception Detail Fields

This error type includes the following fields/values in the response:

Field NameDescription
policyPolicy that does not exist or is not visible to the authenticated user.

For detailed information about this exception detail type, consult the PolicyNotFoundExceptionDetail schema in the definitions section of the swagger document.

Example Response Body
{
  "type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
  "title": "Policy Not Found",
  "status": "404",
  "detail": "Policy does not exist or has been deleted, or the authenticated user or client application does not have access to the policy.",
  "o:errorCode": "OCE-SITEMGMT-009022",
  "policy": {
    "id": "721af08b-32db-4eee-b6af-0c38d3ba4681"
  }
}

409Conflict - Policy Read Only

The policy is read only and cannot be modified. Only policies associated with a template or site can be edited. Policies associated with a request are read only.

Error Code

OCE-SITEMGMT-009032

Resolution - Edit Template Policy

If the intention was to change the policy associated with a template, use the policy identifier from the template policy resource.

Resolution - Edit Copy Site Policy

If the intention was to change the policy associated with the copy site operation, use the policy identifier from the copy operation policy resource.

Resolution - Edit Extend Site Expiration Policy

If the intention was to change the policy associated with the copy site operation, use the policy identifier from the extend site expiration operation policy resource.

Exception Detail Fields

This error type includes the following fields/values in the response:

Field NameDescription
policyPolicy that is read only.

For detailed information about this exception detail type, consult the PolicyReadOnlyExceptionDetail schema in the definitions section of the swagger document.

Example Response Body
{
  "type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
  "title": "Policy Read Only",
  "status": "409",
  "detail": "The policy is read-only and cannot be modified.",
  "o:errorCode": "OCE-SITEMGMT-009032",
  "policy": {
    "id": "721af08b-32db-4eee-b6af-0c38d3ba4681"
  }
}

409Conflict - Member Already Exists

A user, client application or group is already a member.

Error Code

OCE-IDS-001005

Exception Detail Fields

This error type includes the following fields/values in the response:

Field NameDescription
memberMember identifier.

For detailed information about this exception detail type, consult the MemberAlreadyExistsExceptionDetail schema in the definitions section of the swagger document.

Example Response Body
{
  "type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
  "title": "Member Already Exists",
  "status": "409",
  "detail": "User or group '{member.id}' is already a member'.",
  "o:errorCode": "OCE-IDS-001005",
  "member": {
    "id": "user:jsmith"
  }
}

Introduced in release 19.3.1.

Request

Supported Media Types
Path Parameters
Body ()

Details of the user, client application or group being added.

Root Schema : schema
Type: string
Example:
"user:jsmith"
Back to Top

Response

Supported Media Types

201 Response

Created
Headers
Body ()
Root Schema : schema
Type: object
Show Source

  • Display name for the user, client application or group.

    Introduced in release 19.3.1.
  • group

    Group details of the member. Only available if the member has a type of group.

    Introduced in release 19.3.1.

  • If the member is a group, then the type of group is specified. If the member is a user this field is not present.

    Valid values are:

    • oce - Content management group
    • idp - identity provider group

    Introduced in release 20.1.1.

  • Identifier for the user, client application or group member.

    No assumptions should be made about the content of the field; the field should be treated as an opaque value.

    Introduced in release 19.3.1.

  • Will be set to true if the associated user or client application has only the external user role.

    Introduced in release 21.10.2.
  • links

    HATEOS link to related resources and actions or actions on this resource. Must include at least a 'self' link that contains a link to the canonical representation of the resource.

  • Unique name for the user, client application or group. If the member is a user the name is the user name. If the member is a group the name is the group name.

    Introduced in release 19.3.1.

  • Indicates the member is a user, client application or group.

    Valid values are:

    • user - Member is a user or a client application. No distinction is made between a member that is a user or a
    member that is a client application.
    • group - Member is a group

    Introduced in release 19.3.1.
  • user

    User or client application details of the member. Only available if the member has a type of user. A member can be a user, client application or group. The details of both users and client applications can be read.

    Introduced in release 19.3.1.
Nested Schema : group

Group details of the member. Only available if the member has a type of group.

Introduced in release 19.3.1.
Match All
Show Source
  • Group

    A group is a collection of users and groups. A group has a human readable group name.

    Introduced in release 19.3.1.
Nested Schema : links
Type: array

HATEOS link to related resources and actions or actions on this resource. Must include at least a 'self' link that contains a link to the canonical representation of the resource.

Show Source
Nested Schema : user

User or client application details of the member. Only available if the member has a type of user. A member can be a user, client application or group. The details of both users and client applications can be read.

Introduced in release 19.3.1.
Match All
Show Source
  • Identity
    Discriminator: type

    Identity representing a user or client application. The identity contains the common information such as the identity identifier, unique name and display name.

    Introduced in release 20.3.1.
Nested Schema : Group

A group is a collection of users and groups. A group has a human readable group name.

Introduced in release 19.3.1.
Match All
Show Source
  • SingularResource

    All singular resources include the properties of the singular resource definition. A singular resource includes a list of links that provide relationships to other resources, or in the case of the self link the resource itself.

  • Group-allOf[1]
Nested Schema : SingularResource
Type: object

All singular resources include the properties of the singular resource definition. A singular resource includes a list of links that provide relationships to other resources, or in the case of the self link the resource itself.

Show Source
  • links
Nested Schema : Group-allOf[1]
Type: object
Show Source

  • Human-readable name for the group.

    Introduced in release 19.3.1.

  • Group name that is unique within the service instance.

    Introduced in release 19.3.1.

  • Unique identifer for the group.

    No assumptions should be made about the content of the field; the field should be treated as an opaque value.

    Introduced in release 19.3.1.
  • roles

    Roles.

    Valid values are:

    • CECServiceAdministrator - Service Administrator
    • Assign user enumerates
    • Change user passwords and challenge questions
    • Configure, monitor, and manage service instances
    • CECSitesAdministrator - Sites Administrator
    • Create sites, templates, themes or components
    • CECRepositoryAdministrator - Repository Administrator
    • CECDeveloperUser - Developer User
    • CECContentAdministrator - Content Administrator
    • Create new content types and publish items
    • CECStandardUser - Standard User
    • Manage content (view, upload, and edit documents)
    • Share content and sites with others
    • Use conversations to collaborate (discuss topics, direct message someone, assign flags to someone, add annotations to documents)
    • Follow people
    • Create, edit, and publish sites
    • Manage and publish site themes
    • Create, register, export, and import custom site components
    • Create, edit, export, and import site templates
    • View and interact with content items in sites
    • Manage and view custom properties and edit values
    • CECEnterpriseUser - Enterprise User
    • Manage content (view, upload, and edit documents)
    • Share content and sites with others
    • Use conversations to collaborate (discuss topics, direct message someone, assign flags to someone, add annotations to documents)
    • Follow people
    • Digital Assets
    • Content Items (editorial content management)
    • Create, manage, view, and interact with content items
    • Collections
    • Create, edit, and publish sites
    • Manage and publish site themes
    • Create, register, export, and import custom site components
    • Create, edit, export, and import site templates
    • Manage and view custom properties and edit values
    • CECExternalUser - External User
    Reserved for future use.
    • CECIntegrationUser - Integration User
    Used to impersonate another user while performing operations through the Social REST endpoints of the REST API for Collaboration.
    • CECSitesVisitor - Sites Visitor
    Access sites restricted to visitors.

    Introduced in release 21.10.2.

  • Type of the group.

    Valid values are:

    • oce - Content management group
    • idp - identity provider group

    Introduced in release 19.3.1.
Nested Schema : roles
Type: array

Roles.

Valid values are:

  • CECServiceAdministrator - Service Administrator
  • Assign user enumerates
  • Change user passwords and challenge questions
  • Configure, monitor, and manage service instances
  • CECSitesAdministrator - Sites Administrator
  • Create sites, templates, themes or components
  • CECRepositoryAdministrator - Repository Administrator
  • CECDeveloperUser - Developer User
  • CECContentAdministrator - Content Administrator
  • Create new content types and publish items
  • CECStandardUser - Standard User
  • Manage content (view, upload, and edit documents)
  • Share content and sites with others
  • Use conversations to collaborate (discuss topics, direct message someone, assign flags to someone, add annotations to documents)
  • Follow people
  • Create, edit, and publish sites
  • Manage and publish site themes
  • Create, register, export, and import custom site components
  • Create, edit, export, and import site templates
  • View and interact with content items in sites
  • Manage and view custom properties and edit values
  • CECEnterpriseUser - Enterprise User
  • Manage content (view, upload, and edit documents)
  • Share content and sites with others
  • Use conversations to collaborate (discuss topics, direct message someone, assign flags to someone, add annotations to documents)
  • Follow people
  • Digital Assets
  • Content Items (editorial content management)
  • Create, manage, view, and interact with content items
  • Collections
  • Create, edit, and publish sites
  • Manage and publish site themes
  • Create, register, export, and import custom site components
  • Create, edit, export, and import site templates
  • Manage and view custom properties and edit values
  • CECExternalUser - External User
Reserved for future use.
  • CECIntegrationUser - Integration User
Used to impersonate another user while performing operations through the Social REST endpoints of the REST API for Collaboration.
  • CECSitesVisitor - Sites Visitor
Access sites restricted to visitors.

Introduced in release 21.10.2.
Show Source
Nested Schema : items
Match All
Show Source
  • Link
Nested Schema : Identity
Discriminator: type

Identity representing a user or client application. The identity contains the common information such as the identity identifier, unique name and display name.

Introduced in release 20.3.1.
Match All
Show Source
  • SingularResource

    All singular resources include the properties of the singular resource definition. A singular resource includes a list of links that provide relationships to other resources, or in the case of the self link the resource itself.

  • Identity-allOf[1]
Nested Schema : Identity-allOf[1]
Type: object
Show Source

  • Human-readable display name.

    Introduced in release 20.3.1.

  • An identifier value allocated by CEC for the user or client application. The identifier is unique within the scope of the service.

    No assumptions should be made about the content of the field; the field should be treated as an opaque value.

    Introduced in release 20.3.1.

  • Unique name, such as the user name or client application name.

    Introduced in release 20.3.1.
  • roles

    Roles.

    Valid values are:

    • CECServiceAdministrator - Service Administrator
    • Assign user enumerates
    • Change user passwords and challenge questions
    • Configure, monitor, and manage service instances
    • CECSitesAdministrator - Sites Administrator
    • Create sites, templates, themes or components
    • CECRepositoryAdministrator - Repository Administrator
    • CECDeveloperUser - Developer User
    • CECContentAdministrator - Content Administrator
    • Create new content types and publish items
    • CECStandardUser - Standard User
    • Manage content (view, upload, and edit documents)
    • Share content and sites with others
    • Use conversations to collaborate (discuss topics, direct message someone, assign flags to someone, add annotations to documents)
    • Follow people
    • Create, edit, and publish sites
    • Manage and publish site themes
    • Create, register, export, and import custom site components
    • Create, edit, export, and import site templates
    • View and interact with content items in sites
    • Manage and view custom properties and edit values
    • CECEnterpriseUser - Enterprise User
    • Manage content (view, upload, and edit documents)
    • Share content and sites with others
    • Use conversations to collaborate (discuss topics, direct message someone, assign flags to someone, add annotations to documents)
    • Follow people
    • Digital Assets
    • Content Items (editorial content management)
    • Create, manage, view, and interact with content items
    • Collections
    • Create, edit, and publish sites
    • Manage and publish site themes
    • Create, register, export, and import custom site components
    • Create, edit, export, and import site templates
    • Manage and view custom properties and edit values
    • CECExternalUser - External User
    Reserved for future use.
    • CECIntegrationUser - Integration User
    Used to impersonate another user while performing operations through the Social REST endpoints of the REST API for Collaboration.
    • CECSitesVisitor - Sites Visitor
    Access sites restricted to visitors.

    Introduced in release 21.10.2.

  • Type of Identity. Valid values are: user, service, application, unknown.

    Introduced in release 20.3.1.
Nested Schema : roles
Type: array

Roles.

Valid values are:

  • CECServiceAdministrator - Service Administrator
  • Assign user enumerates
  • Change user passwords and challenge questions
  • Configure, monitor, and manage service instances
  • CECSitesAdministrator - Sites Administrator
  • Create sites, templates, themes or components
  • CECRepositoryAdministrator - Repository Administrator
  • CECDeveloperUser - Developer User
  • CECContentAdministrator - Content Administrator
  • Create new content types and publish items
  • CECStandardUser - Standard User
  • Manage content (view, upload, and edit documents)
  • Share content and sites with others
  • Use conversations to collaborate (discuss topics, direct message someone, assign flags to someone, add annotations to documents)
  • Follow people
  • Create, edit, and publish sites
  • Manage and publish site themes
  • Create, register, export, and import custom site components
  • Create, edit, export, and import site templates
  • View and interact with content items in sites
  • Manage and view custom properties and edit values
  • CECEnterpriseUser - Enterprise User
  • Manage content (view, upload, and edit documents)
  • Share content and sites with others
  • Use conversations to collaborate (discuss topics, direct message someone, assign flags to someone, add annotations to documents)
  • Follow people
  • Digital Assets
  • Content Items (editorial content management)
  • Create, manage, view, and interact with content items
  • Collections
  • Create, edit, and publish sites
  • Manage and publish site themes
  • Create, register, export, and import custom site components
  • Create, edit, export, and import site templates
  • Manage and view custom properties and edit values
  • CECExternalUser - External User
Reserved for future use.
  • CECIntegrationUser - Integration User
Used to impersonate another user while performing operations through the Social REST endpoints of the REST API for Collaboration.
  • CECSitesVisitor - Sites Visitor
Access sites restricted to visitors.

Introduced in release 21.10.2.
Show Source
Example Response ()
{
    "id":"user:jsmith",
    "type":"user",
    "name":"jsmith",
    "displayName":"John Smith",
    "isExternalUser":false
}

400 Response

Bad Request
Body ()
Root Schema : schema
Match All
Show Source
Nested Schema : InvalidIdentityExceptionDetail
Introduced in release 19.3.1.
Match All
Show Source
Nested Schema : ExceptionDetail
Type: object

In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.

Show Source
Nested Schema : InvalidIdentityExceptionDetail-allOf[1]
Type: object
Show Source
Nested Schema : o:errorDetails
Type: array

Multiple errors can be organized in a hierarchical structure.

Show Source
Nested Schema : items
Match All
Show Source
  • ExceptionDetail

    In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.

Example Response (Invalid User or Application)
{
    "type":"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
    "title":"Invalid User or Application",
    "status":"400",
    "detail":"User or client application does not exist.",
    "o:errorCode":"OCE-IDS-001004",
    "user":{
        "id":"1234"
    }
}
Example Response (Invalid Group)
{
    "type":"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
    "title":"Invalid Group",
    "status":"400",
    "detail":"Group does not exist.",
    "o:errorCode":"OCE-IDS-001007",
    "group":{
        "id":"1234"
    }
}
Example Response (Unsupported Policy Field)
{
    "type":"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
    "title":"Unsupported Policy Field",
    "status":"400",
    "detail":"Field '{field}' should not be provided for this policy.",
    "o:errorCode":"OCE-SITEMGMT-009036",
    "field":"repository"
}

401 Response

Unauthorized

403 Response

Forbidden

404 Response

Not Found
Headers
Body ()
Root Schema : schema
Match All
Show Source
Nested Schema : PolicyNotFoundExceptionDetail
Match All
Show Source
Nested Schema : ExceptionDetail
Type: object

In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.

Show Source
Nested Schema : PolicyNotFoundExceptionDetail-allOf[1]
Type: object
Show Source
Nested Schema : o:errorDetails
Type: array

Multiple errors can be organized in a hierarchical structure.

Show Source
Nested Schema : items
Match All
Show Source
  • ExceptionDetail

    In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.

Example Response (Policy Not Found)
{
    "type":"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
    "title":"Policy Not Found",
    "status":"404",
    "detail":"Policy does not exist or has been deleted, or the authenticated user or client application does not have access to the policy.",
    "o:errorCode":"OCE-SITEMGMT-009022",
    "policy":{
        "id":"721af08b-32db-4eee-b6af-0c38d3ba4681"
    }
}

406 Response

Not Acceptable

409 Response

Conflict
Body ()
Root Schema : schema
Match All
Show Source
Nested Schema : PolicyReadOnlyExceptionDetail
Match All
Show Source
Nested Schema : ExceptionDetail
Type: object

In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.

Show Source
Nested Schema : PolicyReadOnlyExceptionDetail-allOf[1]
Type: object
Show Source
Nested Schema : o:errorDetails
Type: array

Multiple errors can be organized in a hierarchical structure.

Show Source
Nested Schema : items
Match All
Show Source
  • ExceptionDetail

    In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.

Example Response (Policy Read Only)
{
    "type":"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
    "title":"Policy Read Only",
    "status":"409",
    "detail":"The policy is read-only and cannot be modified.",
    "o:errorCode":"OCE-SITEMGMT-009032",
    "policy":{
        "id":"721af08b-32db-4eee-b6af-0c38d3ba4681"
    }
}
Example Response (Member Already Exists)
{
    "type":"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
    "title":"Member Already Exists",
    "status":"409",
    "detail":"User or group '{member.id}' is already a member'.",
    "o:errorCode":"OCE-IDS-001005",
    "member":{
        "id":"user:jsmith"
    }
}

413 Response

Payload Too Large

415 Response

Unsupported Media Type

416 Response

Range Not Satisfiable

429 Response

Too Many Requests

500 Response

Internal Server Error

501 Response

Not Implemented

502 Response

Bad Gateway

503 Response

Service Unavailable

504 Response

Gateway Timeout
Back to Top