GuidesAPI DocsChangelogMy AppsSeismic Exchange
API Docs

Update request form permissions

post
https://api.seismic.com/programs/v2/spaces//forms//permission

Updates the access control permissions for a request form, determining which users or groups can view, use, or manage the form when creating and submitting requests. This endpoint modifies the permission configuration by specifying user IDs and their granted permission levels, enabling form owners and administrators to control form visibility and usage within the workspace. Use this endpoint to grant access to new users when expanding a team, revoke access when users change roles or leave programs, or adjust permission levels when responsibility shifts occur. The operation replaces the entire permission set with the provided configuration, so include all users who should retain access along with any new additions. Permissions control whether users can see the form in their available forms list, use it to create requests, or modify the form definition itself. This is essential for implementing role-based access control, ensuring sensitive request forms are only accessible to authorized personnel, and managing form lifecycle as organizational needs evolve.

Key Features:

  • Replace entire permission set with new user access configuration for complete control
  • Grant or revoke access for individual users or groups using user identifiers
  • Control form visibility in user interfaces and form selection dropdowns
  • Manage who can create requests using the form versus who can modify form structure
  • Implement role-based access control for sensitive or restricted request workflows

Typical Use Cases:

  1. Grant Team Access: When onboarding new team members to a program, call POST /v2/spaces/w5PmrE9p0kicqqRSVJ3VBQ/forms/yS86zRG7smz7NVwdUEyJSj/permission with a PermissionRequest containing the existing user IDs plus new team member IDs to grant them form access for creating requests.
  2. Revoke Departed User Access: When a team member leaves the program, call this endpoint with a PermissionRequest excluding their user ID to remove their access to the form, ensuring they can no longer see or use it for creating requests.
  3. Restrict Sensitive Form: For confidential request forms (HR requests, executive approvals), call this endpoint to limit access to a small set of authorized user IDs, preventing unauthorized users from viewing the form or creating requests with it.

Expected Response:

Returns 200 OK with the updated RequestForm object including the new permission configuration, confirming which users now have access and their permission levels. The response shows the complete form definition with updated permission metadata.

Authorization Logic:

  1. User must have valid JWT token with manage scope (seismic.programs.manage)
  2. User must have permission to manage the specified form (typically form creator or space administrator)
  3. User must have access to the space containing the form
  4. All user IDs specified in the permission request must be valid users in the system
  5. Cannot remove all permissions including your own (must retain at least one admin)
Language
Response
Click Try It! to start a request and see the response here!