Update Workflow Resource Permission

This API is used to update resource permission for request execution, and user task-level RBAC of workflows. The user can assign and unassign resource permissions based on the action provided in the API payload. They can update the request resource permission of a workflow for any resource only if the user has workflow request permission.

Before you begin

  • Session ID is obtained from the login API.
  • Ensure that the session ID is valid and has not expired.

Request Structure

Endpoint: /visualworkflow-update-workflow-resource-permission
Type: POST
Sample URL: https://<IP/HostName/TenantName>:<GWPORT>/avxapi/visualworkflow-update-workflow-resource-permission?gwsource=external

To understand the elements of the sample URL, click here.
Headers:
Content-Type: application/json
Table 1. Input Parameters
Name Description
sessionId (or) Token

Header

 (Mandatory) Use either Session Id or Token received after login.

Type: String

Example: "sessionId": "ce7f1a14-2bf9-4e4a-89a8-bc780a255813"
gwsource

Query

 (Mandatory) Source from which the request is triggered. The values can be:

Type: String

  • web
  • external
Payload

String

 (Mandatory) Input data for request body in application/json format. For payload details, see Payload section.

Payload

Name Description
workflowNames

List<String>

 (Mandatory) Name of the workflow(s) to which the permission should be updated for resources.

Example:[ "Update Resource Workflow"]
resources

List<String>

 (Mandatory) Resource name(s).

Example:[ "ak_resource", "CLM Level1 Approver" ]
action

String

 (Optional) assign/unassign. The default action will be “assign”.

Example:assign

Response Structure

  • Status Code: 202 Accepted
  • Message: ACF assignment initiated for the given role.
  • Headers:
    • Content-Type: application/json
Table 2. Response Parameters
Name Description
response Contains the response attributes for ACF assignment initiated for the given role.
message Success message or failure description in case of error.
appStatusCode Application specific status code for the response. Will be non-null for failure response.
tags More info in case of failure response.

Status Codes

HTTP Code appStatusCode Response Message
200 OK null 
{"SuccessWorkflows": ["<WorkflowName>"],
        "PartiallyUpdated or FailedWorkflows": ["<Failed workflow name if any>"]
}
500 WORKFLOW_1000 Invalid input from the client.

Possible Remediation: Provide a valid payload, or workflow name, or resource, or action value.
400 Bad Request VALIDATION_ERROR_0006 Invalid '%s'::[Invalid '%s'. Field: workflowName].

Possible Remediation: Any one or few of the WorkflowName provided in the workflowNames array has invalid characters.
400 Bad Request VALIDATION_ERROR_0006 Invalid '%s'::[Invalid '%s'. Field: resource].

Possible Remediation: Any one or few of the resource name provided in the resources array has invalid characters.
400 Bad Request VALIDATION_ERROR_0008 %s' cannot exceed '%s' characters::['workflowName' cannot exceed '255' characters]

Possible Remediation: Any one or few of the WorkflowName provided in the workflowNames array has invalid length. Lenght must be between 2 to 255.
400 Bad Request VALIDATION_ERROR_0008 '%s' cannot exceed '%s' characters::['resource' cannot exceed '128' characters]

Possible Remediation: Any one or few of the resource name provided in the resources array has invalid length. Lenght must be between 2 to 128.
400 Bad Request VALIDATION_ERROR_0001 Validation Failure: Field ${key} is empty::[Validation Failure: Field ${key} is empty. Field: resource]

Possible Remediation: Any one or few of the resource name provided in the resources array is empty string or null.
400 Bad Request VALIDATION_ERROR_0001 Validation Failure: Field ${key} is empty::[Validation Failure: Field ${key} is empty. Field: workflowName]

Possible Remediation: Any one or few of the WorkflowName provided in the workflowNames array is empty string or null.

Sample Request/Response

Use Case
  1. Workflow Request ACL Permission Update: Resource ACL permissions can now be assigned or unassigned for workflow requests.
  2. User Interface Palette ACL Permissions:
    • RBAC permissions for user tasks can be assigned or unassigned at the task level within workflows.
    • For form tasks, submit permission will be provided during assignment.
    • For other user tasks, read-write (RW) permission will be granted.
  3. Audit Log Enhancements: Audit logs will now include workflow names for which resource permissions were successfully updated, as well as those for which updates failed.
Sample Request
https://<IP/HostName/TenantName>:<GWPORT>/avxapi/visualworkflow-update-workflow-resource-permission?gwsource=external
Request Payload
{
    "payload": {
  "workflowNames": [
    "Update Resource Workflow"
  ],
  "resources": [
    "ak_resource",
    "CLM Level1 Approver"
  ],
  "action":"assign/unassign"
}
}
Sample Response
 {
 "response": {
    "SuccessWorkflows": [
      "Update Resource Workflow"
     ],
     "PartiallyUpdated or FailedWorkflows": []
 }
 "message": "{SuccessWorkflows=[Update Resource Workflow], PartiallyUpdated or FailedWorkflows=[]}
 "appStatusCode": "WORKFLOW_1611",
 "tags": null,
 "headers": null
 }

What's Next

Reference

Understanding the sample URL:
  • IP/HostName/TenantName: Replace with the actual IP address, hostname, or tenant name based on the specific configuration in AppViewX.
    • IP: A unique identifier assigned to each device connected to a computer network that uses the Internet Protocol for communication

      The IP address will be included in the endpoint URL for an on-prem deployment.

    • HostName: A human-readable label assigned to a device (host) on a network

      The hostname will be included in the endpoint URL for an on-prem deployment.

    • TenantName: An identifier label for a tenant given to indicate which tenant's data the API request will access/modify

      The tenant name will be included in the endpoint URL for a SaaS deployment.

  • GWPORT: AppViewX gateway port

    A gateway port refers to a network port through which data is sent and received to communicate with a gateway in an on-prem deployment.

    Example: 31443

  • avxapi: Path parameter value (static) that is part of the endpoint's URL
  • Endpoint: Endpoint of the API, for example: execute-hook
  • gwsource: Source or origin of a gateway, for example: external.