> ## Documentation Index
> Fetch the complete documentation index at: https://docs.credibledata.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get workspace permission

> Retrieves the permission details for a specific user or group within the workspace,
including their role and access level.

**Authorization**: Requires workspace manager permissions.
**Response**: Returns permission object with role and metadata.




## OpenAPI

````yaml /controlplane-public-api-doc.yaml get /organizations/{organizationName}/workspaces/{workspaceName}/permissions/{userGroupId}
openapi: 3.1.0
info:
  title: Credible Admin API
  description: >
    The Credible Admin API is a comprehensive REST API that empowers
    organizations to manage their Malloy data modeling ecosystem with
    enterprise-grade security and governance. This API provides programmatic
    access to all administrative functions, enabling seamless integration with
    existing workflows and automation systems.


    ## Key Features


    - **Organization Management**: Create and manage organizations with
    fine-grained access controls

    - **Project & Package Lifecycle**: Full CRUD operations for projects,
    packages, and versions

    - **Connection Management**: Secure database connection configuration and
    management

    - **Permission Management**: Granular role-based access control (RBAC) at
    organization, project, package, workspace, and document levels

    - **Workspace Management**: Collaborative workspaces for data modeling and
    analysis

    - **User & Group Management**: Comprehensive user administration with
    group-based permissions


    ## Resource Hierarchy


    The API follows a hierarchical resource structure with fine-grained
    permission management at each level:

    ```

    Organizations

    ├── Permissions

    ├── Projects

    │   ├── Permissions

    │   ├── Packages

    │   │   ├── Permissions

    │   │   └── Versions

    │   └── Connections

    ├── Workspaces

    │   ├── Permissions

    │   └── Documents

    │       └── Permissions

    └── Groups
        ├── Permissions
        └── Members

    System-Level Resources:

    ├── Users

    ├── System Permissions

    └── Demo Operations

    ```


    ## Authentication & Authorization


    All API endpoints require proper authentication. The API implements
    fine-grained authorization using role-based permissions:

    - **Admin**: Full access to all resources within scope

    - **Modeler**: Can create and modify data models and packages

    - **Viewer**: Read-only access to resources

    - **Manager**: Workspace management capabilities

    - **Editor**: Document editing permissions


    ## Rate Limiting & Best Practices


    - API requests are rate-limited to ensure system stability

    - Implement proper error handling and retry logic

    - Cache responses when appropriate to reduce API calls


    ## Support & Documentation


    For additional support, examples, and integration guides, visit our
    developer documentation or contact our support team.
  version: v0
  contact:
    name: Credible Support
    email: support@credibledata.com
    url: https://credibledata.com/support
  license:
    name: Proprietary
    url: https://credibledata.com/license
  termsOfService: https://credibledata.com/terms
servers:
  - url: https://{organization}.admin.credibledata.com/api/v0/
    description: Production API server
    variables:
      organization:
        default: demo
        description: Your organization subdomain
security:
  - bearerAuth: []
tags:
  - name: organizations
    description: >-
      Organization management operations for creating, updating, and managing
      organizational entities
  - name: organizationPermissions
    description: >-
      Fine-grained permission management for organizations, including role
      assignments and access controls
  - name: projects
    description: >-
      Project lifecycle management including creation, configuration, and
      deletion of data modeling projects
  - name: projectPermissions
    description: >-
      Permission management for projects, controlling access to project
      resources and capabilities
  - name: packages
    description: >-
      Package management for Malloy data models, including versioning,
      publishing, and distribution
  - name: packagePermissions
    description: >-
      Access control for packages, managing who can view, modify, or publish
      package versions
  - name: versions
    description: >-
      Version management for packages, including archiving, status updates, and
      lifecycle management
  - name: connections
    description: >-
      Database connection management for secure data source configuration and
      access
  - name: workspaces
    description: >-
      Collaborative workspace management for team-based data modeling and
      analysis
  - name: workspacePermissions
    description: >-
      Access control for workspaces, managing who can view, manage, or
      collaborate in workspaces
  - name: documents
    description: >-
      Document management within workspaces, including workbooks, dashboards,
      and other content
  - name: documentPermissions
    description: >-
      Access control for documents, managing who can view, edit, or share
      document content
  - name: groups
    description: >-
      User group management for organizing users and managing group-based
      permissions
  - name: users
    description: >-
      User account management including creation, updates, and profile
      management
  - name: demo
    description: Demo and self-service operations for quick setup and testing scenarios
  - name: permissions
    description: System-level permission management for administrative functions
  - name: bookmarks
    description: >-
      User bookmark management for saving references to workspaces, models, and
      chats
paths:
  /organizations/{organizationName}/workspaces/{workspaceName}/permissions/{userGroupId}:
    get:
      tags:
        - workspacePermissions
      summary: Get workspace permission
      description: >
        Retrieves the permission details for a specific user or group within the
        workspace,

        including their role and access level.


        **Authorization**: Requires workspace manager permissions.

        **Response**: Returns permission object with role and metadata.
      operationId: getWorkspacePermission
      parameters:
        - name: organizationName
          in: path
          required: true
          description: The unique identifier of the organization
          schema:
            $ref: '#/components/schemas/IdentifierPattern'
        - name: workspaceName
          in: path
          required: true
          description: The unique identifier of the workspace
          schema:
            $ref: '#/components/schemas/IdentifierPattern'
        - name: userGroupId
          in: path
          required: true
          description: The unique identifier of the user or group
          schema:
            $ref: '#/components/schemas/UserGroupId'
      responses:
        '200':
          description: Workspace permission retrieved successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/WorkspacePermission'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
components:
  schemas:
    IdentifierPattern:
      type: string
      pattern: ^[a-zA-Z0-9_-]+$
      description: Standard identifier pattern for resource names
    UserGroupId:
      $ref: '#/components/schemas/UserGroupIdPattern'
      type: string
      description: >
        A resource identifier that uniquely identifies either a user or a group
        within the system.

        This identifier is used throughout the API for permission management and
        access control.


        **Format**:

        - For users: `user:{email}` or `user:{userId}`

        - For groups: `group:{groupName}`
    WorkspacePermission:
      type: object
      description: >-
        Represents a permission assignment for a user or group within a
        workspace
      properties:
        userGroupId:
          $ref: '#/components/schemas/UserGroupId'
        permission:
          type: string
          description: The role/permission level granted to the user or group
          enum:
            - manager
            - viewer
        message:
          type: string
          description: Optional message or note about the permission assignment
        createdAt:
          type: string
          format: date-time
          description: ISO 8601 timestamp indicating when the permission was created
        updatedAt:
          type: string
          format: date-time
          description: ISO 8601 timestamp indicating when the permission was last modified
    UserGroupIdPattern:
      type: string
      pattern: >-
        ^(user:[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}|group:[a-zA-Z0-9._-]+)$
      description: >-
        User or group identifier pattern (user must be valid email address,
        group is standard identifier)
    Error:
      type: object
      x-model-name: ModelError
      description: Standard error response format used across all API endpoints
      properties:
        code:
          type: string
          description: >
            Machine-readable error code that identifies the specific error
            condition.

            Common codes include:

            - `VALIDATION_ERROR`: Request validation failed

            - `AUTHENTICATION_REQUIRED`: Valid authentication is required

            - `INSUFFICIENT_PERMISSIONS`: User lacks required permissions

            - `RESOURCE_NOT_FOUND`: Requested resource does not exist

            - `CONFLICT`: Resource state conflict (e.g., duplicate name)

            - `RATE_LIMIT_EXCEEDED`: API rate limit exceeded

            - `INTERNAL_ERROR`: Unexpected server error
        message:
          type: string
          description: Human-readable error message providing details about what went wrong
  responses:
    BadRequest:
      description: >-
        The request was malformed or can not be performed given the state of the
        system.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: Unauthorized
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Forbidden:
      description: >-
        Can not perform the operation due to insufficient permissions or the
        state of the system.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    NotFound:
      description: The specified resource was not found.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT

````