# Get UI access manifest

Returns boolean flags indicating which pages and actions the specified user can access in the UI, based on their effective permissions in the organization.

Resolves the user's effective permissions and maps them to page visibility and action availability flags. This endpoint is read-only and does not enforce permissions -- it reports them so the frontend can control navigation and button visibility.

Users with `override_all_permissions` (e.g., Owner, Admin) will have all flags set to `true`. Pages with no required capabilities (organization, my_team, departments, roles) are always visible to organization members.

#### Path Parameters

**`organization_id`** string required

The unique identifier of the organization (format: `org_*`).

**`user_id`** string required

The unique identifier of the user to check access for (format: `usr_*`).

## Returns

A `UIAccessResponse` object containing the user's page and action access flags.

**`user_id`** string -- The user ID.

**`organization_id`** string -- The organization ID.

**`pages`** object -- Boolean flags for page visibility:

- `organization` -- Organization settings page (always visible)
- `my_team` -- Team overview page (always visible)
- `departments` -- Department management page (always visible, read-only)
- `roles` -- Role management page (always visible, read-only)
- `audit_log` -- Audit log page (requires `view_audit_log`)
- `billing` -- Billing page (requires `manage_billing`)
- `knowledge` -- Knowledge management page (requires `manage_knowledge_slices`)


**`actions`** object -- Boolean flags for action availability:

- `invite_user` -- Can invite users (requires `invite_users`)
- `deactivate_user` -- Can deactivate users (requires `deactivate_users`)
- `remove_user` -- Can remove users (requires `remove_users`)
- `manage_roles` -- Can manage roles (requires `manage_roles`)
- `assign_roles` -- Can assign roles (requires `assign_roles`)
- `manage_departments` -- Can manage departments (requires `manage_departments`)
- `create_subdepartment` -- Can create subdepartments (requires `create_subdepartments`)
- `reparent_department` -- Can reparent departments (requires `reparent_departments`)
- `manage_knowledge` -- Can manage knowledge (requires `manage_knowledge_slices`)
- `view_audit_log` -- Can view audit log (requires `view_audit_log`)
- `export_audit_log` -- Can export audit log (requires `export_audit_log`)
- `manage_billing` -- Can manage billing (requires `manage_billing`)


Request

```bash cURL
curl -s -X GET "https://api.aitronos.com/v1/organizations/org_abc123/users/usr_def456/ui-access" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" | python3 -m json.tool
```


```python Python SDK
from aitronos import Aitronos

client = Aitronos(api_key="your-api-key")

result = client.users.get_ui_access(
    organization_id="org_abc123",
    user_id="usr_def456",
)
print(result)
```


```python Python
import requests

response = requests.get(
    "https://api.aitronos.com/v1/organizations/org_abc123/users/usr_def456/ui-access",
    headers={"Authorization": "Bearer YOUR_ACCESS_TOKEN"},
)
print(response.json())
```


```javascript JavaScript
const response = await fetch(
  "https://api.aitronos.com/v1/organizations/org_abc123/users/usr_def456/ui-access",
  {
    headers: {
      Authorization: "Bearer YOUR_ACCESS_TOKEN",
    },
  }
);
const data = await response.json();
console.log(data);
```

Response

```json 200 OK (Owner)
{
  "user_id": "usr_def456",
  "organization_id": "org_abc123",
  "pages": {
    "organization": true,
    "my_team": true,
    "departments": true,
    "roles": true,
    "audit_log": true,
    "billing": true,
    "knowledge": true
  },
  "actions": {
    "invite_user": true,
    "deactivate_user": true,
    "remove_user": true,
    "manage_roles": true,
    "assign_roles": true,
    "manage_departments": true,
    "create_subdepartment": true,
    "reparent_department": true,
    "manage_knowledge": true,
    "view_audit_log": true,
    "export_audit_log": true,
    "manage_billing": true
  }
}
```


```json 200 OK (Member)
{
  "user_id": "usr_def456",
  "organization_id": "org_abc123",
  "pages": {
    "organization": true,
    "my_team": true,
    "departments": true,
    "roles": true,
    "audit_log": false,
    "billing": false,
    "knowledge": false
  },
  "actions": {
    "invite_user": false,
    "deactivate_user": false,
    "remove_user": false,
    "manage_roles": false,
    "assign_roles": false,
    "manage_departments": false,
    "create_subdepartment": false,
    "reparent_department": false,
    "manage_knowledge": false,
    "view_audit_log": false,
    "export_audit_log": false,
    "manage_billing": false
  }
}
```


```json 403 Forbidden
{
  "success": false,
  "error": {
    "code": "ORGANIZATION_ACCESS_DENIED",
    "message": "You don't have access to this organization.",
    "system_message": "User not member of organization",
    "type": "client_error",
    "status": 403,
    "details": {},
    "trace_id": "abc-123-def",
    "timestamp": "2026-02-28T12:00:00Z"
  }
}
```

## Related Resources

- [Get effective permissions](/docs/api-reference/organizations/roles/effective-permissions)
- [Invite user (v2)](/docs/api-reference/users/invite-v2)
- [Update memberships](/docs/api-reference/users/update-memberships)
- [Deactivate user](/docs/api-reference/users/deactivate)
- [Reactivate user](/docs/api-reference/users/reactivate)