Account

View User's grants

get
https://api.linode.com/v4/account/users/{username}/grants

Returns the full grants structure for this User. This includes all entities on the Account alongside what level of access this User has to each of them. Individual users may view their own grants at the /profile/grants endpoint, but will not see entities that they have no access to.

Authorizations

Personal Access Token
OAuth: ( account:read_only)

Path Parameters

username
Required
string

The username to look up.

Request Samples

curl -H "Authorization: Bearer $TOKEN" \
    https://api.linode.com/v4/account/users/example_user/grants

Response Samples

{
  "global": [
    {
      "add_linodes": true,
      "add_longview": true,
      "longview_subscription": true,
      "account_access": "read_only",
      "cancel_account": "",
      "add_domains": true,
      "add_stackscripts": true,
      "add_nodebalancers": true,
      "add_images": true,
      "add_volumes": true
    }
  ],
  "linode": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "domain": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "nodebalancer": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "image": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "longview": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "stackscript": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "volume": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ]
}

Responses

200: The User's grants.

global
object

A structure containing the Account-level grants a User has.

add_linodes
boolean

If true, this User may create Linodes.

add_longview
boolean

If true, this User may create Longview clients.

longview_subscription
boolean

If true, this User may manage the Account's Longview subscription.

account_access
Nullable
string
Enum: """read_only""read_write"

The level of access this User has to Account-level actions, like billing information. A restricted User will never be able to manage users.

cancel_account
boolean

If true, this User may cancel the entire Account.

add_domains
boolean

If true, this User may add Domains.

add_stackscripts
boolean

If true, this User may add StackScripts.

add_nodebalancers
boolean

If true, this User may add NodeBalancers.

add_images
boolean

If true, this User may add Images.

add_volumes
boolean

If true, this User may add Volumes.

linode
array of objects

The grants this User has pertaining to Linodes on this Account. There will be one entry per Linode on the Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: """read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

domain
array of objects

The grants this User has pertaining to Domains on this Account. There will be one entry per Domain on the Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: """read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

nodebalancer
array of objects

The grants this User has pertaining to NodeBalancers on this Account. There will be one entry per NodeBalancer on the Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: """read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

image
array of objects

The grants this User has pertaining to Images on this Account. There will be one entry per Image on the Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: """read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

longview
array of objects

The grants this User has pertaining to Longview Clients on this Account. There will be one entry per Longview Client on the Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: """read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

stackscript
array of objects

The grants this User has pertaining to StackScripts on this Account. There will be one entry per StackScript on the Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: """read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

volume
array of objects

The grants this User has pertaining to Volumes on this Account. There will be one entry per Volume on the Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: """read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

204: This is an unrestricted User, and therefore has no grants to return. This User may access everything on the Account and perform all actions.

default: Error

errors
array of objects
reason
string

What happened to cause this error. In most cases, this can be fixed immediately by changing the data you sent in the request, but in some cases you will be instructed to open a Support Ticket or perform some other action before you can complete the request successfully.

field
string

The field in the request that caused this error. This may be a path, separated by periods in the case of nested fields. In some cases this may come back as "null" if the error is not specific to any single element of the request.

Update User's grants

put
https://api.linode.com/v4/account/users/{username}/grants

Update the grants a User has. This can be used to give a User access to new entities or actions, or take access away. You do not need to include the grant for every entity on the Account in this request; any that are not included will remain unchanged.

Authorizations

Personal Access Token
OAuth: ( account:read_write)

Path Parameters

username
Required
string

The username to look up.

Request Body Schema

domain
array

The grants this User has pertaining to Domains on this Account. There will be one entry per Domain on the Account.

global
object

A structure containing the Account-level grants a User has.

add_linodes
boolean

If true, this User may create Linodes.

add_longview
boolean

If true, this User may create Longview clients.

longview_subscription
boolean

If true, this User may manage the Account's Longview subscription.

account_access
Nullable
string
Enum: """read_only""read_write"

The level of access this User has to Account-level actions, like billing information. A restricted User will never be able to manage users.

cancel_account
boolean

If true, this User may cancel the entire Account.

add_domains
boolean

If true, this User may add Domains.

add_stackscripts
boolean

If true, this User may add StackScripts.

add_nodebalancers
boolean

If true, this User may add NodeBalancers.

add_images
boolean

If true, this User may add Images.

add_volumes
boolean

If true, this User may add Volumes.

image
array

The grants this User has pertaining to Images on this Account. There will be one entry per Image on the Account.

linode
array

The grants this User has pertaining to Linodes on this Account. There will be one entry per Linode on the Account.

longview
array

The grants this User has pertaining to Longview Clients on this Account. There will be one entry per Longview Client on the Account.

nodebalancer
array

The grants this User has pertaining to NodeBalancers on this Account. There will be one entry per NodeBalancer on the Account.

stackscript
array

The grants this User has pertaining to StackScripts on this Account. There will be one entry per StackScript on the Account.

volume
array

The grants this User has pertaining to Volumes on this Account. There will be one entry per Volume on the Account.

Request Samples

curl -H "Content-Type: application/json" \
    -H "Authorization: Bearer $TOKEN" \
    -X PUT -d '{
        "global": {
          "add_linodes": true,
          "add_nodebalancers": false,
          "add_domains": true,
          "add_longview": false,
          "add_stackscripts": true,
          "longview_subscription": true,
          "add_images": true,
          "add_volumes": true,
          "account_access": "read_only",
          "cancel_account": false
        },
        "domain": [
          {
            "id": 123,
            "permissions": "read_only"
          }
        ],
        "image": [
          {
            "id": 123,
            "permissions": "read_only"
          }
        ],
        "linode": [
          {
            "id": 123,
            "permissions": "read_only"
          },
          {
            "id": 234,
            "permissions": "read_write"
          },
          {
            "id": 345,
            "permissions": "read_only"
          },
        ],
        "longview": [
          {
            "id": 123,
            "permissions": "read_only"
          },
          {
            "id": 234,
            "permissions": "read_write"
          }
        ],
        "nodebalancer": [
          {
            "id": 123,
            "permissions": "read_write"
          }
        ],
        "stackscript": [
          {
            "id": 123,
            "permissions": "read_only"
          },
          {
            "id": 124,
            "permissions": "read_write"
          }
        ],
        "volume": [
          {
            "id": 123,
            "permissions": "read_only"
          }
        ]
    }' \
    https://api.linode.com/v4/account/users/example_user/grants

Response Samples

{
  "global": [
    {
      "add_linodes": true,
      "add_longview": true,
      "longview_subscription": true,
      "account_access": "read_only",
      "cancel_account": "",
      "add_domains": true,
      "add_stackscripts": true,
      "add_nodebalancers": true,
      "add_images": true,
      "add_volumes": true
    }
  ],
  "linode": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "domain": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "nodebalancer": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "image": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "longview": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "stackscript": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ],
  "volume": [
    {
      "id": 123,
      "permissions": "read_only",
      "label": "example-entity"
    }
  ]
}

Responses

200: Grants updated successfully.

global
object

A structure containing the Account-level grants a User has.

add_linodes
boolean

If true, this User may create Linodes.

add_longview
boolean

If true, this User may create Longview clients.

longview_subscription
boolean

If true, this User may manage the Account's Longview subscription.

account_access
Nullable
string
Enum: """read_only""read_write"

The level of access this User has to Account-level actions, like billing information. A restricted User will never be able to manage users.

cancel_account
boolean

If true, this User may cancel the entire Account.

add_domains
boolean

If true, this User may add Domains.

add_stackscripts
boolean

If true, this User may add StackScripts.

add_nodebalancers
boolean

If true, this User may add NodeBalancers.

add_images
boolean

If true, this User may add Images.

add_volumes
boolean

If true, this User may add Volumes.

linode
array of objects

The grants this User has pertaining to Linodes on this Account. There will be one entry per Linode on the Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: """read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

domain
array of objects

The grants this User has pertaining to Domains on this Account. There will be one entry per Domain on the Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: """read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

nodebalancer
array of objects

The grants this User has pertaining to NodeBalancers on this Account. There will be one entry per NodeBalancer on the Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: """read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

image
array of objects

The grants this User has pertaining to Images on this Account. There will be one entry per Image on the Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: """read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

longview
array of objects

The grants this User has pertaining to Longview Clients on this Account. There will be one entry per Longview Client on the Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: """read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

stackscript
array of objects

The grants this User has pertaining to StackScripts on this Account. There will be one entry per StackScript on the Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: """read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

volume
array of objects

The grants this User has pertaining to Volumes on this Account. There will be one entry per Volume on the Account.

id
integer

The ID of the entity this grant applies to.

permissions
Nullable
string
Enum: """read_only""read_write"

The level of access this User has to this entity. If null, this User has no access.

label
string

The current label of the entity this grant applies to, for display purposes.

default: Error

errors
array of objects
reason
string

What happened to cause this error. In most cases, this can be fixed immediately by changing the data you sent in the request, but in some cases you will be instructed to open a Support Ticket or perform some other action before you can complete the request successfully.

field
string

The field in the request that caused this error. This may be a path, separated by periods in the case of nested fields. In some cases this may come back as "null" if the error is not specific to any single element of the request.