Evaluate Record Permissions

Evaluates the API user’s permissions for records and fields within an App..

MethodGET
URLhttps://{subdomain}.kintone.com/k/v1/records/acl/evaluate.json
URL(guest space)https://{subdomain}.kintone.com/k/guest/{SpaceID}/v1/records/acl/evaluate.json
AuthenticationPassword Authentication
Content-Typeapplication/json (not needed if specifying the query with a query string)

Contents

Permissions

Permission to view the App is needed.
API Tokens cannot be used with this API.

Request Parameters

Parameter Value Required Description
app Integer or String Yes The App ID.
ids Array Yes An array of record IDs that will be evaluated.
The maximum limit is 100 IDs.

Example of parameters in the URL

1
https://{subdomain}.kintone.com/k/v1/records/acl/evaluate.json?app=1&ids[0]=1&ids[1]=2

Example of parameters in the request body

1
2
3
4
{
  "app": 1,
  "ids": [1, 2]
}

Sample Request

JavaScript (using Kintone REST API Request )

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
var body = {
  'app': 1,
  'ids': [1, 2]
};

kintone.api(kintone.api.url('/k/v1/records/acl/evaluate', true), 'GET', body, function(resp) {
  // success
  console.log(resp);
}, function(error) {
  // error
  console.log(error);
});

XMLHttpRequest

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
var url = 'https://{subdomain}.kintone.com/k/v1/records/acl/evaluate.json?app=1&ids[0]=1&ids[1]=2';
var xhr = new XMLHttpRequest();
xhr.open('GET', url);
xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
xhr.onload = function() {
  if (xhr.status === 200) {
    // success
    console.log(JSON.parse(xhr.responseText));
  } else {
    // error
    console.log(JSON.parse(xhr.responseText));
  }
};
xhr.send();

Response Parameters

Parameter Type Description
rights Array An array of objects that contain permission settings of the specified records.
rights[].id String The record ID.
rights[].record Object An object consisting of record permissions of the specified record ID.
rights[].record.viewable Boolean The view permissions of the specified record ID.
rights[].record.editable Boolean The edit permissions of the specified record ID.
rights[].record.deletable Boolean The delete permissions of the specified record ID.
rights[].fields Object An object consisting of field permissions of the specified record ID.
The following are also included in the response:

- fields that the user has no permissions to view
- fields that have no permission settings set on them
- fields that do not allow permissions to be set
- fields set in tables
rights[].fields.<fieldcode>.viewable Boolean The view permissions of the field of the specified record ID. If the user has no view permissions of the record, all the values are set as false.
rights[].fields.<fieldcode>.editable Boolean The edit permissions of the field of the specified record ID.

Sample Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
{
  "rights": [
    {
      "id": "1",
      "record": {
        "viewable": true,
        "editable": false,
        "deletable": false
      },
      "fields": {
        "Text": {
          "viewable": true,
          "editable": false
        },
        "Text_Area": {
          "viewable": false,
          "editable": false
        },
        "Updated_datetime": {
          "viewable": true,
          "editable": false
        },
        "Updated_by": {
          "viewable": true,
          "editable": false
        }
      }
    },
    {
      "id": "2",
      "record": {
        "viewable": true,
        "editable": true,
        "deletable": true
      },
      "fields": {
        "Text": {
          "viewable": true,
          "editable": true
        },
        "Text_Area": {
          "viewable": true,
          "editable": true
        }
      }
    }
  ]
}