Get users permission change

Question

One of our customers is running LE 10.1 SP9 and the following Valence API call is not working for them:

GET /d2l/api/lp/(D2LVERSION: version)/users/(D2LID: userId)

In previous releases (LE 10.0 SP1 and LE 10.1 SP4) this API call worked without having to set the “Users->See the User Management tool” permission. But now it appears that this permission is required to be set for the get user API call to work.

Was this permission change an intended change, or an oversight that will be fixed in a future update? What release of LE 10.x was this permission change introduced?

Answer 1

The various API calls that retrieve users from the user management service, including GET /d2l/api/{ver}/users/{userId}, should all be subject to the Users->See the User Management tool permission. This is an intentional restriction. This restriction should be in place on all platforms since the LE 9.4.1 release, in the April 2012 service pack (SP4 on 9.4.1). If you notice that this is not the case on subsequent platform releases, then this would be a defect that should get reported to D2L.

Answer 2

As mentioned above, the User Management routes are intended for users that would have access to all users in the system. It sounds like you are looking for a subset of information about users that you would explicitly have access to through a course. If you are looking for information about users that your users have explicitly been granted access to information about through something like the ClassList, there is another route that may be more appropriate to use.

It is: GET /d2l/api/le/(version)/(orgUnitId)/classlist/

Note: This route is subject to User Information Privacy settings, as well as several configuration variables that control which fields are available (d2l.Tools.ClassList.*) If you can't see the field through the UI (ie username or orgdefinedid), then you won't get it in the API call either, so should adjust the permissions and config variable settings accordingly.