Asset Permissions

Permissions allow users to access assets and perform certain actions on those assets. There are many levels of Permissions, which gives you granular control. Permissions can apply to Groups, Users, or Shares. In the Orange Logic interface, Permissions are managed from an asset’s Permissions tab. You can also use the DataTable API to assign Permissions.

📙
Feature documentation: Permissions

To view or assign permissions with the DataTable API, use the RecordID that matches the type of database object you’re working with:

Document: DO_RecordID
Group: CG_RecordID
User: CT_RecordID
Share: AS_RecordID

The following table shows how API fields map to the Permissions displayed in the Orange Logic interface. For Boolean fields, such as View Small, use 1 to permit the action and 0 to prevent it.

Permission Field Name in the Interface	API Field Name
Permission Given Until YYYY-MM-DD	`Document.CoreField.EndDate` Format: YYYY-MM-DD
On Subtypes Examples: Standard Folder, Standard Image	`Document.CoreField.TargetSubType`
On Visibility Classes Examples: Public, Internal Use Only, Pending Process	`Document.CoreField.TargetPurpose` You can assign multiple Visibility Classes with one call by separating the Visibility Classes with a pipe operator (\|). Example: `Document.CoreField.TargetPurpose:=Public\|Hidden`
View Small	`Document.CoreField.CanRead`
View Med	`Document.CoreField.CanReadMedium`
View Large	`Document.CoreField.CanReadLarge`
View Original	`Document.CoreField.CanReadOriginal`
Show Dwnld Btn (Show Download Button)	`Document.CoreField.CanDownload`
Find	`Document.CoreField.CanFind`
Share Own Access	`Document.CoreField.CanShare`
Edit	`Document.CoreField.CanWrite`
Add/Upld (Add or Upload)	`Document.CoreField.CanUpload`
Delete	`Document.CoreField.CanDelete`
Move	`Document.CoreField.CanMove`
Admin	`Document.CoreField.CanManageRights`
Apply to Contained Assets	`Document.CoreField.DisableInheritance` By default, Apply to Contained Assets is selected `(Document.CoreField.DisableInheritance=0)`. To add a permission with Apply to Contained Assets deselected, use `Document.CoreField.DisableInheritance=1.`

ℹ️
Notes
Many calls that read, update, or change Permissions include a sub-call that locates a database object, such as an asset. The sub-call is enclosed in square brackets.
For example, consider the following call:
/API/Datatable/v2.1/Document.Security.Permission:Read?Document.CoreField.DO_RecordID=[Datatable/v2.1/Document.All:Read?Document.CoreField.Identifier=ZZ13VPI]
In this call, the sub-call is: Datatable/v2.1/Document.All:Read?Document.CoreField.Identifier=ZZ13VPI
The sub-call locates the asset that has the unique identifier ZZ13VPI. You could use this structure to create a different sub-call that locates a different type of database object.

Read

Call template

POST or GET/API/Datatable/v2.1/Document.Security.Permission:Read?Document.CoreField.DO_RecordID=[Datatable/v2.1/Document.All:Read?Document.CoreField.{identifying-metadata-field}={asset-identifier}]

View an asset’s Permissions

Example: View a folder’s Permissions

This call returns the Permissions applied to the folder with the Unique ID ZZ13VPI. There are two separate sets of Permissions:

One applied to the user with the CT_RecordID K8OEC0O37A, who has full Admin Permissions.
One applied to the contact group with the CG_RecordID KV9HJ6V_N, which has Permissions to View, Read, and Download small, medium, and large proxies of assets with the Public Visibility Class.

ℹ️
Note
This call only returns Permissions added to the folder. It does not display inherited Permissions.

POST or GET/API/Datatable/v2.1/Document.Security.Permission:Read?Document.CoreField.DO_RecordID=[Datatable/v2.1/Document.All:Read?Document.CoreField.Identifier=ZZ13VPI]

Call

  
curl --location --globoff --request POST 'https://mangovations.com/API/Datatable/v2.1/Document.Security.Permission:Read?Document.CoreField.DO_RecordID=[Datatable%2Fv2.1%2FDocument.All%3ARead%3FDocument.CoreField.Identifier%3DZZ13VPI]' \
--header 'Authorization: Bearer T1D@MG4JJrnwZmDWk@EC74nwLlQuSvZTK5G@WuXjHUtxmwjhPSeFWXNFGPbS5YRHTqVUU2RKY0FAmKX3vIHJPdumA7sltX2aIqQtsRVN3jx8nY5wJrD9kXmei26rdcST' \
--header 'Cookie: AWSALB=a9YC/PHZSEUyzVElWlRMDmArriuSbbY3kCYourgVBDEua7lP2PqRu6qyX2/pOXeicK+747Pj/xq4CjZ+6LYJ0Y7NJFHK4QcnJgY4LmTupiEdyKTOhnEAJGm2tmPQ; AWSALBCORS=a9YC/PHZSEUyzVElWlRMDmArriuSbbY3kCYourgVBDEua7lP2PqRu6qyX2/pOXeicK+747Pj/xq4CjZ+6LYJ0Y7NJFHK4QcnJgY4LmTupiEdyKTOhnEAJGm2tmPQ; AWSALBTG=Of8AvHS8KicGPWMXkb1pAltBYeGREtX035Pb6BGov0FOcU8Xjb89A5FMG24R347r84boy3GICvkMiT0QLFubuXHTr2B3I4W85SkWEpcD+WOz/RFE/ryfrFHnS/cDdCiwpfoF28uXBoJgoPyxzfwPYRkGBB6BRiqBqBzf4xIu4/wr; AWSALBTGCORS=Of8AvHS8KicGPWMXkb1pAltBYeGREtX035Pb6BGov0FOcU8Xjb89A5FMG24R347r84boy3GICvkMiT0QLFubuXHTr2B3I4W85SkWEpcD+WOz/RFE/ryfrFHnS/cDdCiwpfoF28uXBoJgoPyxzfwPYRkGBB6BRiqBqBzf4xIu4/wr; CortexCID_ZZ1=iu5G2rhGXAbc8sj5; ZZ1-Session__1505=CfDJ8KSkO661hSREsDx7PGb48%2B1uNSTr3X1C14fP8J%2FJVGXwesss0tCtnW0f1nYG3dZhwHjvLMpReigbOU%2BgpKSykcKskrCjHNAeYTdpkjHU3Ag%2Fsm2K%2Bn89xcaOIg4Pe2Bzpowdp%2BI8uJFGJqPmOfIJqvG9XmOG4gU%2FoH7TG%2B2qnOyf; ZZ1-Session__1505-Alt=CfDJ8KSkO661hSREsDx7PGb48%2B1uNSTr3X1C14fP8J%2FJVGXwesss0tCtnW0f1nYG3dZhwHjvLMpReigbOU%2BgpKSykcKskrCjHNAeYTdpkjHU3Ag%2Fsm2K%2Bn89xcaOIg4Pe2Bzpowdp%2BI8uJFGJqPmOfIJqvG9XmOG4gU%2FoH7TG%2B2qnOyf' \
--data ''

Response

  
   <Result>
  <APIRequestInfo>
    <ProviderVersion>KOBE.R2.2065G.216363</ProviderVersion>
    <ProviderIdentity>OLU-T-USW2-APP</ProviderIdentity>
    <ProviderID>44ddde3ac27a33c394335f249d4007d4</ProviderID>
    <Module>Datatable</Module>
    <APIVersion>v2.1</APIVersion>
    <Resource>Document.Security.Permission:Read</Resource>
    <IsLoggedIn type="Boolean">True</IsLoggedIn>
    <Status>LoggedIn</Status>
    <UserLogin>ZZ1CT12217</UserLogin>
    <Session>No session (production configuration)</Session>
    <TimeoutPeriodMinutes type="Numeric">120</TimeoutPeriodMinutes>
  </APIRequestInfo>
  <RequestInterpretation>
    <Filters type="List">
      <Filter>
        <Field>Document.CoreField.DO_RecordID</Field>
        <Operator>=</Operator>
        <OperatorDescription>Field must be equal to value</OperatorDescription>
        <Value>2QDTWAO0NQI</Value>
      </Filter>
    </Filters>
    <IgnoredParameters type="List" />
  </RequestInterpretation>
  <ResponseSummary>
    <CurrentPage type="Numeric">1</CurrentPage>
    <ItemsPerPage type="Numeric">30</ItemsPerPage>
    <TotalItemCount type="Numeric">2</TotalItemCount>
  </ResponseSummary>
  <Response type="List">
    <Record>
      <Document.CoreField.CanDelete type="Boolean">False</Document.CoreField.CanDelete>
      <Document.CoreField.CanDownload type="Boolean">True</Document.CoreField.CanDownload>
      <Document.CoreField.CanFind type="Boolean">False</Document.CoreField.CanFind>
      <Document.CoreField.CanManageRights type="Boolean">False</Document.CoreField.CanManageRights>
      <Document.CoreField.CanMove type="Boolean">False</Document.CoreField.CanMove>
      <Document.CoreField.CanRead type="Boolean">True</Document.CoreField.CanRead>
      <Document.CoreField.CanReadLarge type="Boolean">True</Document.CoreField.CanReadLarge>
      <Document.CoreField.CanReadMedium type="Boolean">True</Document.CoreField.CanReadMedium>
      <Document.CoreField.CanReadOriginal type="Boolean">False</Document.CoreField.CanReadOriginal>
      <Document.CoreField.CanShare type="Boolean">False</Document.CoreField.CanShare>
      <Document.CoreField.CanUpload type="Boolean">False</Document.CoreField.CanUpload>
      <Document.CoreField.CanWrite type="Boolean">False</Document.CoreField.CanWrite>
      <Document.CoreField.CG_RecordID>KV9HJ6V_N</Document.CoreField.CG_RecordID>
      <Document.CoreField.CreateDate type="DateTime">2025-02-05T20:24:09</Document.CoreField.CreateDate>
      <Document.CoreField.Disabled type="Boolean">False</Document.CoreField.Disabled>
      <Document.CoreField.DO_RecordID>2QDTWAO0NQI</Document.CoreField.DO_RecordID>
      <Document.CoreField.EditDate type="DateTime">2025-02-05T20:27:18</Document.CoreField.EditDate>
      <Document.CoreField.EditLocation>ZZ1</Document.CoreField.EditLocation>
      <Document.CoreField.EndDate type="DateTime">2025-02-27T00:00:00</Document.CoreField.EndDate>
      <Document.CoreField.TargetPurpose>|OR1ND000001488149|</Document.CoreField.TargetPurpose>
      <RecordID>2QDTLMBTLR8</RecordID>
    </Record>
    <Record>
      <Document.CoreField.CanDelete type="Boolean">True</Document.CoreField.CanDelete>
      <Document.CoreField.CanDownload type="Boolean">True</Document.CoreField.CanDownload>
      <Document.CoreField.CanFind type="Boolean">True</Document.CoreField.CanFind>
      <Document.CoreField.CanManageRights type="Boolean">True</Document.CoreField.CanManageRights>
      <Document.CoreField.CanMove type="Boolean">True</Document.CoreField.CanMove>
      <Document.CoreField.CanRead type="Boolean">True</Document.CoreField.CanRead>
      <Document.CoreField.CanReadLarge type="Boolean">True</Document.CoreField.CanReadLarge>
      <Document.CoreField.CanReadMedium type="Boolean">True</Document.CoreField.CanReadMedium>
      <Document.CoreField.CanReadOriginal type="Boolean">True</Document.CoreField.CanReadOriginal>
      <Document.CoreField.CanShare type="Boolean">True</Document.CoreField.CanShare>
      <Document.CoreField.CanUpload type="Boolean">True</Document.CoreField.CanUpload>
      <Document.CoreField.CanWrite type="Boolean">True</Document.CoreField.CanWrite>
      <Document.CoreField.CreateDate type="DateTime">2025-02-05T22:05:12</Document.CoreField.CreateDate>
      <Document.CoreField.CT_RecordID>K8OEC0O37A</Document.CoreField.CT_RecordID>
      <Document.CoreField.Disabled type="Boolean">False</Document.CoreField.Disabled>
      <Document.CoreField.DO_RecordID>2QDTWAO0NQI</Document.CoreField.DO_RecordID>
      <Document.CoreField.EditDate type="DateTime">2025-02-05T22:05:12</Document.CoreField.EditDate>
      <Document.CoreField.EditLocation>ZZ1</Document.CoreField.EditLocation>
      <Document.CoreField.IsBlocked type="Boolean">False</Document.CoreField.IsBlocked>
      <Document.CoreField.LinkedTableName>DO_DOCUMENTS</Document.CoreField.LinkedTableName>
      <RecordID>2QDTLMBTG42</RecordID>
    </Record>
  </Response>
</Result>

Update

Activate or deactivate inherited Permissions

This is equivalent to toggling Inherit permissions from parent(s) on or off in the Permissions tab of an asset in the Orange Logic interface.

Call template

POST or GET/API/Datatable/v2.1/Document.All:Update?Document.CoreField.{identifying-metadata-field}={asset-identifier}&Document.CoreField.BlockPermissionInheritance:={boolean-value}

Example: Deactivate inherited Permissions

This call deactivates inherited Permissions on the folder with the Unique ID ZZ13VPI.

POST or GET/API/Datatable/v2.1/Document.All:Update?Document.CoreField.Identifier=ZZ13VPI&Document.CoreField.BlockPermissionInheritance:=TRUE

Call

  
curl --location --request POST 'https://mangovations.com/API/Datatable/v2.1/Document.All:Update?Document.CoreField.Identifier=ZZ13VPI&Document.CoreField.BlockPermissionInheritance%3A=True' \
--header 'Authorization: Bearer IECCq6gY8gKBOPt6MQQCBiyTTnmmw3cpKf0kP6lauN4ZrZX6FiV0D2uIvitLhoI5iFkfuEzB3ms1swiye9JZecHVrxfqYC5iImAfD7Hq9' \
--header 'Cookie: AWSALB=g8dCkbDwX6MYD2euT7vj0ww1r8Rf+QCF6gr8LJixTHCqDVSWwQdPKHLoKC42Lp7ppHdCpxXIAjMjN3BC7SUrgcwOYpor+lyYf6MwaiVSOom9uyGQr+s5QD0khO4I; AWSALBCORS=g8dCkbDwX6MYD2euT7vj0ww1rWwQdPKHLoKC42Lp7ppHdCpxXIAjMjN3BC7SUrgcwOYpor+lyYf6MwaiVSOom9uyGQr+s5QD0khO4I; AWSALBTG=gCIXL/07eKIRjLVDN9fVjHnqfXwtclyaIXPdFbvFyf+7PlDotrU/BqSbU8/H3qkIZCAPpOw2BtMT+dvgof9Gk3St4UttKTNmH4OuVhZdpi7KatXzrYq276YS4jgW9cQX24EKiPPiPRAyslFHcVmKI+Ak; AWSALBTGCORS=gCIXL/07eKIRjLVDN9fVjHnqfXwtbvFyf+7PlDotrU/BqSbU8/H3qkIZCAPpOw2BtMT+dvgof9Gk3St4UttKTNmH4OuVhZdpi7KatXzrYq276YS4jgW9cQX24EKiPPiPRAyslFHcVmKI+Ak; 
CortexCID_ZZ1=iu5G2rhGXA5; ZZ1-Session__1505=CfDJ8KSkO661hSREsDx7PGb48%2Jl99lCtISqb%2FdxiylePnur5Dxh3vCPH4rt2UsDuYwC%2BtK85kUooay%2FH5Ha3Zf6MyqgIRWiUsUknwv1KKBtawZ8P50GDak%2B%2FqNDCsubXRMGLZWiMVNpoVW8nozDByx9VvU9O8qAlOa; ZZ1-Session__1505-Alt=CfDJ8KSkO661hSREsDx799lCtISqb%2FdxiylePnur5Dxh3vCPH4rt2UsDuYwC%2BtK85kUooay%2FH5Ha3Zf6MyqgIRWiUsUknwv1KKBtawZ8P50GDak%2B%2FqNDCsubXRMGLZWiMVNpoVW8nozDByx9VvU9O8qAlOa' \
--data ''

Response

  
<Result>
  <APIRequestInfo>
    <ProviderVersion>KOBE.R2.2065G.216363</ProviderVersion>
    <ProviderIdentity>OLU-T-USW2-APP</ProviderIdentity>
    <ProviderID>44ddde3ac27a33c39d4007d4</ProviderID>
    <Module>Datatable</Module>
    <APIVersion>v2.1</APIVersion>
    <Resource>Document.All:Update</Resource>
    <IsLoggedIn type="Boolean">True</IsLoggedIn>
    <Status>LoggedIn</Status>
    <UserLogin>ZZ1CT12217</UserLogin>
    <Session>No session (production configuration)</Session>
    <TimeoutPeriodMinutes type="Numeric">120</TimeoutPeriodMinutes>
  </APIRequestInfo>
  <RequestInterpretation>
    <Filters type="List">
      <Filter>
        <Field>Document.CoreField.Identifier</Field>
        <Operator>=</Operator>
        <OperatorDescription>Field must be equal to value</OperatorDescription>
        <Value>ZZ13VPI</Value>
      </Filter>
    </Filters>
    <Updates type="List">
      <Update>
        <Field>Document.CoreField.BlockPermissionInheritance</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>True</Value>
      </Update>
    </Updates>
    <IgnoredParameters type="List" />
  </RequestInterpretation>
  <ResponseSummary>
    <NumberOfRecordsAffected type="Numeric">1</NumberOfRecordsAffected>
  </ResponseSummary>
  <Response>
    <RecordsAffected type="List">
      <Result>
        <RecordID>2QDTWAO0NQI</RecordID>
        <Code>SUCCESS</Code>
      </Result>
    </RecordsAffected>
  </Response>
</Result>

Create or Update

Call template

POST or GET/API/Datatable/v2.1/Document.Security.Permission:CreateOrUpdate? Document.CoreField.{database-object_RecordID}=[Datatable/v2.1/{DataTable-evaluated}.{DataTable-object-type}:Read?{DataTable-evaluated}.CoreField.{identifying-metadata-field}={database-object-identifier}] &Document.CoreField.DO_RecordID=[Datatable/v2.1/Document.All:Read?Document.CoreField.{identifying-metadata-field}={asset-identifier}] &Document.CoreField.{database-object_RecordID}:=[Datatable/v2.1/{DataTable-evaluated}.{DataTable-object-type}:Read?{DataTable-evaluated}.CoreField.{identifying-metadata-field}={database-object-identifier}] &Document.CoreField.DO_RecordID:=[Datatable/v2.1/Document.All:Read?[Document.CoreField.{identifying-metadata-field}={asset-identifier}] &Document.CoreField.CanRead:={boolean-to-deny(0)-or-grant(1)-Permissions} &Document.CoreField.CanReadMedium:={boolean-to-deny(0)-or-grant(1)-Permissions} &Document.CoreField.CanReadLarge:={boolean-to-deny(0)-or-grant(1)-Permissions} &Document.CoreField.CanReadOriginal:={boolean-to-deny(0)-or-grant(1)-Permissions} &Document.CoreField.CanDownload:={boolean-to-deny(0)-or-grant(1)-Permissions} &Document.CoreField.CanFind:={boolean-to-deny(0)-or-grant(1)-Permissions} &Document.CoreField.CanShare:={boolean-to-deny(0)-or-grant(1)-Permissions} &Document.CoreField.CanWrite:={boolean-to-deny(0)-or-grant(1)-Permissions} &Document.CoreField.CanUpload:={boolean-to-deny(0)-or-grant(1)-Permissions} &Document.CoreField.CanDelete:={boolean-to-deny(0)-or-grant(1)-Permissions} &Document.CoreField.CanMove:={boolean-to-deny(0)-or-grant(1)-Permissions} &Document.CoreField.CanManageRights:={boolean-to-deny(0)-or-grant(1)-Permissions} &Document.CoreField.TargetPurpose:={VisibilityClasses} &Document.CoreField.EndDate:={date-permissions-expire}

Add Permissions

Example 1: Add Permissions for Groups to access assets

This call gives the *Everyone Group Permission to View and Download small, medium, and large proxies of assets with the Public Visibility Class in the folder with the Unique ID ZZ13VPI until February 27, 2026.

ℹ️
Note
Default Orange Logic Groups, such as Everyone, Staff, Admin, and SuperAdmin, are prefaced with an asterisk (*) in the Orange Logic system. You must escape this character with a backslash (\). For example, to reference the Staff Group in a call, use \*Staff.

POST or GET/API/Datatable/v2.1/Document.Security.Permission:CreateOrUpdate? Document.CoreField.CG_RecordID=[Datatable/v2.1/Contact.Group:Read?Contact.CoreField.Title_English=\*Everyone] &Document.CoreField.DO_RecordID=[Datatable/v2.1/Document.All:Read?Document.CoreField.Identifier=ZZ13VPI] &Document.CoreField.CG_RecordID:=[Datatable/v2.1/Contact.Group:Read?Contact.CoreField.Title_English=\*Everyone] &Document.CoreField.DO_RecordID:=[Datatable/v2.1/Document.All:Read?Document.CoreField.Identifier=ZZ13VPI] &Document.CoreField.CanRead:=1 &Document.CoreField.CanReadMedium:=1 &Document.CoreField.CanReadLarge:=1 &Document.CoreField.CanReadOriginal:=0 &Document.CoreField.CanDownload:=1 &Document.CoreField.CanFind:=0 &Document.CoreField.CanShare:=0 &Document.CoreField.CanWrite:=0 &Document.CoreField.CanUpload:=0 &Document.CoreField.CanDelete:=0 &Document.CoreField.CanMove:=0 &Document.CoreField.CanManageRights:=0 &Document.CoreField.TargetPurpose:=Public &Document.CoreField.EndDate:=2025-02-27

Call

  
curl --location --globoff --request POST 'https://mangovations.com/API/Datatable/v2.1/Document.Security.Permission:CreateOrUpdate?Document.CoreField.CG_RecordID=[Datatable%2Fv2.1%2FContact.Group%3ARead%3FContact.CoreField.Title_English%3D%5C*Everyone]&Document.CoreField.DO_RecordID=[Datatable%2Fv2.1%2FDocument.All%3ARead%3FDocument.CoreField.Identifier%3DZZ13VPI]&Document.CoreField.CG_RecordID%3A=[Datatable%2Fv2.1%2FContact.Group%3ARead%3FContact.CoreField.Title_English%3D%5C*Everyone]&Document.CoreField.DO_RecordID%3A=[Datatable%2Fv2.1%2FDocument.All%3ARead%3FDocument.CoreField.Identifier%3DZZ13VPI]&Document.CoreField.CanRead%3A=1&Document.CoreField.CanReadMedium%3A=1&Document.CoreField.CanReadLarge%3A=1&Document.CoreField.CanReadOriginal%3A=0&Document.CoreField.CanDownload%3A=1&Document.CoreField.CanFind%3A=0&Document.CoreField.CanShare%3A=0&Document.CoreField.CanWrite%3A=0&Document.CoreField.CanUpload%3A=0&Document.CoreField.CanDelete%3A=0&Document.CoreField.CanMove%3A=0&Document.CoreField.CanManageRights%3A=0&Document.CoreField.TargetPurpose%3A=Public&Document.CoreField.EndDate%3A=2026-02-27' \
--header 'Authorization: Bearer T1D@MG4JJrnwZmDWk@EC74nwLlQuSvZTK5G@WuXjHUtxmYRHTqVUU2RKY0FAmKX3vIHJPdumA7sltX2aIqQtsRVN3jx8nY5wJrD9kXmei26rdcST' \
--header 'Cookie: AWSALB=+Sd7hrKkA/QQW0l2wKh9rIvzK1ZnM2cVYtysmxWpMUfIuqE+hGb8KYPAF2Of3Rbfd2E+xw8T07KTeWfROitl5JAeuQA5QPqsqw7+Y0bkUozk/9; AWSALBCORS=+Sd7hrKkA/QQW0l2wKh9rIvzK1ZnMzGOW9ysmxWpMUfIuqE+hGb8KYPAF2Of3Rbfd2E+xw8T07KTeWfROitl5JAeuQA5QPqsqw7+Y0bkUozk/9; AWSALBTG=yzYTieawFss/H3oA9KSWUDd+ewzWY1pxZxxsi5KSqIc+thS5cPKEaZp6JVjPnoMv8erE5O+PiMMel+eHk0Za8hRM5IqKxw9P/f3gdWpjYtNE9iwsbLtKVNUAq7QpbgkeilUTCYghsEpkhW8wCVGvlTYuHz7D3bfNH; AWSALBTGCORS=yzYTieawFss/H3oA9KSWUDd+0pGpEpxxsi5KSqIc+thS5cPKEaZp6JVjPnoMv8erE5O+PiMMel+eHk0Za8hRM5IqKxw9P/f3gdWpjYtNE9iwsbLtKVNUAq7QpbgkeilUTCYghsEpkhW8wCVGvlTYuHz7D3bfNH; 
CortexCID_ZZ1=iu5G2rhGXsj5; ZZ1-Session__1505=CfDJ8KSkO661hSREsDx7PGb4qOZvEDHlJLmiXpG9fVV8zXudePo2%2BQldm2RgqL4sBjNEW7Wd7j%2Behl924nbTtE%2FjXjOE2jRV2tfc3iVXrLllB4HGXEbrB08jA8SsGRdA%2FlvANfdAHrtRCxCIETAO%2FjXwmZ3NjrkqDT%2B%2F; ZZ1-Session__1505-Alt=CfDJ8KSkO661hSREs0ALlG2tfDTqOZvEDHlJLmiXpG9fVV8zXudePo2%2BQldm2RgqL4sBjNEW7Wd7j%2Behl924nbTtE%2FjXjOE2jRV2tfc3iVXrLllB4HGXEbrB08jA8SsGRdA%2FlvANfdAHrtRCxCIETAO%2FjXwmZ3NjrkqDT%2B%2F' \
--data ''

Response

  
<Result>
  <APIRequestInfo>
    <ProviderVersion>KOBE.R2.2065G.216363</ProviderVersion>
    <ProviderIdentity>OLU-T-USW2-APP</ProviderIdentity>
    <ProviderID>44ddde3ac27335f249d4007d4</ProviderID>
    <Module>Datatable</Module>
    <APIVersion>v2.1</APIVersion>
    <Resource>Document.Security.Permission:CreateOrUpdate</Resource>
    <IsLoggedIn type="Boolean">True</IsLoggedIn>
    <Status>LoggedIn</Status>
    <UserLogin>ZZ1CT12217</UserLogin>
    <Session>No session (production configuration)</Session>
    <TimeoutPeriodMinutes type="Numeric">120</TimeoutPeriodMinutes>
  </APIRequestInfo>
  <RequestInterpretation>
    <Filters type="List">
      <Filter>
        <Field>Document.CoreField.CG_RecordID</Field>
        <Operator>=</Operator>
        <OperatorDescription>Field must be equal to value</OperatorDescription>
        <Value>KV9HJ6V_N</Value>
      </Filter>
      <Filter>
        <Field>Document.CoreField.DO_RecordID</Field>
        <Operator>=</Operator>
        <OperatorDescription>Field must be equal to value</OperatorDescription>
        <Value>2QDTWAO0NQI</Value>
      </Filter>
    </Filters>
    <Updates type="List">
      <Update>
        <Field>Document.CoreField.CanDelete</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>0</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CanDownload</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>1</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CanFind</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>0</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CanManageRights</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>0</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CanMove</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>0</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CanRead</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>1</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CanReadLarge</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>1</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CanReadMedium</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>1</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CanReadOriginal</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>0</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CanShare</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>0</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CanUpload</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>0</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CanWrite</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>0</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CG_RecordID</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>KV9HJ6V_N</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.DO_RecordID</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>2QDTWAO0NQI</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.EndDate</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>2026-02-27</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.TargetPurpose</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>Public</Value>
      </Update>
    </Updates>
    <IgnoredParameters type="List" />
  </RequestInterpretation>
  <ResponseSummary>
    <NumberOfRecordsAffected type="Numeric">1</NumberOfRecordsAffected>
  </ResponseSummary>
  <Response>
    <RecordsAffected type="List">
      <Result>
        <RecordID>2QDTLMBTLR8</RecordID>
        <Code>SUCCESS</Code>
      </Result>
    </RecordsAffected>
  </Response>
</Result>

Example 2: Add Permissions for users to access assets

This call gives the user with the email address [[email protected]] permission to view, download, share, edit, and upload on all assets with the Public Visibility Class that are located in the folder with the unique identifier of ZZ13U until April 30, 2025.

POST or GETAPI/Datatable/v2.1/Document.Security.Permission:CreateOrUpdate? Document.CoreField.CT_RecordID=[Datatable/v2.1/Contact.All:[email protected]] &Document.CoreField.DO_RecordID=[Datatable/v2.1/Document.All:Read?Document.CoreField.Identifier=ZZ13U] &Document.CoreField.CT_RecordID:=[Datatable/v2.1/Contact.All:[email protected]] &Document.CoreField.DO_RecordID:=[Datatable/v2.1/Document.All:Read?Document.CoreField.Identifier=ZZ13U] &Document.CoreField.EndDate:=2025-04-30 &Document.CoreField.CanRead:=1 &Document.CoreField.CanReadMedium:=1 &Document.CoreField.CanReadLarge:=1 &Document.CoreField.CanReadOriginal:=1 &Document.CoreField.CanDownload:=1 &Document.CoreField.CanFind:=1 &Document.CoreField.CanShare:=1 &Document.CoreField.CanWrite:=1 &Document.CoreField.CanUpload:=1 &Document.CoreField.CanDelete:=0 &Document.CoreField.CanMove:=0 &Document.CoreField.CanManageRights:=0 &Document.CoreField.TargetPurpose:=Public

Call

  
curl --location --globoff --request POST 'https://mangovations.com/API/Datatable/v2.1/Document.Security.Permission:CreateOrUpdate?Document.CoreField.CT_RecordID=[Datatable%2Fv2.1%2FContact.All%3ARead%3FContact.CoreField.Email1%3Danna.morado%mangovations.com]&Document.CoreField.DO_RecordID=[Datatable%2Fv2.1%2FDocument.All%3ARead%3FDocument.CoreField.Identifier%3DZZ13U]&Document.CoreField.CT_RecordID%3A=[Datatable%2Fv2.1%2FContact.All%3ARead%3FContact.CoreField.Email1%3Danna.morado%mangovations.com]&Document.CoreField.DO_RecordID%3A=[Datatable%2Fv2.1%2FDocument.All%3ARead%3FDocument.CoreField.Identifier%3DZZ13U]&Document.CoreField.EndDate%3A=2025-04-30&Document.CoreField.CanRead%3A=1&Document.CoreField.CanReadMedium%3A=1&Document.CoreField.CanReadLarge%3A=1&Document.CoreField.CanReadOriginal%3A=1&Document.CoreField.CanDownload%3A=1&Document.CoreField.CanFind%3A=1&Document.CoreField.CanShare%3A=1&Document.CoreField.CanWrite%3A=1&Document.CoreField.CanUpload%3A=1&Document.CoreField.CanDelete%3A=0&Document.CoreField.CanMove%3A=0&Document.CoreField.CanManageRights%3A=0&Document.CoreField.TargetPurpose%3A=Public' \
--header 'Authorization: Bearer MHrWLwYyt9WC1mahdazrqxqDvdpUhJOyDawRHz6NF7VYareyhZWinJaUVgBFMFaSwoPA0yNZxr6DB8S.uuYC38Y97YMSw5rx0mkNTsA0IA@hSHYitrNY' \
--header 'Cookie: AWSALB=fiK2QbrkNXlEZL3pARbghKvy2B2O/1FQnRfZWZCzKK/Ht+Fl4NmotFvkgZI/VgWeKk3FpZy8qU1v7HD0nkCbfE2kHJoIZ9xZx7MFuYq555nVnR; AWSALBCORS=fiK2QbrkNXlEZL3pARbghKvy2B2O/1fnW3h0n9EaqUzcFQnRfZWZCzKK/Ht+Fl4NmotFvkgZI/VgWeKk3FpZy8qU1v7HD0nkCbfE2kHJoIZ9xZx7MFuYq555nVnR; AWSALBTG=VDZO/hGG0kpL5TIo2qLAoz27s9kVV0ZrHlDLfnX7Ws2Y1o2QjYbxRnh5DNXMfejMJ2aw2ppqBEKdEdVAxUHvcCQyTbIqq3O2+lhekT7DonV8iXHCJ+EaHas5MZwRBaiNPvenyjtMwc1V/SW0IOl1NL391a11S91bIoUGYXpSP34q; AWSALBTGCORS=VDZO/hGG0kpL5TIo2qLAoz27s9kVV0ZrHlDLfnX7Ws2Y1o2QjYbxRnh5DNXMfejMJ2aw2ppqBEKdEdVAxUHvcCQyTbIqq3O2+lhekT7DonV8iXHCJ+EaHas5MZwRBaiNPvenyjtMwc1V/SW0IOl1NL391a11S91bIoUGYXpSP34q; CortexCID_ZZ1=iu5G2rhGXAbc8sj5; ZZ1-Session__1505=CfDJ8KSkO661hSREsDx7PGb48%2B18p7ptB0%2BHHDaYx74qI%2BWfwUojCCwKF7kgDjIlq%2BeKa1C7XD2LA8k71BG50GEtju7JnUM8a%2BWapNIq1unvDlgYY7B5BYgH7%2Fuw9KaFqs1PaydYGCnW5aUeLsg7DkZj5kNy01OlyBInlOoeSppFEEoJ; ZZ1-Session__1505-Alt=CfDJ8KSkO661hSREsDx7PGb48%2B18p7ptB0%2BHHDaYx74qI%2BWfwUojCCwKF7kgDjIlq%2BeKa1C7XD2LA8k71BG50GEtju7JnUM8a%2BWapNIq1unvDlgYY7B5BYgH7%2Fuw9KaFqs1PaydYGCnW5aUeLsg7DkZj5kNy01OlyBInlOoeSppFEEoJ' \
--data ''

Response

  
<Result>
  <APIRequestInfo>
    <ProviderVersion>KOBE.R2.2065G.216363</ProviderVersion>
    <ProviderIdentity>OLU-T-USW2-APP</ProviderIdentity>
    <ProviderID>44ddde3ac235f249d4007d4</ProviderID>
    <Module>Datatable</Module>
    <APIVersion>v2.1</APIVersion>
    <Resource>Document.Security.Permission:CreateOrUpdate</Resource>
    <IsLoggedIn type="Boolean">True</IsLoggedIn>
    <Status>LoggedIn</Status>
    <UserLogin>ZZ1CT12217</UserLogin>
    <Session>No session (production configuration)</Session>
    <TimeoutPeriodMinutes type="Numeric">20</TimeoutPeriodMinutes>
  </APIRequestInfo>
  <RequestInterpretation>
    <Updates type="List">
      <Update>
        <Field>Document.CoreField.CanDelete</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>0</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CanDownload</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>1</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CanFind</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>1</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CanManageRights</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>0</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CanMove</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>0</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CanRead</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>1</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CanReadLarge</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>1</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CanReadMedium</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>1</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CanReadOriginal</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>1</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CanShare</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>1</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CanUpload</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>1</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CanWrite</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>1</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.CT_RecordID</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>K8OEC0O37A</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.DO_RecordID</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>2QDTWAW803</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.EndDate</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>2025-04-30</Value>
      </Update>
      <Update>
        <Field>Document.CoreField.TargetPurpose</Field>
        <Operator>:=</Operator>
        <OperatorDescription>Assign a value to a single-value field</OperatorDescription>
        <Value>Public</Value>
      </Update>
    </Updates>
    <Filters type="List">
      <Filter>
        <Field>Document.CoreField.CT_RecordID</Field>
        <Operator>=</Operator>
        <OperatorDescription>Field must be equal to value</OperatorDescription>
        <Value>K8OEC0O37A</Value>
      </Filter>
      <Filter>
        <Field>Document.CoreField.DO_RecordID</Field>
        <Operator>=</Operator>
        <OperatorDescription>Field must be equal to value</OperatorDescription>
        <Value>2QDTWAW803</Value>
      </Filter>
    </Filters>
    <IgnoredParameters type="List" />
  </RequestInterpretation>
  <Response>
    <RecordID>2QDTLMBTEK1</RecordID>
    <Code>SUCCESS</Code>
  </Response>
</Result>

Delete

Call template

POST or GET/API/Datatable/v2.1/Document.Security.Permission:Delete&Document.CoreField.DO_RecordID=[Datatable/v2.1/Document.All:Read?Document.CoreField.{identifying-metadata-field}={asset-identifier}]&MaxRecordsAffected=100

ℹ️
Notes

This call does not block inheritance. If the asset is inheriting permissions from a parent asset, the inherited permissions still apply.

If the asset has more than one line of Permissions, you must include &MaxRecordsAffected=100 in the call.

Remove Permissions

Example: Remove Permissions from a folder

This call uses the delete action to remove Permissions from the folder with the Unique ID ZZ13VPI.

POST or GET/API/Datatable/v2.1/Document.Security.Permission:Delete?Document.CoreField.DO_RecordID=[Datatable/v2.1/Document.All:Read?Document.CoreField.Identifier=ZZ13VPI]&MaxRecordsAffected=100

Call

  
curl --location --globoff --request POST 'https://mangovations.com/API/Datatable/v2.1/Document.Security.Permission:Delete?Document.CoreField.DO_RecordID=[Datatable%2Fv2.1%2FDocument.All%3ARead%3FDocument.CoreField.Identifier%3DZZ13VPI]&MaxRecordsAffected=100' \
--header 'Authorization: Bearer RAs7xXiepH7@AZn1W.eNar6MCCaXUIFcZN9lRa29YqtnHOfsBdZx2x7rqMru.gzYDJwJrWGUqr0iTdOa8UrX3Aer69BFcrPlaQUqscKftFAHXNbh17Y9n' \
--header 'Cookie: AWSALB=6tBXOW3SAGcTGLKajecRJ1c2//bSbH2qwXfEUl453clVNjyZRK11h3N8aJBekTHLiQimsXhyd85d/87uPgwSozB+UoKXzDTz1pHE4Bm9iHqOY; AWSALBCORS=6tBXOW3SAGcTGLKajecRJ1c2//bSbH2qwCPy3z5Z/ntmI8gbXfEUl453clVNjyZRK11h3N8aJBekTHLiQimsXhyd85d/87uPgwSozB+UoKXzDTz1pHE4Bm9iHqOY; AWSALBTG=QmZMH9i+CUyjqypNEyn1Vrhian0LfQFN+YzvuBQ8waWMzU1pmV0Y5TLc8OWsUtBPt7arMeZYaZP0kqZzd7GwE2krra2NzsqlTCrf5VAMUAVpqiCTXC5uRRCldkkWGdAcI4go5yO+o62kHuSTsH2lpLMbEHQa6fFeHo7h3gdpZOeB; AWSALBTGCORS=QmZMH9i+CUyjqypNEyn1Vrhian0LfQFN+YzvuBQ8waWMzU1pmV0Y5TLc8OWsUtBPt7arMeZYaZP0kqZzd7GwE2krra2NzsqlTCrf5VAMUAVpqiCTXC5uRRCldkkWGdAcI4go5yO+o62kHuSTsH2lpLMbEHQa6fFeHo7h3gdpZOeB; CortexCID_ZZ1=iu5G2rhGXAbc8sj5; ZZ1-Session__1505=CfDJ8KSkO661hSREsDx7PGb48%2B1nHwBhFEK7wS6PJSrDjyHQAsAi0xjG2vK4z8jZqYXRaBF5qUvWMZlf66N%2FJPiCN%2B%2BAgR9iCRlwf20TT2crKRrIvXYjjx4l3wZUBXVUbdopIGV830rcQ79uNoat0X3VwrVTGqRNwA2s8Zo59O3pb0nS; ZZ1-Session__1505-Alt=CfDJ8KSkO661hSREsDx7PGb48%2B1nHwBhFEK7wS6PJSrDjyHQAsAi0xjG2vK4z8jZqYXRaBF5qUvWMZlf66N%2FJPiCN%2B%2BAgR9iCRlwf20TT2crKRrIvXYjjx4l3wZUBXVUbdopIGV830rcQ79uNoat0X3VwrVTGqRNwA2s8Zo59O3pb0nS' \
--data ''

Response

  
<Result>
  <APIRequestInfo>
    <ProviderVersion>KOBE.R2.2065G.216363</ProviderVersion>
    <ProviderIdentity>CUY-T-US-AP</ProviderIdentity>
    <ProviderID>44ddde3ac27f249d4007d4</ProviderID>
    <Module>Datatable</Module>
    <APIVersion>v2.1</APIVersion>
    <Resource>Document.Security.Permission:Delete</Resource>
    <IsLoggedIn type="Boolean">True</IsLoggedIn>
    <Status>LoggedIn</Status>
    <UserLogin>ZZ1CT12217</UserLogin>
    <Session>No session (production configuration)</Session>
    <TimeoutPeriodMinutes type="Numeric">120</TimeoutPeriodMinutes>
  </APIRequestInfo>
  <RequestInterpretation>
    <Filters type="List">
      <Filter>
        <Field>Document.CoreField.DO_RecordID</Field>
        <Operator>=</Operator>
        <OperatorDescription>Field must be equal to value</OperatorDescription>
        <Value>2QDTWAO0NQI</Value>
      </Filter>
    </Filters>
    <Updates type="List" />
    <IgnoredParameters type="List" />
  </RequestInterpretation>
  <ResponseSummary>
    <NumberOfRecordsAffected type="Numeric">2</NumberOfRecordsAffected>
  </ResponseSummary>
  <Response>
    <RecordsAffected type="List">
      <Result>
        <RecordID>2QDTLMBTLR8</RecordID>
        <Code>SUCCESS</Code>
      </Result>
      <Result>
        <RecordID>2QDTLMBTG42</RecordID>
        <Code>SUCCESS</Code>
      </Result>
    </RecordsAffected>
  </Response>
</Result>

Asset Permissions

📙

ℹ️
Notes

Read

Call template

View an asset’s Permissions

Example: View a folder’s Permissions

ℹ️
Note

Update

Activate or deactivate inherited Permissions

Call template

Example: Deactivate inherited Permissions

Create or Update

Call template

Add Permissions

Example 1: Add Permissions for Groups to access assets

ℹ️
Note

Example 2: Add Permissions for users to access assets

Delete

Call template

ℹ️
Notes

Remove Permissions

Example: Remove Permissions from a folder

📙

ℹ️Notes

Read

Call template

View an asset’s Permissions

Example: View a folder’s Permissions

ℹ️Note

Update

Activate or deactivate inherited Permissions

Call template

Example: Deactivate inherited Permissions

Create or Update

Call template

Add Permissions

Example 1: Add Permissions for Groups to access assets

ℹ️Note

Example 2: Add Permissions for users to access assets

Delete

Call template

ℹ️Notes

Remove Permissions

Example: Remove Permissions from a folder

ℹ️
Notes

ℹ️
Note

ℹ️
Note

ℹ️
Notes