| Method | PUT |
| URL | https://{subdomain}.kintone.com/k/v1/record/acl.json |
| URL(guest space) | https://{subdomain}.kintone.com/k/guest/{SpaceID}/v1/record/acl.json |
| Authentication | Password Authentication |
| Content-Type | application/json |
Pre-live settings
Apps may hold pre-live settings that have not yet been deployed to the live App.
Access the pre-live settings with the below URL.
| URL | https://{subdomain}.kintone.com/k/v1/preview/record/acl.json |
| URL(guest space) | https://{subdomain}.kintone.com/k/guest/{SpaceID}/v1/preview/record/acl.json |
Permissions
- App Management Permissions are needed.
- API Tokens cannot be used with this API.
Request Parameters
Parameters that are ignored will not be updated.
If you grant an entity permission to edit or delete records, the entity must also be granted to have permission to view records.
| Parameter | Value | Required | Description |
| app | Integer or String | Yes |
The App ID. |
| rights | Array | Yes | An array listing data of record permissions. List in order of priority. |
| rights[].filterCond | String |
The filter condition in a query format. |
|
| rights[].entities | Array | Yes | An array listing the entities the permissions are granted to. List in order of priority. The "Everyone" group will be treated with the lowest priority, wherever it is placed in the list. |
| rights[].entities[].entity | Object | Yes | An object containing data of the entity the permissions are granted to. |
| rights[].entities[].entity.type | String | Yes | The type of the entity the permissions are granted to.
|
| rights[].entities[].entity.code | String | Yes | The code of the entity the permissions are granted to. If the "Everyone" group is not specified, the "Everyone" group will have no permissions to view/edit/delete. To specify guest space users, add the string "guest/" before the guest's log in name. |
| rights[].entities[].viewable | Boolean or String | The view permission of the entity.
If ignored, the value is false. |
|
| rights[].entities[].editable | Boolean or String | The edit permission of the entity.
If ignored, this value is false. |
|
| rights[].entities[].deletable | Boolean or String | The delete permission of the entity.
If ignored, this value is false. |
|
| rights[].entities[].includeSubs | Boolean or String | The permission inheritance settings of the department the permissions are granted to.
If ignored, this value is false. |
|
| revision | Integer or String | Specify the revision number of the settings that will be deployed. The request will fail if the revision number is not the latest revision. The revision will not be checked if this parameter is ignored, or -1 is specified. |
Sample Request
Response Parameters
| Parameter | Type | Description |
| revision | String | The revision number of the App settings. |
Sample Response
Limitations
The parameters that can be set in rights[].filterCond are the same as the conditions you can set on the GUI.
The following limitations apply:
- "order by", "limit", and "offset" cannot be used.
- "and" and "or" cannot be used in conjunction.
- "like" and "not like" cannot be used for the following fields:
- Text
- Link
- "in", ">", and "<" cannot be used for the following fields:
- Record number
- Number
- Calculated
- "=" cannot be used for the following fields:
- Status
- The following fields cannot be included in the condition:
- Text Area
- Rich text
- Attachment
- The following functions cannot be used:
- NOW()
- TODAY()
- LAST_MONTH()
- THIS_MONTH()
- THIS_YEAR()