Account

User's Grants View

get
https://api.linode.com/v4/account/users/{username}/grants

Returns the full grants structure for the specified account User (other than the account owner, see below for details). This includes all entities on the Account alongside the level of access this User has to each of them.

This command can only be accessed by the unrestricted users of an account.

The current authenticated User, including the account owner, may view their own grants at the /profile/grants endpoint, but will not see entities that they do not have access to.

Path Parameters

username
Required
string

The username to look up.

Request Samples

curl -H "Authorization: Bearer $TOKEN" \
    https://api.linode.com/v4/account/users/example_user/grants

Response Samples

{
  "global": {
    "add_linodes": true,
    "add_longview": true,
    "longview_subscription": true,
    "account_access": "read_only",
    "cancel_account": false,
    "add_domains": true,
    "add_stackscripts": true,
    "add_nodebalancers": true,
    "add_images": true,
    "add_volumes": true,
    "add_firewalls": true,
    "add_databases": true
  },
  "linode": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "database": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "domain": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "nodebalancer": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "image": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "longview": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "stackscript": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "volume": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ]
}

Responses

200: The User's grants.

global
object

A structure containing the Account-level grants a User has.

add_linodes
boolean

If true, this User may create Linodes.

add_longview
boolean

If true, this User may create Longview clients and view the current plan.

longview_subscription
boolean

If true, this User may manage the Account's Longview subscription.

account_access
Nullable
string
Enum: "read_only""read_write"

The level of access this User has to Account-level actions, like billing information. A restricted User will never be able to manage users.

cancel_account
boolean

If true, this User may cancel the entire Account.

add_domains
boolean

If true, this User may add Domains.

add_stackscripts
boolean

If true, this User may add StackScripts.

add_nodebalancers
boolean

If true, this User may add NodeBalancers.

add_images
boolean

If true, this User may add Images.

add_volumes
boolean

If true, this User may add Volumes.

add_firewalls
boolean

If true, this User may add Firewalls.

add_databases
boolean

if true, this User may add Managed Databases.

linode
array of objects

The grants this User has for each Linode that is owned by this Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: "read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

database
array of objects

The grants this User has for each Database that is owned by this Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: "read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

domain
array of objects

The grants this User has for each Domain that is owned by this Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: "read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

nodebalancer
array of objects

The grants this User has for each NodeBalancer that is owned by this Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: "read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

image
array of objects

The grants this User has for each Image that is owned by this Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: "read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

longview
array of objects

The grants this User has for each Longview Client that is owned by this Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: "read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

stackscript
array of objects

The grants this User has for each StackScript that is owned by this Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: "read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

volume
array of objects

The grants this User has for each Block Storage Volume that is owned by this Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: "read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

204: This is an unrestricted User, and therefore has no grants to return. This User may access everything on the Account and perform all actions.

default: Error

errors
array of objects
reason
string

What happened to cause this error. In most cases, this can be fixed immediately by changing the data you sent in the request, but in some cases you will be instructed to open a Support Ticket or perform some other action before you can complete the request successfully.

field
string

The field in the request that caused this error. This may be a path, separated by periods in the case of nested fields. In some cases this may come back as "null" if the error is not specific to any single element of the request.

User's Grants Update

put
https://api.linode.com/v4/account/users/{username}/grants

Update the grants a User has. This can be used to give a User access to new entities or actions, or take access away. You do not need to include the grant for every entity on the Account in this request; any that are not included will remain unchanged.

This command can only be accessed by the unrestricted users of an account.

Path Parameters

username
Required
string

The username to look up.

Request Body Schema

database
array

The grants this User has for each Database that is owned by this Account.

domain
array

The grants this User has for each Domain that is owned by this Account.

global
object

A structure containing the Account-level grants a User has.

add_linodes
boolean

If true, this User may create Linodes.

add_longview
boolean

If true, this User may create Longview clients and view the current plan.

longview_subscription
boolean

If true, this User may manage the Account's Longview subscription.

account_access
Nullable
string
Enum: "read_only""read_write"

The level of access this User has to Account-level actions, like billing information. A restricted User will never be able to manage users.

cancel_account
boolean

If true, this User may cancel the entire Account.

add_domains
boolean

If true, this User may add Domains.

add_stackscripts
boolean

If true, this User may add StackScripts.

add_nodebalancers
boolean

If true, this User may add NodeBalancers.

add_images
boolean

If true, this User may add Images.

add_volumes
boolean

If true, this User may add Volumes.

add_firewalls
boolean

If true, this User may add Firewalls.

add_databases
boolean

if true, this User may add Managed Databases.

image
array

The grants this User has for each Image that is owned by this Account.

linode
array

The grants this User has for each Linode that is owned by this Account.

longview
array

The grants this User has for each Longview Client that is owned by this Account.

nodebalancer
array

The grants this User has for each NodeBalancer that is owned by this Account.

stackscript
array

The grants this User has for each StackScript that is owned by this Account.

volume
array

The grants this User has for each Block Storage Volume that is owned by this Account.

Request Samples

curl -H "Content-Type: application/json" \
    -H "Authorization: Bearer $TOKEN" \
    -X PUT -d '{
        "global": {
          "add_linodes": true,
          "add_nodebalancers": false,
          "add_databases": true;
          "add_domains": true,
          "add_longview": false,
          "add_stackscripts": true,
          "longview_subscription": true,
          "add_images": true,
          "add_volumes": true,
          "add_firewalls": true,
          "account_access": "read_only",
          "cancel_account": false
        },
        "domain": [
          {
            "id": 123,
            "permissions": "read_only"
          }
        ],
        "image": [
          {
            "id": 123,
            "permissions": "read_only"
          }
        ],
        "linode": [
          {
            "id": 123,
            "permissions": "read_only"
          },
          {
            "id": 234,
            "permissions": "read_write"
          },
          {
            "id": 345,
            "permissions": "read_only"
          },
        ],
        "longview": [
          {
            "id": 123,
            "permissions": "read_only"
          },
          {
            "id": 234,
            "permissions": "read_write"
          }
        ],
        "nodebalancer": [
          {
            "id": 123,
            "permissions": "read_write"
          }
        ],
        "stackscript": [
          {
            "id": 123,
            "permissions": "read_only"
          },
          {
            "id": 124,
            "permissions": "read_write"
          }
        ],
        "volume": [
          {
            "id": 123,
            "permissions": "read_only"
          }
        ]
    }' \
    https://api.linode.com/v4/account/users/example_user/grants

Response Samples

{
  "global": {
    "add_linodes": true,
    "add_longview": true,
    "longview_subscription": true,
    "account_access": "read_only",
    "cancel_account": false,
    "add_domains": true,
    "add_stackscripts": true,
    "add_nodebalancers": true,
    "add_images": true,
    "add_volumes": true,
    "add_firewalls": true,
    "add_databases": true
  },
  "linode": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "database": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "domain": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "nodebalancer": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "image": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "longview": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "stackscript": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "volume": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ]
}

Responses

200: Grants updated successfully.

global
object

A structure containing the Account-level grants a User has.

add_linodes
boolean

If true, this User may create Linodes.

add_longview
boolean

If true, this User may create Longview clients and view the current plan.

longview_subscription
boolean

If true, this User may manage the Account's Longview subscription.

account_access
Nullable
string
Enum: "read_only""read_write"

The level of access this User has to Account-level actions, like billing information. A restricted User will never be able to manage users.

cancel_account
boolean

If true, this User may cancel the entire Account.

add_domains
boolean

If true, this User may add Domains.

add_stackscripts
boolean

If true, this User may add StackScripts.

add_nodebalancers
boolean

If true, this User may add NodeBalancers.

add_images
boolean

If true, this User may add Images.

add_volumes
boolean

If true, this User may add Volumes.

add_firewalls
boolean

If true, this User may add Firewalls.

add_databases
boolean

if true, this User may add Managed Databases.

linode
array of objects

The grants this User has for each Linode that is owned by this Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: "read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

database
array of objects

The grants this User has for each Database that is owned by this Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: "read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

domain
array of objects

The grants this User has for each Domain that is owned by this Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: "read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

nodebalancer
array of objects

The grants this User has for each NodeBalancer that is owned by this Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: "read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

image
array of objects

The grants this User has for each Image that is owned by this Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: "read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

longview
array of objects

The grants this User has for each Longview Client that is owned by this Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: "read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

stackscript
array of objects

The grants this User has for each StackScript that is owned by this Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: "read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

volume
array of objects

The grants this User has for each Block Storage Volume that is owned by this Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: "read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

default: Error

errors
array of objects
reason
string

What happened to cause this error. In most cases, this can be fixed immediately by changing the data you sent in the request, but in some cases you will be instructed to open a Support Ticket or perform some other action before you can complete the request successfully.

field
string

The field in the request that caused this error. This may be a path, separated by periods in the case of nested fields. In some cases this may come back as "null" if the error is not specific to any single element of the request.