List all permission configs

get /platform/iam/v1/role/permission-config

Returns the current list of permissions available for the specified tenant. Each permission includes:

name: Display name of the permission as shown in the UI.
view_name: Permission key for the "View" option, used in role creation APIs.
action_name: Permission key for the "View/Edit" option, used in role creation APIs.

Intended use: Use this endpoint to identify the correct permission keys corresponding to the display names visible in the UI.
Note - The response mirrors how permissions are organized and displayed in the UI (by category and subcategory).

CLIENT REQUEST

          curl -X 'GET'

        -H
        'Accept: application/json'
      
      'https://api-cortex.paloaltonetworks.com/platform/iam/v1/role/permission-config'

import http.client

conn = http.client.HTTPSConnection("api-")

conn.request("GET", "%7Bfqdn%7D/platform/iam/v1/role/permission-config")

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))

require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://api-/%7Bfqdn%7D/platform/iam/v1/role/permission-config")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body

const data = null;

const xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://api-/%7Bfqdn%7D/platform/iam/v1/role/permission-config");

xhr.send(data);

HttpResponse<String> response = Unirest.get("https://api-/%7Bfqdn%7D/platform/iam/v1/role/permission-config")
  .asString();

import Foundation

let request = NSMutableURLRequest(url: NSURL(string: "https://api-/%7Bfqdn%7D/platform/iam/v1/role/permission-config")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "GET"

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()

<?php

$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://api-/%7Bfqdn%7D/platform/iam/v1/role/permission-config",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "GET",
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

CURL *hnd = curl_easy_init();

curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "GET");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-/%7Bfqdn%7D/platform/iam/v1/role/permission-config");

CURLcode ret = curl_easy_perform(hnd);

var client = new RestClient("https://api-/%7Bfqdn%7D/platform/iam/v1/role/permission-config");
var request = new RestRequest(Method.GET);
IRestResponse response = client.Execute(request);

Responses

Successfully retrieved permission configs

Body

application/json

dataobjectrequired

metadataobject

Metadata for the response

Free-Form object

RESPONSE
{
  "data": {
    "rbac_permissions": [
      {
        "category_name": "Dashboards & Reports",
        "sub_categories": [
          {
            "sub_category_name": null,
            "permissions": [
              {
                "name": "Dashboards",
                "view_name": "dashboard_view",
                "action_name": "dashboard_action",
                "sub_permissions": []
              },
              {
                "name": "Reports",
                "view_name": "reports_view",
                "action_name": "reports_action",
                "sub_permissions": []
              }
            ]
          }
        ]
      },
      {
        "category_name": "Investigation & Response",
        "sub_categories": [
          {
            "sub_category_name": "Search",
            "permissions": [
              {
                "name": "Query Center",
                "view_name": "investigation_query_view",
                "action_name": "investigation_query_action",
                "sub_permissions": []
              }
            ]
          },
          {
            "sub_category_name": "Response",
            "permissions": [
              {
                "name": "Action Center",
                "view_name": "actions_center",
                "action_name": "actions_center_action",
                "sub_permissions": [
                  {
                    "action_name": "isolate",
                    "name": "Isolate"
                  },
                  {
                    "action_name": "quarantine",
                    "name": "Quarantine"
                  }
                ]
              }
            ]
          }
        ]
      }
    ],
    "datasetGroups": [
      {
        "datasets": [
          "alerts",
          "cases",
          "endpoints",
          "incidents"
        ],
        "dataset_category": "System"
      },
      {
        "datasets": [],
        "dataset_category": "Lookup"
      }
    ]
  }
}

Unauthorized access

Body

application/json

RESPONSE
{
  "reply": {
    "err_code": 401,
    "err_msg": "Public API request unauthorized",
    "err_extra": null
  }
}

Unauthorized access due to lack of sufficient permissions

Body

application/json

replyobject

err_msgstringrequired

err_extrastring

err_codeinteger

metadataobjectrequired

RESPONSE
{
  "reply": {
    "err_code": 403,
    "err_msg": "Forbidden. Access was denied to this resource.",
    "err_extra": "Insufficient permissions for api key",
    "metadata": {}
  }
}

Internal server error. A unified status for API communication type errors.