How can I delete a permission using the API?

Good afternoon,

I have been trying for quite some time to remove permission for a password from my user via the API.
The ultimate goal would be to generate a password, share it with a group, and then remove the user from the API to prevent the password from being viewed by users other than the group.

Everything works except removing the user’s permission (in this case passbolt.api)

I have tried to do this using "DELETE /permissions/<permissionId>.json?api-version=v2 " but it is possible that I am not passing correctly the permissionId needed for this.

Could someone give me a hand?

Thanks in advance for your help !

Best Regards

Hi @antonio.rodriguez, I’ve been looking through the code and I could be wrong but it does not appear that deleting a permission is actually a function, even though the api guide mentions it.

It seems there is only GET:

Hi @garrett ,

Thanks for your response.

Reviewing the Nginx records, I see that to do the “Permission Removal”, the extension, does the following:

GET to get the permissions for the resource.
POST to simulate the modification of the resource.
POST to perform the modification of the resource.

I tried to replicate the same thing through the API without success.

Can you think of any way?

Thank you very much.

Best Regards.

That sounds right, but like you are saying it is performing the operation on a resource versus on a permission.

What you initially described took me a moment to understand because it would be a resource that is owned by nobody but shared with a group, if I understand correctly.

Maybe @remy can shed some light on whether what you ask is possible or if it will corrupt the database if you were to manually delete the permission that is for ownership, but leave permissions for a resource that are for reading. And whether this is an opportunity for us to contribute code or if the API specs need to change.


Yes the way to proceed when removing a permission is to push the updated permissions using the share endpoint. It is not possible to just drop a permission on a resource at the moment. We are open to adding a DELETE /permissions/uuid.json to the api if more people are interested.

The constraints for the permissions at the moment are as follow:

  • All the users must be active (and obviously exists)
  • There must be at least one owner
  • All the secrets must be made available (either because they were already available, or because they are pushed with the request).

@antonio.rodriguez if you post more information about the POST simulation and response we can help you sort it out.

@remy he was being guided by which I think is the source of confusion if there isn’t the functionality.

hmm, yeah that endpoint does not exist, i’ll remove the documentation

Hi, Remy and Garrett,

Thank you for your response.

I see quite interesting the implementation of DELETE PERMISSION since in view of a quite a lot of passwords update through API (let’s imagine that a member of the project leaves the project but doesn’t unsubscribe in the platform), it could facilitate quite a lot the work.


1 Like