Resolve a user's effective permissions within an organization. This aggregates capabilities from all assigned roles, deduplicates them, and determines the user's department scope.
GEThttps://api.aitronos.com/v1/organizations/{organization_id}/users/{user_id}/effective-permissions
organization_id string required
Organization ID (org_ prefixed string).
user_id string required
User ID to resolve permissions for (usr_ prefixed string).
An effective permissions object containing:
user_id- The user whose permissions were resolvedcapabilities- Deduplicated list of all capability strings from assigned rolesdepartment_scope- Either"global"(for users withoverride_all_permissions) or an array of department IDsrole_ids- List of all role IDs assigned to this userresolved_at- ISO 8601 timestamp of when permissions were resolved
cURL
- Bash
- Python
- Python
- JavaScript
curl "https://api.aitronos.com/v1/organizations/org_abc123/users/usr_target456/effective-permissions" \
-H "Authorization: Bearer $ACCESS_TOKEN"| Capability | Description |
|---|---|
manage_users | Manage user accounts within scope |
invite_users | Send invitations to new users |
deactivate_users | Deactivate user accounts |
remove_users | Remove users from organization |
manage_departments | Create and manage departments |
create_subdepartments | Create sub-departments |
reparent_departments | Move departments in hierarchy |
manage_roles | Create and edit roles |
assign_roles | Assign roles to users |
view_audit_log | View audit log entries |
export_audit_log | Export audit log data |
manage_knowledge_slices | Manage knowledge slice access |
manage_billing | Manage billing and subscriptions |
override_all_permissions | Full access across all departments |