Skip to content
API Reference
/
/
List the groups of which...

Aritma IAM API (V1)

An API for interacting with the identity and access management system of Aritma.

Download OpenAPI description
iam-openapi.json
iam-openapi.yaml
Overview
URL
https://aritma.com/contact
Languages
Servers
Mock server
https://developer.aritma.com/_mock/apis/platform/iam/openapi/iam-openapi
IAM API
https://api.dev.aritma.io/core/iam

Actions

Actions related to IAM actions

Operations

Client

Actions related to clients in Aritma ID

Operations

Domains

Actions related to domains registered for the tenant, and their verification status

Operations

Me

Actions listing information about the currently authenticated user

Operations

Policies

Actions related to IAM policies

Operations

Role

Actions related to Aritma ID roles

Operations

Scim

Actions related to SCIM tokens

Operations

Scope

Actions related to scopes in Aritma ID

Operations

SSO

Actions common for all SSO providers

Operations

SSO - Azure AD (Entra ID)

Actions relating to AzureAd as an SSO provider

Operations

SSO - Custom Providers

Actions relating to custom SSO providers

Operations

SSO - Google

Actions relating to Google as an SSO provider

Operations

SSO - Signicat

Actions relating to Signicat as an SSO provider

Operations

Subjects

Actions related to IAM subjects

Operations

Gets subjects of all types

Request

Security
authorization_code_with_pkce(Required scopes:
services.iam
) or client_credentials(Required scopes:
services.iam
)
Query
searchQuerystring

Filters results to entries whose name contains this value. Leave empty to return all entries.

Example: searchQuery=john
pageinteger(int32)

The page number to retrieve.

Example: page=1
pageSizeinteger(int32)

The number of items to return per page. Clamped between 10 and 200.

Example: pageSize=100
No request payload

Responses

OK

Bodyapplication/json
dataArray of UserSubjectDto (object) or ClientSubjectDto (object) or SubjectGroupDto (object)required

Data returned by request

Example: [{"id":"00000000-0000-0000-0000-000000000000","displayName":"John Doe","tenant":"00000000-0000-0000-0000-000000000000","subjectId":"user-00000000-0000-0000-0000-000000000000","properties":{"username":"john.doe@aritma.com","email":"john.doe@aritma.com","phoneNumber":"+47 123 45 678"},"type":"User"},{"properties":{"iconUri":"https://aritma.com/favicon.ico","description":"Internal billing service"},"type":"Client","id":"00000000-0000-0000-0000-000000000000","displayName":"John Doe","tenant":"00000000-0000-0000-0000-000000000000","subjectId":"user-00000000-0000-0000-0000-000000000000"},{"properties":{"description":"All administrators in the tenant","memberCount":5},"type":"Group","id":"00000000-0000-0000-0000-000000000000","displayName":"John Doe","tenant":"00000000-0000-0000-0000-000000000000","subjectId":"user-00000000-0000-0000-0000-000000000000"}]
One of:

Base representation of a subject (user, client, or group) within the IAM system. The concrete type is indicated by the $type discriminator property.

idstringrequired

The unique identifier of the subject within its type.

Example: "00000000-0000-0000-0000-000000000000"
displayNamestringrequired

A human-readable display name for the subject.

Example: "John Doe"
tenantstring or null

The tenant this subject belongs to. null for global subjects.

Example: "00000000-0000-0000-0000-000000000000"
subjectIdstringread-onlyrequired

The fully-qualified subject identifier in the format type-id.

Example: "user-00000000-0000-0000-0000-000000000000"
typestringread-onlyrequired

The type of subject: User, Client, or Group.

Enum"User""Client""Anonymous""Group"
propertiesobjectread-onlyrequired

Type-specific additional data about the subject. Shape depends on Aritma.IAM.V2.SubjectDto.Type.

Example: {"username":"john.doe@aritma.com","email":"john.doe@aritma.com","phoneNumber":"+47 123 45 678"}
usernamestringrequired

The user's login username.

Example: "john.doe@aritma.com"
emailstringrequired

The user's email address.

Example: "john.doe@aritma.com"
phoneNumberstringrequired

The user's phone number.

Example: "+47 123 45 678"
pageinteger(int32)required

The current page which is fetched

Example: 1
pageSizeinteger(int32)required

The current page size

Example: 100
countinteger(int32)read-onlyrequired

The count of entries on the current page

Example: 3
totalinteger(int32)required

Total entries across all pages.

Example: 3
totalPagesinteger(int32)read-onlyrequired

The total number of pages based on Aritma.IAM.V2.PaginatedIamResponse1.Total and Aritma.IAM.V2.PaginatedIamResponse1.PageSize.

Example: 1
Response
application/json
{
  "page": 1,
  "pageSize": 100,
  "count": 3,
  "total": 3,
  "totalPages": 1,
  "data": [
    {},
    {},
    {}
  ]
}

List the groups of which a subject is a member of

Request

Security
authorization_code_with_pkce(Required scopes:
services.iam
) or client_credentials(Required scopes:
services.iam
)
Path
subjectstringrequired

The fully-qualified subject identifier, e.g. user-00000000-0000-0000-0000-000000000000

Query
pageinteger(int32)

The page number to retrieve.

Example: page=1
pageSizeinteger(int32)

The number of items to return per page. Clamped between 10 and 200.

Example: pageSize=100
No request payload

Responses

OK

Bodyapplication/json
dataArray of objects(SubjectGroupDto)required

Data returned by request

Example: [{"properties":{"description":"All administrators in the tenant","memberCount":5},"type":"Group","id":"00000000-0000-0000-0000-000000000000","displayName":"John Doe","tenant":"00000000-0000-0000-0000-000000000000","subjectId":"user-00000000-0000-0000-0000-000000000000"}]
idstringrequired

The unique identifier of the subject within its type.

Example: "00000000-0000-0000-0000-000000000000"
displayNamestringrequired

A human-readable display name for the subject.

Example: "John Doe"
tenantstring or null

The tenant this subject belongs to. null for global subjects.

Example: "00000000-0000-0000-0000-000000000000"
subjectIdstringread-onlyrequired

The fully-qualified subject identifier in the format type-id.

Example: "user-00000000-0000-0000-0000-000000000000"
typestringread-onlyrequired

The type of subject: User, Client, or Group.

Enum"User""Client""Anonymous""Group"
propertiesobjectread-onlyrequired

Type-specific additional data about the subject. Shape depends on Aritma.IAM.V2.SubjectDto.Type.

Example: {"description":"All administrators in the tenant","memberCount":5}
descriptionstringrequired

A short description of the group's purpose.

Example: "All administrators in the tenant"
memberCountinteger(int32)required

The number of members currently in the group.

Example: 5
pageinteger(int32)required

The current page which is fetched

Example: 1
pageSizeinteger(int32)required

The current page size

Example: 100
countinteger(int32)read-onlyrequired

The count of entries on the current page

Example: 3
totalinteger(int32)required

Total entries across all pages.

Example: 3
totalPagesinteger(int32)read-onlyrequired

The total number of pages based on Aritma.IAM.V2.PaginatedIamResponse1.Total and Aritma.IAM.V2.PaginatedIamResponse1.PageSize.

Example: 1
Response
application/json
{
  "page": 1,
  "pageSize": 100,
  "count": 3,
  "total": 3,
  "totalPages": 1,
  "data": [
    {}
  ]
}

Gets the permissions of a subject

Request

The requesting party must have read access for a given scope to return it

Security
authorization_code_with_pkce(Required scopes:
services.iam
) or client_credentials(Required scopes:
services.iam
)
Path
subjectstringrequired

The subject id

Query
resourceTypestring

Filters results to policies on resources of this type.

Example: resourceType=subscriptions
resourceProviderstring

Filters results to policies on resources from this provider.

Example: resourceProvider=aritma.control
actionstring

Filters results to policies granting this action.

Example: action=iam.policy.read
No request payload

Responses

OK

Bodyapplication/json
policiesArray of objects(PolicyDto)required

The policies that applies to the subject, filtered to scopes the requesting party has read access on.

Example: [{"subject":"user-00000000-0000-0000-0000-000000000000","scope":"/subscriptions/123","action":"iam.policy.read","tenant":"00000000-0000-0000-0000-000000000000"}]
subjectstringrequired

The subject identifier the policy applies to.

Example: "user-00000000-0000-0000-0000-000000000000"
scopestringrequired

The resource scope the policy applies to.

Example: "/subscriptions/123"
actionstringrequired

The action permitted by this policy.

Example: "iam.policy.read"
tenantstringrequired

The tenant this policy belongs to.

Example: "00000000-0000-0000-0000-000000000000"
tenantRolesArray of stringsrequired

The tenant-level OIDC roles assigned to the subject.

Example: ["TenantAdmin"]
subjectstringrequired

The subject identifier this response is for.

Example: "user-00000000-0000-0000-0000-000000000000"
Response
application/json
{
  "tenantRoles": [
    "TenantAdmin"
  ],
  "subject": "user-00000000-0000-0000-0000-000000000000",
  "policies": [
    {}
  ]
}

Gets client subjects

Request

Security
authorization_code_with_pkce(Required scopes:
services.iam
) or client_credentials(Required scopes:
services.iam
)
Query
searchQuerystring

Filters results to entries whose name contains this value. Leave empty to return all entries.

Example: searchQuery=john
pageinteger(int32)

The page number to retrieve.

Example: page=1
pageSizeinteger(int32)

The number of items to return per page. Clamped between 10 and 200.

Example: pageSize=100
No request payload

Responses

OK

Bodyapplication/json
dataArray of objects(ClientSubjectDto)required

Data returned by request

Example: [{"properties":{"iconUri":"https://aritma.com/favicon.ico","description":"Internal billing service"},"type":"Client","id":"00000000-0000-0000-0000-000000000000","displayName":"John Doe","tenant":"00000000-0000-0000-0000-000000000000","subjectId":"user-00000000-0000-0000-0000-000000000000"}]
idstringrequired

The unique identifier of the subject within its type.

Example: "00000000-0000-0000-0000-000000000000"
displayNamestringrequired

A human-readable display name for the subject.

Example: "John Doe"
tenantstring or null

The tenant this subject belongs to. null for global subjects.

Example: "00000000-0000-0000-0000-000000000000"
subjectIdstringread-onlyrequired

The fully-qualified subject identifier in the format type-id.

Example: "user-00000000-0000-0000-0000-000000000000"
typestringread-onlyrequired

The type of subject: User, Client, or Group.

Enum"User""Client""Anonymous""Group"
propertiesobjectread-onlyrequired

Type-specific additional data about the subject. Shape depends on Aritma.IAM.V2.SubjectDto.Type.

Example: {"iconUri":"https://aritma.com/favicon.ico","description":"Internal billing service"}
iconUristringrequired

URI of the client application's icon.

Example: "https://aritma.com/favicon.ico"
descriptionstringrequired

A short description of the client application.

Example: "Internal billing service"
pageinteger(int32)required

The current page which is fetched

Example: 1
pageSizeinteger(int32)required

The current page size

Example: 100
countinteger(int32)read-onlyrequired

The count of entries on the current page

Example: 3
totalinteger(int32)required

Total entries across all pages.

Example: 3
totalPagesinteger(int32)read-onlyrequired

The total number of pages based on Aritma.IAM.V2.PaginatedIamResponse1.Total and Aritma.IAM.V2.PaginatedIamResponse1.PageSize.

Example: 1
Response
application/json
{
  "page": 1,
  "pageSize": 100,
  "count": 3,
  "total": 3,
  "totalPages": 1,
  "data": [
    {}
  ]
}

Gets the permissions of a client

Request

Security
authorization_code_with_pkce(Required scopes:
services.iam
) or client_credentials(Required scopes:
services.iam
)
Path
clientIdstringrequired

The client id

Query
resourceTypestring

Filters results to policies on resources of this type.

Example: resourceType=subscriptions
resourceProviderstring

Filters results to policies on resources from this provider.

Example: resourceProvider=aritma.control
actionstring

Filters results to policies granting this action.

Example: action=iam.policy.read
No request payload

Responses

OK

Bodyapplication/json
policiesArray of objects(PolicyDto)required

The policies that applies to the subject, filtered to scopes the requesting party has read access on.

Example: [{"subject":"user-00000000-0000-0000-0000-000000000000","scope":"/subscriptions/123","action":"iam.policy.read","tenant":"00000000-0000-0000-0000-000000000000"}]
subjectstringrequired

The subject identifier the policy applies to.

Example: "user-00000000-0000-0000-0000-000000000000"
scopestringrequired

The resource scope the policy applies to.

Example: "/subscriptions/123"
actionstringrequired

The action permitted by this policy.

Example: "iam.policy.read"
tenantstringrequired

The tenant this policy belongs to.

Example: "00000000-0000-0000-0000-000000000000"
tenantRolesArray of stringsrequired

The tenant-level OIDC roles assigned to the subject.

Example: ["TenantAdmin"]
subjectstringrequired

The subject identifier this response is for.

Example: "user-00000000-0000-0000-0000-000000000000"
Response
application/json
{
  "tenantRoles": [
    "TenantAdmin"
  ],
  "subject": "user-00000000-0000-0000-0000-000000000000",
  "policies": [
    {}
  ]
}

Gets subject groups

Request

Security
authorization_code_with_pkce(Required scopes:
services.iam
) or client_credentials(Required scopes:
services.iam
)
Query
searchQuerystring

Filters results to entries whose name contains this value. Leave empty to return all entries.

Example: searchQuery=john
pageinteger(int32)

The page number to retrieve.

Example: page=1
pageSizeinteger(int32)

The number of items to return per page. Clamped between 10 and 200.

Example: pageSize=100
No request payload

Responses

OK

Bodyapplication/json
dataArray of objects(SubjectGroupDto)required

Data returned by request

Example: [{"properties":{"description":"All administrators in the tenant","memberCount":5},"type":"Group","id":"00000000-0000-0000-0000-000000000000","displayName":"John Doe","tenant":"00000000-0000-0000-0000-000000000000","subjectId":"user-00000000-0000-0000-0000-000000000000"}]
idstringrequired

The unique identifier of the subject within its type.

Example: "00000000-0000-0000-0000-000000000000"
displayNamestringrequired

A human-readable display name for the subject.

Example: "John Doe"
tenantstring or null

The tenant this subject belongs to. null for global subjects.

Example: "00000000-0000-0000-0000-000000000000"
subjectIdstringread-onlyrequired

The fully-qualified subject identifier in the format type-id.

Example: "user-00000000-0000-0000-0000-000000000000"
typestringread-onlyrequired

The type of subject: User, Client, or Group.

Enum"User""Client""Anonymous""Group"
propertiesobjectread-onlyrequired

Type-specific additional data about the subject. Shape depends on Aritma.IAM.V2.SubjectDto.Type.

Example: {"description":"All administrators in the tenant","memberCount":5}
descriptionstringrequired

A short description of the group's purpose.

Example: "All administrators in the tenant"
memberCountinteger(int32)required

The number of members currently in the group.

Example: 5
pageinteger(int32)required

The current page which is fetched

Example: 1
pageSizeinteger(int32)required

The current page size

Example: 100
countinteger(int32)read-onlyrequired

The count of entries on the current page

Example: 3
totalinteger(int32)required

Total entries across all pages.

Example: 3
totalPagesinteger(int32)read-onlyrequired

The total number of pages based on Aritma.IAM.V2.PaginatedIamResponse1.Total and Aritma.IAM.V2.PaginatedIamResponse1.PageSize.

Example: 1
Response
application/json
{
  "page": 1,
  "pageSize": 100,
  "count": 3,
  "total": 3,
  "totalPages": 1,
  "data": [
    {}
  ]
}

Creates a new subject group

Request

Security
authorization_code_with_pkce(Required scopes:
services.iam
) or client_credentials(Required scopes:
services.iam
)
Bodyapplication/json

Group creation parameters

displayNamestringrequired
descriptionstringrequired
application/json
{
  "displayName": "string",
  "description": "string"
}

Responses

OK

Bodyapplication/json
idstringrequired

The unique identifier of the subject within its type.

Example: "00000000-0000-0000-0000-000000000000"
displayNamestringrequired

A human-readable display name for the subject.

Example: "John Doe"
tenantstring or null

The tenant this subject belongs to. null for global subjects.

Example: "00000000-0000-0000-0000-000000000000"
subjectIdstringread-onlyrequired

The fully-qualified subject identifier in the format type-id.

Example: "user-00000000-0000-0000-0000-000000000000"
typestringread-onlyrequired

The type of subject: User, Client, or Group.

Enum"User""Client""Anonymous""Group"
propertiesobjectread-onlyrequired

Type-specific additional data about the subject. Shape depends on Aritma.IAM.V2.SubjectDto.Type.

Example: {"description":"All administrators in the tenant","memberCount":5}
descriptionstringrequired

A short description of the group's purpose.

Example: "All administrators in the tenant"
memberCountinteger(int32)required

The number of members currently in the group.

Example: 5
Response
application/json
{
  "properties": {
    "description": "All administrators in the tenant",
    "memberCount": 5
  },
  "type": "Group",
  "id": "00000000-0000-0000-0000-000000000000",
  "displayName": "John Doe",
  "tenant": "00000000-0000-0000-0000-000000000000",
  "subjectId": "user-00000000-0000-0000-0000-000000000000"
}

Deletes a subject group

Request

Security
authorization_code_with_pkce(Required scopes:
services.iam
) or client_credentials(Required scopes:
services.iam
)
Path
groupIdstring(uuid)required

The id of the subject group

No request payload

Responses

No Content

Response
No content

Gets the permissions of a group

Request

Security
authorization_code_with_pkce(Required scopes:
services.iam
) or client_credentials(Required scopes:
services.iam
)
Path
groupIdstringrequired

The group id

Query
resourceTypestring

Filters results to policies on resources of this type.

Example: resourceType=subscriptions
resourceProviderstring

Filters results to policies on resources from this provider.

Example: resourceProvider=aritma.control
actionstring

Filters results to policies granting this action.

Example: action=iam.policy.read
No request payload

Responses

OK

Bodyapplication/json
policiesArray of objects(PolicyDto)required

The policies that applies to the subject, filtered to scopes the requesting party has read access on.

Example: [{"subject":"user-00000000-0000-0000-0000-000000000000","scope":"/subscriptions/123","action":"iam.policy.read","tenant":"00000000-0000-0000-0000-000000000000"}]
subjectstringrequired

The subject identifier the policy applies to.

Example: "user-00000000-0000-0000-0000-000000000000"
scopestringrequired

The resource scope the policy applies to.

Example: "/subscriptions/123"
actionstringrequired

The action permitted by this policy.

Example: "iam.policy.read"
tenantstringrequired

The tenant this policy belongs to.

Example: "00000000-0000-0000-0000-000000000000"
tenantRolesArray of stringsrequired

The tenant-level OIDC roles assigned to the subject.

Example: ["TenantAdmin"]
subjectstringrequired

The subject identifier this response is for.

Example: "user-00000000-0000-0000-0000-000000000000"
Response
application/json
{
  "tenantRoles": [
    "TenantAdmin"
  ],
  "subject": "user-00000000-0000-0000-0000-000000000000",
  "policies": [
    {}
  ]
}

Gets the subjects within a subject group

Request

Security
authorization_code_with_pkce(Required scopes:
services.iam
) or client_credentials(Required scopes:
services.iam
)
Path
groupSubjectIdstring(uuid)required

The id of the subject group

Query
pageinteger(int32)

The page number to retrieve.

Example: page=1
pageSizeinteger(int32)

The number of items to return per page. Clamped between 10 and 200.

Example: pageSize=100
No request payload

Responses

OK

Bodyapplication/json
dataArray of UserSubjectDto (object) or ClientSubjectDto (object) or SubjectGroupDto (object)required

Data returned by request

Example: [{"id":"00000000-0000-0000-0000-000000000000","displayName":"John Doe","tenant":"00000000-0000-0000-0000-000000000000","subjectId":"user-00000000-0000-0000-0000-000000000000","properties":{"username":"john.doe@aritma.com","email":"john.doe@aritma.com","phoneNumber":"+47 123 45 678"},"type":"User"},{"properties":{"iconUri":"https://aritma.com/favicon.ico","description":"Internal billing service"},"type":"Client","id":"00000000-0000-0000-0000-000000000000","displayName":"John Doe","tenant":"00000000-0000-0000-0000-000000000000","subjectId":"user-00000000-0000-0000-0000-000000000000"},{"properties":{"description":"All administrators in the tenant","memberCount":5},"type":"Group","id":"00000000-0000-0000-0000-000000000000","displayName":"John Doe","tenant":"00000000-0000-0000-0000-000000000000","subjectId":"user-00000000-0000-0000-0000-000000000000"}]
One of:

Base representation of a subject (user, client, or group) within the IAM system. The concrete type is indicated by the $type discriminator property.

idstringrequired

The unique identifier of the subject within its type.

Example: "00000000-0000-0000-0000-000000000000"
displayNamestringrequired

A human-readable display name for the subject.

Example: "John Doe"
tenantstring or null

The tenant this subject belongs to. null for global subjects.

Example: "00000000-0000-0000-0000-000000000000"
subjectIdstringread-onlyrequired

The fully-qualified subject identifier in the format type-id.

Example: "user-00000000-0000-0000-0000-000000000000"
typestringread-onlyrequired

The type of subject: User, Client, or Group.

Enum"User""Client""Anonymous""Group"
propertiesobjectread-onlyrequired

Type-specific additional data about the subject. Shape depends on Aritma.IAM.V2.SubjectDto.Type.

Example: {"username":"john.doe@aritma.com","email":"john.doe@aritma.com","phoneNumber":"+47 123 45 678"}
usernamestringrequired

The user's login username.

Example: "john.doe@aritma.com"
emailstringrequired

The user's email address.

Example: "john.doe@aritma.com"
phoneNumberstringrequired

The user's phone number.

Example: "+47 123 45 678"
pageinteger(int32)required

The current page which is fetched

Example: 1
pageSizeinteger(int32)required

The current page size

Example: 100
countinteger(int32)read-onlyrequired

The count of entries on the current page

Example: 3
totalinteger(int32)required

Total entries across all pages.

Example: 3
totalPagesinteger(int32)read-onlyrequired

The total number of pages based on Aritma.IAM.V2.PaginatedIamResponse1.Total and Aritma.IAM.V2.PaginatedIamResponse1.PageSize.

Example: 1
Response
application/json
{
  "page": 1,
  "pageSize": 100,
  "count": 3,
  "total": 3,
  "totalPages": 1,
  "data": [
    {},
    {},
    {}
  ]
}

Adds a member to a subject group

Request

Security
authorization_code_with_pkce(Required scopes:
services.iam
) or client_credentials(Required scopes:
services.iam
)
Path
groupSubjectIdstring(uuid)required

The id of the subject group

Bodyapplication/json

The mutation request

subjectIdsArray of stringsrequired

The list of subject identifiers to add or remove. Each entry must be a valid subject string in the format type-id, e.g. user-00000000-0000-0000-0000-000000000000 or user-00000000-0000-0000-0000-000000000000.

application/json
{
  "subjectIds": [
    "string"
  ]
}

Responses

OK

Bodyapplication/jsonArray [
groupIdstring(uuid)required

The identifier of the subject group.

Example: "00000000-0000-0000-0000-000000000000"
subjectIdstringrequired

The fully-qualified subject identifier of the member, in the format type-id.

Example: "user-00000000-0000-0000-0000-000000000000"
]
Response
application/json
[
  {
    "groupId": "00000000-0000-0000-0000-000000000000",
    "subjectId": "user-00000000-0000-0000-0000-000000000000"
  }
]

Removes a member from a subject group

Request

Security
authorization_code_with_pkce(Required scopes:
services.iam
) or client_credentials(Required scopes:
services.iam
)
Path
groupSubjectIdstring(uuid)required

The id of the subject group

Bodyapplication/json

The mutation request

subjectIdsArray of stringsrequired

The list of subject identifiers to add or remove. Each entry must be a valid subject string in the format type-id, e.g. user-00000000-0000-0000-0000-000000000000 or user-00000000-0000-0000-0000-000000000000.

application/json
{
  "subjectIds": [
    "string"
  ]
}

Responses

No Content

Response
No content

Gets user subjects

Request

Security
authorization_code_with_pkce(Required scopes:
services.iam
) or client_credentials(Required scopes:
services.iam
)
Query
searchQuerystring

Filters results to entries whose name contains this value. Leave empty to return all entries.

Example: searchQuery=john
pageinteger(int32)

The page number to retrieve.

Example: page=1
pageSizeinteger(int32)

The number of items to return per page. Clamped between 10 and 200.

Example: pageSize=100
No request payload

Responses

OK

Bodyapplication/json
dataArray of objects(UserSubjectDto)required

Data returned by request

Example: [{"id":"00000000-0000-0000-0000-000000000000","displayName":"John Doe","tenant":"00000000-0000-0000-0000-000000000000","subjectId":"user-00000000-0000-0000-0000-000000000000","properties":{"username":"john.doe@aritma.com","email":"john.doe@aritma.com","phoneNumber":"+47 123 45 678"},"type":"User"}]
idstringrequired

The unique identifier of the subject within its type.

Example: "00000000-0000-0000-0000-000000000000"
displayNamestringrequired

A human-readable display name for the subject.

Example: "John Doe"
tenantstring or null

The tenant this subject belongs to. null for global subjects.

Example: "00000000-0000-0000-0000-000000000000"
subjectIdstringread-onlyrequired

The fully-qualified subject identifier in the format type-id.

Example: "user-00000000-0000-0000-0000-000000000000"
typestringread-onlyrequired

The type of subject: User, Client, or Group.

Enum"User""Client""Anonymous""Group"
propertiesobjectread-onlyrequired

Type-specific additional data about the subject. Shape depends on Aritma.IAM.V2.SubjectDto.Type.

Example: {"username":"john.doe@aritma.com","email":"john.doe@aritma.com","phoneNumber":"+47 123 45 678"}
usernamestringrequired

The user's login username.

Example: "john.doe@aritma.com"
emailstringrequired

The user's email address.

Example: "john.doe@aritma.com"
phoneNumberstringrequired

The user's phone number.

Example: "+47 123 45 678"
pageinteger(int32)required

The current page which is fetched

Example: 1
pageSizeinteger(int32)required

The current page size

Example: 100
countinteger(int32)read-onlyrequired

The count of entries on the current page

Example: 3
totalinteger(int32)required

Total entries across all pages.

Example: 3
totalPagesinteger(int32)read-onlyrequired

The total number of pages based on Aritma.IAM.V2.PaginatedIamResponse1.Total and Aritma.IAM.V2.PaginatedIamResponse1.PageSize.

Example: 1
Response
application/json
{
  "page": 1,
  "pageSize": 100,
  "count": 3,
  "total": 3,
  "totalPages": 1,
  "data": [
    {}
  ]
}

Gets the permissions of a user

Request

Security
authorization_code_with_pkce(Required scopes:
services.iam
) or client_credentials(Required scopes:
services.iam
)
Path
userIdstringrequired

The user id

Query
resourceTypestring

Filters results to policies on resources of this type.

Example: resourceType=subscriptions
resourceProviderstring

Filters results to policies on resources from this provider.

Example: resourceProvider=aritma.control
actionstring

Filters results to policies granting this action.

Example: action=iam.policy.read
No request payload

Responses

OK

Bodyapplication/json
policiesArray of objects(PolicyDto)required

The policies that applies to the subject, filtered to scopes the requesting party has read access on.

Example: [{"subject":"user-00000000-0000-0000-0000-000000000000","scope":"/subscriptions/123","action":"iam.policy.read","tenant":"00000000-0000-0000-0000-000000000000"}]
subjectstringrequired

The subject identifier the policy applies to.

Example: "user-00000000-0000-0000-0000-000000000000"
scopestringrequired

The resource scope the policy applies to.

Example: "/subscriptions/123"
actionstringrequired

The action permitted by this policy.

Example: "iam.policy.read"
tenantstringrequired

The tenant this policy belongs to.

Example: "00000000-0000-0000-0000-000000000000"
tenantRolesArray of stringsrequired

The tenant-level OIDC roles assigned to the subject.

Example: ["TenantAdmin"]
subjectstringrequired

The subject identifier this response is for.

Example: "user-00000000-0000-0000-0000-000000000000"
Response
application/json
{
  "tenantRoles": [
    "TenantAdmin"
  ],
  "subject": "user-00000000-0000-0000-0000-000000000000",
  "policies": [
    {}
  ]
}

User

Actions related to Aritma ID users

Operations