Working with User Permissions and Permission Templates
Introduction
Procore uses permissions to manage user access to different Procore tools. User permissions can be managed at the Company level and Project level and consist of four role-based levels, None, Read-only, Standard, and Admin. Each role can be defined in a permission template, see What is a permission template?.
User Permissions
The User Permissions Reference Page shows a comprehensive breakdown of all user actions and the specific user permissions (Read Only, Standard, and/or Admin) required to perform that action. Since certain tools are available at both the Company and Project levels, be sure to select the appropriate hyperlink when navigating the page, see What are the default project permission templates in Procore?.
User Permission Templates
Each Procore client is provided with several role-based project permissions templates. Use the steps below to walk you through the process of using the Procore API to change a project user’s permission template. In order to update a project user’s permission template through the API, the user must be first removed from the project and then re-added with the new permission template ID.
TUTORIAL PREREQUISITES
To successfully complete this tutorial, you must have
Admin
permissions on the company level Directory tool.
Step 1 - Find the user whose permission template will be changed
Using either the List Project Users or Show Project User endpoint, find the object associated with the user whose permission template you would like to change.
The important values to note are the user’s ID
and the permission_template
object (if applicable).
Step 2 - Removing the User from a Project
In order to change a user’s permission template on a project, it is necessary to remove them and then re-add them to the same project. Performing this action will not delete or reassign any content from this user.
With the ID
of the user you wish to change a project template for, use the Remove a User from the Project endpoint (DELETE /rest/v1.0/projects/{project_id}/users/{id}/actions/remove) to remove the given user from a specific project.
The successful removal of the user from this project will be indicated by a 204 No Content
HTTP status code (with an empty response body).
This endpoint will remove a user from the given project, but not remove them from the company level directory.
Step 3 - Re-add the User to the Project
Using the Add Company User to Project endpoint, you can re-add the user to the project with the new permission_template_id
.
A successful request will be indicated by a 201 Created
HTTP response code.
You can confirm the change of the permission template by making a request to the List Project Users endpoint, finding the object associated with the user whose permission template you were updating, and noticing the new permission template ID
and name
values.