Working with data source permissions
- Last Updated: April 11, 2025
- 3 minute read
- Hybrid Data Pipeline
- Version 4.6
- Documentation
The Data Sources API allows administrators to create their own data sources and create data sources on behalf of users. When creating a data source on behalf of a user, administrators can set permissions on the data source to limit user access to the data source. Data source permissions override individual user permissions whether inherited through a role or set explicitly for the user. When an administrator creates a data source on behalf of a user, any administrator with the appropriate permissions would have access to the data source through the on-behalf-of functionality.
Create a data source on behalf of a user
The following POST request creates a data source on behalf of a user. The
user query parameter (?user) is used to specify
the owner of the data source. The administrator must have the Administrator (12)
permission; or the administrator must have the MgmtAPI (11) permission, the
OnBehalfOf (21) permission, administrative access on the tenant to which the user
belongs, and the CreateDataSource (1) permission.
Request
POST https://MyServer:8443/api/mgmt/datasources?user=ODataUserRequest Payload
{
"name": "ODataSF",
"dataStore": "1",
"connectionType": "Cloud",
"description": "Test OData access to Salesforce",
"options": {
"Database": "Accounting",
"User": "mySForceUserId",
"Password": "mySForcePassword",
"SecurityToken": "mySecurityToken",
"StmtCallLimit": "60",
"ODataSchemaMap": "{\"odata_mapping_v2\":{\"schemas\":[{\"name\":\"D2CQA01\"
,\"tables\":{\"Dept_Emp\":{},\"Employees\":{},\"Departments\":{},\"Salaries\":{}
,\"Titles\":{},\"Dept_Manager\":{}}}]}}",
"ODataVersion": "2"
}
}Retrieve permissions on behalf of a user
The following GET request retrieves the effective permissions on the data
source on behalf of the data source owner, where 16 is the ID of
the data source.
The administrator must have the Administrator (12) permission; or the administrator must have the MgmtAPI (11) permission, the OnBehalfOf (21) permission, administrative access on the tenant to which the user belongs, and the ViewDataSource (2) permission.
Request
GET https://MyServer:8443/api/mgmt/datasources/16/permissions?user=ODataUserResponse Payload
{
"permissions": [
7
]
}Update permissions on a data source
With the following PUT request, an administrator can modify permissions on the data source on behalf of the data source owner. In this example, the administrator allows the ODataUser several additional permissions.
The user query parameter (?user) is used to
specify the owner of the data source. The administrator must have the Administrator
(12) permission; or the administrator must have the MgmtAPI (11) permission, the
OnBehalfOf (21) permission, administrative access on the tenant to which the user
belongs, and the ModifyDataSource (3) permission.
Request
PUT https://MyServer:8443/api/mgmt/datasources/16/permissions?user=ODataUserRequest Payload
{
"permissions": [
2,
3,
4,
7,
10
]
}Retrieve the effective permissions on a data source
An administrator can then retrieve the updated effective permissions with a GET request.
The user query parameter (?user) is used to
specify the owner of the data source. The administrator must have the Administrator
(12) permission; or the administrator must have the MgmtAPI (11) permission, the
OnBehalfOf (21) permission, administrative access on the tenant to which the user
belongs, and the ViewDataSource (2) permission.
Request
GET https://MyServer:8443/api/mgmt/datasources/16/permissions?user=ODataUserResponse Payload
{
"permissions": [
2,
3,
4,
7,
10
]
}