How to remove user's access to a project using Web Services API

Document ID : KB000057514
Last Modified Date : 14/02/2018
Show Technical Document Details


How to remove user's access to a project using Web Services API?


In Web Services API object model there is a UserPermission object? with a User attribute which can be used in queries:

User-added image

WorkspacePermission and ProjectPermission objects in WS API are children of UserPermission object. Since ProjectPermission object inherits User attribute from UserPermission object it can be queried by User. Notice that unlike UserPermission object, the ProjectPermission has a DELETE endpoint:

User-added image

In this example we query by user reference: user/4170938364.
Here is a URL query equivalent of the query in the WS API interactive document: = /user/4170938364)

In order to delete a specific project permission of a specific user we need to get the unique ObjectID of this permission, hence the query above.
The screenshot above shows a note that Project attribute of ProjectPermission object cannot be used in queries.
This query will not work: = /user/4170938364)AND (Project = /project/12352814790))

and will return error:

QueryResult: {
Errors: [
"Could not parse: Attribute "Project" on type ProjectPermission is not allowed in query expressions."
Warnings: [ ],
TotalResultCount: 0,
Results: [ ]

Below are screenshots of the json result of this query: = /user/4170938364)

User-added image

We are interested in removing this user's access to project "Product1 (strategy)". One of the 19 results returned by this query is /projectpermission/4170938364u12352814790p2 we want to delete:

User-added image

In this example we delete it using a curl command. A browser REST client can also be used with the exact same endpoint.

curl --header "zsessionid:_abc123" -H "Content-Type: application/json" -X DELETE

This example is using API Key for authentiacation (?"zsessionid:_abc123" ) will work only in on-demand SaaS CA Agile Central. In on-premises environment a basic authentication method (?-u '!' ) can be used.? For more information see "How to use curl commands to hit WS API endpoints in on-premises CA Agile Central" article here.

If the curl command to delete the projectpermission is successful the result returned in the terminal does not contain any errors, but there is no explicit confirmation that the projectpermission was deleted:
{"OperationResult": {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "Errors": [], "Warnings": []}}

To confirm that it was indeed deleted, reload the same query = /user/4170938364)

Now there are 18 results, and permission for "Product 1 (strategy)" project is not found:

User-added image

User-added image

The success can also be verified by an administrator in the UI, on the user's details page, on the Setup tab.