Skip to main content

Grant Access

Endpoint: POST /api/auth/authorization

Grants access to a user, group, or role over a specific resource in Orkes Conductor.

Request body

ParameterDescriptionTypeRequired/ Optional
subject.typeThe type of subject being granted access. Supported values:
  • user: A user in Orkes Conductor.
  • role: A system/custom role.
  • group: A group in Orkes Conductor.
stringRequired.
subject.idThe identifier of the subject.
  • For the type user, it must be the email.
  • For the type role, it must be the role name. For example, ADMIN.
  • For the type group, it must be the group name in Conductor.
stringRequired.
target.typeThe resource type to which access is being granted. Supported values:
  • WORKFLOW_DEF
  • TASK_DEF
  • SECRET_NAME
  • APPLICATION
  • INTEGRATION_PROVIDER
  • PROMPT
  • WORKFLOW_SCHEDULE
  • EVENT_HANDLER
  • WEBHOOK
  • ENV_VARIABLE
  • SCHEMA
  • TAG
stringRequired.
target.idThe unique identifier of the resource (e.g., the workflow name) to grant access to.stringRequired.
accessThe set of access types to grant. Supported values:
  • READ
  • CREATE
  • UPDATE
  • DELETE
  • EXECUTE
array of stringsRequired.

Response

Returns a confirmation message.

Examples

Grant a user READ and EXECUTE access to a workflow definition

Request

curl -X 'POST' \
'https://<YOUR-SERVER-URL>/api/auth/authorization' \
-H 'accept: application/json' \
-H 'X-Authorization: <TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"subject": {
"type": "user",
"id": "jane.doe@acme.com"
},
"target": {
"type": "WORKFLOW_DEF",
"id": "rate_limit_test"
},
"access": ["READ", "EXECUTE"]
}
'

Response

This grants the user READ and EXECUTE access over the workflow named rate_limit_test.

{
"message": "Granted permission"
}