Added documentation for service endpoints

apis/access-control/v2/apiName.md

@@ -0,0 +1 @@
+access-control-v2

apis/access-control/v2/description.md

@@ -0,0 +1 @@
+Manage Access Controls for your iTwin member using iTwin roles and permissions.

apis/access-control/v2/operations/add-itwin-group-members/description.md

@@ -0,0 +1,11 @@
+---
+
+Add new iTwin group members
+
+The total number of roles assigned in this request must not exceed 50. This can be achieved with many different configurations. For example, 1 role can be assigned to 50 groups, or 5 roles can be assigned to 10 groups, both resulting in 50 role assignments. 
+
+{!Authorization.md!}
+
+{!iTwinsRBACPermission.md!}
+
+---

apis/access-control/v2/operations/add-itwin-group-members/displayName.md

@@ -0,0 +1 @@
+Add iTwin group members

apis/access-control/v2/operations/add-itwin-owner-member/description.md

@@ -0,0 +1,15 @@
+---
+
+Add new iTwin owner members. iTwin Owners are users which have full control over the iTwin. Each owner is granted all permissions on the iTwin, allowing them to perform any action on the iTwin they own.
+
+Users which are external (i.e. not in the same organization as the iTwin) are not automatically added to the iTwin. Instead, they're invited. Users which are not external, are immediately added as members on the iTwin.
+
+Invited individuals will recieve an invitation via Email, where they'll be prompted to accept the invitation. Upon accepting, they'll then become a member of the iTwin.
+
+{!Authorization.md!}
+
+You must be an owner to add other owners.
+
+{!iTwinsRBACPermission.md!}
+
+---

apis/access-control/v2/operations/add-itwin-owner-member/displayName.md

@@ -0,0 +1 @@
+Add iTwin owner member

apis/access-control/v2/operations/add-itwin-user-members/description.md

@@ -0,0 +1,13 @@
+---
+
+Add or Invite new iTwin user members. Users which are external (i.e. not in the same organization as the iTwin) are not automatically added to the iTwin. Instead, they're invited. Users which are not external, are immediately added as members on the iTwin.
+
+Invited individuals will recieve an invitation via Email, where they'll be prompted to accept the invitation. Upon accepting, they'll then become a member of the iTwin.
+
+The total number of roles assigned in this request must not exceed 50. This can be achieved with many different configurations. For example, 1 role can be assigned to 50 users, or 5 roles can be assigned to 10 users, both resulting in 50 role assignments. 
+
+{!Authorization.md!}
+
+{!iTwinsRBACPermission.md!}
+
+---

apis/access-control/v2/operations/add-itwin-user-members/displayName.md

@@ -0,0 +1 @@
+Add iTwin user members

apis/access-control/v2/operations/create-iTwin-role/description.md

@@ -0,0 +1,9 @@
+---
+
+Create a new iTwin role.
+
+{!Authorization.md!}
+
+{!iTwinsRBACPermission.md!}
+
+---

apis/access-control/v2/operations/create-iTwin-role/displayName.md

@@ -0,0 +1 @@
+Create iTwin role

apis/access-control/v2/operations/create-itwin-group/description.md

@@ -0,0 +1,15 @@
+---
+
+Create a new iTwin group.
+
+{!Authorization.md!}
+
+### Authorization
+
+A user can create a Group by being assigned the `administration_manage_groups` on the iTwin level. A user also can create a Group on an iTwin by either being an Organization Administrator for the Organization that owns the given iTwin, or an owner of the iTwin.
+
+For creation of Groups on the Account iTwin, the user must be an Organization Administrator for the Organization.
+
+An Organization Administrator must have at least one of the following roles assigned in User Management: Account Administrator, Co-Administrator, or CONNECT Services Administrator. For more information about User Management please visit our Bentley Communities [Licensing, Cloud, and Web Services](https://communities.bentley.com/communities/other_communities/licensing_cloud_and_web_services/w/wiki/50711/user-management-2-0) wiki page.
+
+---

apis/access-control/v2/operations/create-itwin-group/displayName.md

@@ -0,0 +1 @@
+Create iTwin group

apis/access-control/v2/operations/create-itwin-job/description.md

@@ -0,0 +1,19 @@
+---
+
+Create a new iTwin job. iTwin jobs allow you to preform actions on an iTwin in bulk.
+
+Currently there are three types of supported actions:
+
+- `assignRoles`
+- `unassignRoles`
+- `removeMembers`
+
+Note: If the user being assigned roles in the `assignRoles` action is not a member of the iTwin, they will be added to the iTwin with the provided roles.
+
+`assignRoles` and `unassignRoles` actions have a limit of 100 roles per group of actions. `removeMembers` has a limit of 100 emails.
+
+{!Authorization.md!}
+
+{!iTwinsRBACPermission.md!}
+
+---

apis/access-control/v2/operations/create-itwin-job/displayName.md

@@ -0,0 +1 @@
+Create iTwin job

apis/access-control/v2/operations/delete-iTwin-role/description.md

@@ -0,0 +1,9 @@
+---
+
+Delete the specified iTwin role.
+
+{!Authorization.md!}
+
+{!iTwinsRBACPermission.md!}
+
+---

apis/access-control/v2/operations/delete-iTwin-role/displayName.md

@@ -0,0 +1 @@
+Delete iTwin role

apis/access-control/v2/operations/delete-itwin-group/description.md

@@ -0,0 +1,15 @@
+---
+
+Delete the specified iTwin group.
+
+{!Authorization.md!}
+
+### Authorization
+
+A user can delete a Group by being assigned the `administration_manage_groups` on the iTwin level. A user also can delete a Group on an iTwin by either being an Organization Administrator for the Organization that owns the given iTwin, or an owner of the iTwin.
+
+For deletion of Groups on the Account iTwin, the user must be an Organization Administrator for the Organization.
+
+An Organization Administrator must have at least one of the following roles assigned in User Management: Account Administrator, Co-Administrator, or CONNECT Services Administrator. For more information about User Management please visit our Bentley Communities [Licensing, Cloud, and Web Services](https://communities.bentley.com/communities/other_communities/licensing_cloud_and_web_services/w/wiki/50711/user-management-2-0) wiki page.
+
+---

apis/access-control/v2/operations/delete-itwin-group/displayName.md

@@ -0,0 +1 @@
+Delete iTwin group

apis/access-control/v2/operations/get-all-permissions/description.md

@@ -0,0 +1,11 @@
+---
+
+Retrieves the list of all available permissions
+
+{!Authorization.md!}
+
+### Authorization
+
+No Authorization is required for this API call.
+
+---

apis/access-control/v2/operations/get-all-permissions/displayName.md

@@ -0,0 +1 @@
+Get all permissions

apis/access-control/v2/operations/get-iTwin-permissions/description.md

@@ -0,0 +1,11 @@
+---
+
+Retrieves a list of permissions the calling user has on a specified iTwin.
+
+{!Authorization.md!}
+
+### Authorization
+
+No Authorization is required for this API call.
+
+---

apis/access-control/v2/operations/get-iTwin-permissions/displayName.md

@@ -0,0 +1 @@
+Get my iTwin permissions

apis/access-control/v2/operations/get-iTwin-roles/description.md

@@ -0,0 +1,9 @@
+---
+
+Retrieves a list of available user roles that are defined for a specified iTwin.
+
+{!Authorization.md!}
+
+{!iTwinsRBACPermission.md!}
+
+---

apis/access-control/v2/operations/get-iTwin-roles/displayName.md

@@ -0,0 +1 @@
+Get iTwin roles

apis/access-control/v2/operations/get-itwin-group-member/description.md

@@ -0,0 +1,13 @@
+---
+
+Retrieves a specific group member for a specified iTwin.
+
+{!Authorization.md!}
+
+### Authorization
+
+The calling user must be a member of the iTwin. Organization Administrator can also retrieve an iTwin member for any iTwin in their Organization.
+
+{!OrganizationAdministrator.md!}
+
+---

apis/access-control/v2/operations/get-itwin-group-member/displayName.md

@@ -0,0 +1 @@
+Get iTwin group member

apis/access-control/v2/operations/get-itwin-group-members/description.md

@@ -0,0 +1,13 @@
+---
+
+Retrieves a list of iTwin group members and their roles assignments.
+
+{!Authorization.md!}
+
+### Authorization
+
+The calling user must be a member of the iTwin. Organization Administrator can also retrieve iTwin members for any iTwin in their Organization.
+
+{!OrganizationAdministrator.md!}
+
+---

apis/access-control/v2/operations/get-itwin-group-members/displayName.md

@@ -0,0 +1 @@
+Get iTwin group members

apis/access-control/v2/operations/get-itwin-group/description.md

@@ -0,0 +1,13 @@
+---
+
+Retrieves the specified group for the specified iTwin. The `members` and `imsGroups` properties are both capped at 50 each.
+
+{!Authorization.md!}
+
+### Authorization
+
+User must be an Organization Administrator for the Organization that owns the given iTwin.
+
+An Organization Administrator must have at least one of the following roles assigned in User Management: Account Administrator, Co-Administrator, or CONNECT Services Administrator. For more information about User Management please visit our Bentley Communities [Licensing, Cloud, and Web Services](https://communities.bentley.com/communities/other_communities/licensing_cloud_and_web_services/w/wiki/50711/user-management-2-0) wiki page.
+
+---

apis/access-control/v2/operations/get-itwin-group/displayName.md

@@ -0,0 +1 @@
+Get iTwin group

apis/access-control/v2/operations/get-itwin-groups/description.md

@@ -0,0 +1,13 @@
+---
+
+Retrieves a list of all groups that are defined for a specified iTwin. The `members` and `imsGroups` properties are both capped at 50 each.
+
+{!Authorization.md!}
+
+### Authorization
+
+User must be an Organization Administrator for the Organization that owns the given iTwin.
+
+An Organization Administrator must have at least one of the following roles assigned in User Management: Account Administrator, Co-Administrator, or CONNECT Services Administrator. For more information about User Management please visit our Bentley Communities [Licensing, Cloud, and Web Services](https://communities.bentley.com/communities/other_communities/licensing_cloud_and_web_services/w/wiki/50711/user-management-2-0) wiki page.
+
+---

apis/access-control/v2/operations/get-itwin-groups/displayName.md

@@ -0,0 +1 @@
+Get iTwin groups

apis/access-control/v2/operations/get-itwin-job-actions/description.md

@@ -0,0 +1,9 @@
+---
+
+Retrieves the iTwin job actions for the specified iTwin job for the specified iTwin.
+
+{!Authorization.md!}
+
+{!iTwinsRBACPermission.md!}
+
+---

apis/access-control/v2/operations/get-itwin-job-actions/displayName.md

@@ -0,0 +1 @@
+Get iTwin job actions

apis/access-control/v2/operations/get-itwin-job/description.md

@@ -0,0 +1,18 @@
+---
+
+Retrieves the specified iTwin job for the specified iTwin.
+
+By default this operation will only return the `status` of the iTwin job. To find the specific errors of the iTwin job, include `return=representation` in the `Prefer` header.
+
+### Status
+
+- `Active`: iTwin job is stil in progress.
+- `Completed`: iTwin job completed without error.
+- `PartialCompleted`: iTwin job completed with some actions failing. To find the specific errors of the iTwin job, include `return=representation` in the `Prefer` header.
+- `Failed`: iTwin job completed with all actions failing. To find the specific errors of the iTwin job, include `return=representation` in the `Prefer` header.
+
+{!Authorization.md!}
+
+{!iTwinsRBACPermission.md!}
+
+---

apis/access-control/v2/operations/get-itwin-job/displayName.md

@@ -0,0 +1 @@
+Get iTwin job

apis/access-control/v2/operations/get-itwin-member-invitations/description.md

@@ -0,0 +1,13 @@
+---
+
+Retrieves a list of iTwin member invitations. By default, users will receive the invitations they have sent. If the user is an iTwin Owner, they will receive all invitations for the iTwin.
+
+Invitations have an expiration of 7 days after their creation. Once that expiration passes, the invitation will not be returned.
+
+### Authorization
+
+The calling user must be a member of the iTwin. Organization Administrator can also retrieve iTwin member invitations for any iTwin in their Organization.
+
+{!OrganizationAdministrator.md!}
+
+---

apis/access-control/v2/operations/get-itwin-member-invitations/displayName.md

@@ -0,0 +1 @@
+Get iTwin member invitations

apis/access-control/v2/operations/get-itwin-owner-members/description.md

@@ -0,0 +1,34 @@
+---
+
+Retrieves a list of iTwin owner members. iTwin Owners are users which have full control over the iTwin. Each owner is granted all permissions on the iTwin, allowing them to perform any action on the iTwin they own.
+
+### Missing Users
+
+When members are removed from the Bentley Identity Management System, they are not automatically removed from the iTwin. Therefore, it is possible to have a situation where the user is no longer valid, yet they are still a member of the iTwin. When this happens, the user member will be returned from this API endpoint with the follow values:
+```
+{
+    "id": <memberId>,
+    "email": null,
+    "givenName": null,
+    "surname": null,
+    "organization": null,
+    ...
+}
+```
+You should account for this in your software if you do not want to show these users.
+
+#### Cleanup
+
+The Access Control API will perform a once-a-week cleanup to remove these "Missing Users". You can rely on this automated clean-up if this timeline is sufficient.
+
+If not, you can use the [Remove iTwin Owner Member](https://developer.bentley.com/apis/access-control/operations/remove-iTwin-owner-member/) API (use the memberId) to remove the owner member from the iTwin.
+
+{!Authorization.md!}
+
+### Authorization
+
+The calling user must be a member of the iTwin. Organization Administrator can also retrieve iTwin owner members for any iTwin in their Organization.
+
+{!OrganizationAdministrator.md!}
+
+---

apis/access-control/v2/operations/get-itwin-owner-members/displayName.md

@@ -0,0 +1 @@
+Get iTwin owner members

apis/access-control/v2/operations/get-itwin-role/description.md

@@ -0,0 +1,9 @@
+---
+
+Retrieves the specified role for the specified iTwin.
+
+{!Authorization.md!}
+
+{!iTwinsRBACPermission.md!}
+
+---

apis/access-control/v2/operations/get-itwin-role/displayName.md

@@ -0,0 +1 @@
+Get iTwin role

apis/access-control/v2/operations/get-itwin-user-member/description.md

@@ -0,0 +1,34 @@
+---
+
+Retrieves a specific user member for a specified iTwin.
+
+### Missing Users
+
+When users are removed from the Bentley Identity Management System, they are not automatically removed from the iTwin. Therefore, it is possible to have a situation where the user is no longer valid, yet they are still a user member of the iTwin. When this happens, the user member will be returned from this API endpoint with the follow values:
+```
+{
+    "id": <memberId>,
+    "email": null,
+    "givenName": null,
+    "surname": null,
+    "organization": null,
+    ...
+}
+```
+You should account for this in your software if you do not want to show these users.
+
+#### Cleanup
+
+The Access Control API will perform a once-a-week cleanup to remove these "Missing Users". You can rely on this automated clean-up if this timeline is sufficient.
+
+If not, you can use the [Remove iTwin User Member](https://developer.bentley.com/apis/access-control/operations/remove-iTwin-user-member/) API (use the memberId) to remove the user member from the iTwin.
+
+{!Authorization.md!}
+
+### Authorization
+
+The calling user must be a member of the iTwin. Organization Administrator can also retrieve an iTwin user member for any iTwin in their Organization.
+
+{!OrganizationAdministrator.md!}
+
+---

apis/access-control/v2/operations/get-itwin-user-member/displayName.md

@@ -0,0 +1 @@
+Get iTwin user member