API v2: User Collection Management 🆕¶
Overview¶
User collection management provides direct assignment of users to collections with specific access policies. This complements group-based access and allows for granular per-user collection permissions outside of role-based access control.
Data Structures¶
Attribute |
Type |
Required |
Description |
|---|---|---|---|
|
string |
Read-only. User collection access identifier. |
|
|
string |
yes |
Immutable. User identifier. Uniqueness is required in the combination of attribute |
|
string |
yes |
Immutable. Collection identifier. Uniqueness is required in the combination of attribute |
|
string {view_on_request, view, edit_on_request, full_edit}; Default value |
yes |
Access policy level. |
|
string |
Read-only; expensive to use. User name. |
|
|
string |
Read-only; expensive to use. Collection name. |
|
|
datetime |
Read-only. Timestamp of creation. |
|
|
datetime |
Read-only. Timestamp of modification. |
|
|
boolean |
Read-only. |
Retrieve Available Attributes of the UserCollectionModel¶
Request
Method |
|
Path |
|
GET /api/v2/objspec/user_collection
Example Request
curl -s -k -X GET \
-H 'Authorization: <token>' \
'https://10.31.135.179/api/v2/objspec/user_collection'
To check allowed methods, available URL parameters and possible responses please refer to the API Overview section.
List User Collections¶
Request
Method |
|
Path |
|
GET /api/v2/user/collection
Example Request
curl -s -k -X GET \
-H 'Authorization: <token>' \
'https://10.31.135.179/api/v2/user/collection'
Response
{
"result": "success",
"user_collection": [
{
"id": "8754997675608244225",
"user_id": "8754997675608244225",
"collection_id": "8754997675608244225",
"access_policy": "view_on_request",
"user_name": "admin",
"collection_name": "Development Team",
"created_at": "2026-03-25T02:02:41Z"
}
]
}
Create User Collection Assignment¶
Request
Method |
|
Path |
|
Body |
|
POST /api/v2/user/collection
Example Request
curl -s -k -X POST \
-H 'Authorization: <token>' \
-H 'Content-Type: application/json' \
-d '{
"user_id": "8754997675608244227",
"collection_id": "8754997675608244225",
"access_policy": "edit_on_request"
}' \
'https://10.31.135.179/api/v2/user/collection'
Response
{
"result": "success",
"user_collection": [
{
"id": "8754997675608244230",
"user_id": "8754997675608244227",
"collection_id": "8754997675608244225",
"access_policy": "edit_on_request",
"user_name": "jdoe",
"collection_name": "Development Team"
}
]
}
Update User Collection Assignment¶
Request
Method |
|
Path |
|
Body |
|
PATCH /api/v2/user/<user_id>/collection/<collection_id>
Example Request
curl -s -k -X PATCH \
-H 'Authorization: <token>' \
-H 'Content-Type: application/json' \
-d '{
"access_policy": "full_edit"
}' \
'https://10.31.135.179/api/v2/user/8754997675608244227/collection/8754997675608244225'
Response
{
"result": "success"
}
Remove User Collection Assignment¶
Request
Method |
|
Path |
|
DELETE /api/v2/user/<user_id>/collection/<collection_id>
Example Request
curl -s -k -X DELETE \
-H 'Authorization: <token>' \
'https://10.31.135.179/api/v2/user/8754997675608244227/collection/8754997675608244225'
Response
{
"result": "success"
}
Note
User collection management provides:
Direct user assignments: Bypass group membership for specific collection access
Flexible access policies: Four levels from view-on-request to full-edit
Individual control: Per-user customization of collection access
Audit capabilities: Track direct user-to-collection relationships
Warning
Access policy levels:
view_on_request: Users must request access to view secretsview: Users can view secrets without approvaledit_on_request: Users must request access to modify secretsfull_edit: Users can modify secrets without approval
User collection assignments complement but do not override group-based permissions or role capabilities.