DeeQ:

all we have to do is update our environment to make sure the new permission is granted if required

Technically it's the opposite: with the permissions backfill (which Genesys will perform immediately before the feature is turned on) users will actually already have the new permission, for continuity of system behavior; at that point admins have the option of revoking the permission from users for whom the permission is not required.

A great question to be asking! We use this specific API ourselves and are interested to know if it will be impacted. Regardless if it will or wont, it looks like all we have to do is update our environment to make sure the new permission is granted if required correct?

jhwon:

put /api/v2/users/{userId}/station/associatedstation/{stationId}

You are correct, where the posting said PUT api/v2/users/{userId}/station/{stationId} it should have said PUT api/v2/users/{userId}/station/associatedstation/{stationId}. I've fixed the original post, thanks for calling this out.

jhwon:

put /api/v2/users/{userId}/station/defaultstation/{stationId}

A great question to be asking! We use this specific API ourselves and are interested to know if it will be impacted.

Regardless if it will or wont, it looks like all we have to do is update our environment to make sure the new permission is granted if required correct?

Hi,

Just to confirm - this won't affect calls to GET /api/v2/users/{userId} that use the "station" expand parameter, correct?

Daniel_Meyer:

PUT api/v2/users/{userId}/station/{stationId} - telephony:otherStationAssociation:edit

hello, Daniel

PUT api/v2/users/{userId}/station/{stationId} - telephony:otherStationAssociation:edit

This API does not exist.
It is not found in developer.

Can you tell me the exact API name?

There are two PUT-type APIs that contain station.
Is it one of the two APIs below? Or is it both?

put /api/v2/users/{userId}/station/associatedstation/{stationId}
or
put /api/v2/users/{userId}/station/defaultstation/{stationId}

Description

Required permissions are being added to the user station API endpoints.

Change Category

API

Change Context

Certain user station endpoints that allow viewing, changing, and deleting others' station associations currently do not perform any permissions check. The effect of this is that any authenticated user is currently able to manipulate others' station associations. It is desirable that system administrators be able to lock down such activity by granting or revoking permissions; thus this change.

Change Impact

After the change, the required permissions will be as follows:

GET api/v2/users/{userId}/station - telephony:otherStationAssociation:view
PUT api/v2/users/{userId}/station/associatedstation/{stationId} - telephony:otherStationAssociation:edit
DELETE api/v2/users/{userId}/station/associatedStation - telephony:station:disassociate
DELETE api/v2/stations/{stationId}/associatedUser - telephony:station:disassociate (currently requires telephony:plugin:all)

A permissions backfill will be performed so that affected users will not lose access to endpoints; system administrators can then revoke permissions as desired.

Date of Change

Apr 16, 2025

Impacted APIs

GET api/v2/users/{userId}/station
PUT api/v2/users/{userId}/station/associatedstation/{stationId}
DELETE api/v2/users/{userId}/station/associatedStation
DELETE api/v2/stations/{stationId}/associatedUser

References

[PURE-6104]