Call this API to add or modify settings that restrict employees, departments, or roles from viewing the Contacts.
API call description
In the DingTalk OA admin console, you can restrict members of a department from viewing the Contacts. This API extends that capability. It can restrict not only members of a department, but also individual employees and roles, from viewing the Contacts.
The visibility restriction settings configured through this API are stored independently from those configured in the OA admin console. The final effect is a logical OR of both. For example, if the same department is set to “view self only” by either this API or the OA admin console, the department will be restricted to viewing self only.
Request
| Field | Value |
|---|
| HTTP URL | https://api.dingtalk.io/v1.0/contact/restrictions/settings |
| HTTP Method | PUT |
| Supported app type | appType-Internal app |
| Required permission | permission-Contact.Visibility.ReadWrite-Permission to manage the visibility scope of Contacts data |
| Name | Type | Required | Description |
|---|
| x-acs-dingtalk-access-token | String | Yes | The access credential for calling this API. Obtain it by calling the Get the access token of an internal app API. |
Request body
| Name | Type | Required | Description |
|---|
| id | Long | No | The setting ID. - Do not pass this parameter when adding a new setting. - To modify an existing setting, specify this parameter. Obtain the ID by calling the Get the list of Contacts visibility restriction settings API. |
| name | String | No | The setting name. |
| description | String | No | The setting description. |
| subjectUserIds | Array of String | No | The list of user IDs whose Contacts visibility is restricted. Obtain userid by calling the Get the user ID list of a department API. The total number of elements across subjectUserIds, subjectDeptIds, and subjectTagIds cannot exceed 50. |
| subjectDeptIds | Array of Long | No | The list of department IDs whose Contacts visibility is restricted. Obtain dept_id by calling the Get the department list API. The total number of elements across subjectUserIds, subjectDeptIds, and subjectTagIds cannot exceed 50. |
| subjectTagIds | Array of Long | No | The list of role IDs whose Contacts visibility is restricted. Obtain the role IDs by calling the Get the role list API. The total number of elements across subjectUserIds, subjectDeptIds, and subjectTagIds cannot exceed 50. |
| type | String | Yes | The restriction type. Valid values: - onlySelf: Can view self only. Cannot view any other departments or users. - onlySelfDeptAndChild: Can view only the user’s own department and its sub-departments. Cannot view any other departments or users. - excludeNode: Default value. Can view only the departments and users in the allowlist. The allowlist takes effect only when this parameter is set to excludeNode. |
| excludeUserIds | Array of String | No | The user IDs in the allowlist. Obtain userid by calling the Get the user ID list of a department API. - The total number of elements across excludeUserIds, excludeDeptIds, and excludeTagIds cannot exceed 50. - The allowlist takes effect only when type is set to excludeNode. |
| excludeDeptIds | Array of Long | No | The department IDs in the allowlist. Obtain them by calling the Get the department list API. - The total number of elements across excludeUserIds, excludeDeptIds, and excludeTagIds cannot exceed 50. - The allowlist takes effect only when type is set to excludeNode. |
| excludeTagIds | Array of Long | No | The role IDs in the allowlist. Obtain them by calling the Get the role list API. - The total number of elements across excludeUserIds, excludeDeptIds, and excludeTagIds cannot exceed 50. - The allowlist takes effect only when type is set to excludeNode. |
| active | Boolean | No | Whether this setting takes effect. - true: Takes effect. - false: Does not take effect. |
| restrictInUserProfile | Boolean | No | Whether to also restrict visibility on the Profile page. - true: Yes. - false: No. When enabled, tapping the Profile Photo of an employee outside the visible scope in the DingTalk Client does not display the user’s profile information within the current organization. |
| restrictInSearch | Boolean | No | Whether to also restrict search. - true: Yes. - false: No. When enabled, searching for an employee outside the visible scope in the DingTalk Client returns no results. |
Request example
HTTP
PUT /v1.0/contact/restrictions/settings HTTP/1.1
Host:api.dingtalk.io
x-acs-dingtalk-access-token:xxxxx
Content-Type:application/json
{
"id" : 10001,
"name" : "Members of department xxx can view self only",
"description" : "Members of department xxx are restricted from viewing other departments",
"subjectUserIds" : [ "userId1" ],
"subjectDeptIds" : [ 10000 ],
"subjectTagIds" : [ 20000 ],
"type" : "excludeNode",
"excludeUserIds" : [ "userId2" ],
"excludeDeptIds" : [ 10000 ],
"excludeTagIds" : [ 20000 ],
"active" : true,
"restrictInUserProfile" : true,
"restrictInSearch" : true
}
// This file is auto-generated, don't edit it. Thanks.
package com.aliyun.sample;
import com.aliyun.tea.*;
public class Sample {
/**
* Initialize the account Client using a Token
* @return Client
* @throws Exception
*/
public static com.aliyun.dingtalkcontact_1_0.Client createClient() throws Exception {
com.aliyun.teaopenapi.models.Config config = new com.aliyun.teaopenapi.models.Config();
config.protocol = "https";
config.regionId = "central";
return new com.aliyun.dingtalkcontact_1_0.Client(config);
}
public static void main(String[] args_) throws Exception {
java.util.List<String> args = java.util.Arrays.asList(args_);
com.aliyun.dingtalkcontact_1_0.Client client = Sample.createClient();
com.aliyun.dingtalkcontact_1_0.models.UpdateContactRestrictSettingHeaders updateContactRestrictSettingHeaders = new com.aliyun.dingtalkcontact_1_0.models.UpdateContactRestrictSettingHeaders();
updateContactRestrictSettingHeaders.xAcsDingtalkAccessToken = "<your access token>";
com.aliyun.dingtalkcontact_1_0.models.UpdateContactRestrictSettingRequest updateContactRestrictSettingRequest = new com.aliyun.dingtalkcontact_1_0.models.UpdateContactRestrictSettingRequest()
.setId(10001L)
.setName("Members of department xxx can view self only")
.setDescription("Members of department xxx are restricted from viewing other departments")
.setSubjectUserIds(java.util.Arrays.asList(
"userId1"
))
.setSubjectDeptIds(java.util.Arrays.asList(
10000L
))
.setSubjectTagIds(java.util.Arrays.asList(
20000L
))
.setType("excludeNode")
.setExcludeUserIds(java.util.Arrays.asList(
"userId2"
))
.setExcludeDeptIds(java.util.Arrays.asList(
10000L
))
.setExcludeTagIds(java.util.Arrays.asList(
20000L
))
.setActive(true)
.setRestrictInUserProfile(true)
.setRestrictInSearch(true);
try {
client.updateContactRestrictSettingWithOptions(updateContactRestrictSettingRequest, updateContactRestrictSettingHeaders, new com.aliyun.teautil.models.RuntimeOptions());
} catch (TeaException err) {
if (!com.aliyun.teautil.Common.empty(err.code) && !com.aliyun.teautil.Common.empty(err.message)) {
// err contains the code and message attributes, which help locate the issue during development.
}
} catch (Exception _err) {
TeaException err = new TeaException(_err.getMessage(), _err);
if (!com.aliyun.teautil.Common.empty(err.code) && !com.aliyun.teautil.Common.empty(err.message)) {
// err contains the code and message attributes, which help locate the issue during development.
}
}
}
}
# -*- coding: utf-8 -*-
# This file is auto-generated, don't edit it. Thanks.
import sys
from typing import List
from alibabacloud_dingtalk.contact_1_0.client import Client as dingtalkcontact_1_0Client
from alibabacloud_tea_openapi import models as open_api_models
from alibabacloud_dingtalk.contact_1_0 import models as dingtalkcontact__1__0_models
from alibabacloud_tea_util import models as util_models
from alibabacloud_tea_util.client import Client as UtilClient
class Sample:
def __init__(self):
pass
@staticmethod
def create_client() -> dingtalkcontact_1_0Client:
"""
Initialize the account Client using a Token
@return: Client
@throws Exception
"""
config = open_api_models.Config()
config.protocol = 'https'
config.region_id = 'central'
return dingtalkcontact_1_0Client(config)
@staticmethod
def main(
args: List[str],
) -> None:
client = Sample.create_client()
update_contact_restrict_setting_headers = dingtalkcontact__1__0_models.UpdateContactRestrictSettingHeaders()
update_contact_restrict_setting_headers.x_acs_dingtalk_access_token = '<your access token>'
update_contact_restrict_setting_request = dingtalkcontact__1__0_models.UpdateContactRestrictSettingRequest(
id=10001,
name='Members of department xxx can view self only',
description='Members of department xxx are restricted from viewing other departments',
subject_user_ids=[
'userId1'
],
subject_dept_ids=[
10000
],
subject_tag_ids=[
20000
],
type='excludeNode',
exclude_user_ids=[
'userId2'
],
exclude_dept_ids=[
10000
],
exclude_tag_ids=[
20000
],
active=True,
restrict_in_user_profile=True,
restrict_in_search=True
)
try:
client.update_contact_restrict_setting_with_options(update_contact_restrict_setting_request, update_contact_restrict_setting_headers, util_models.RuntimeOptions())
except Exception as err:
if not UtilClient.empty(err.code) and not UtilClient.empty(err.message):
# err contains the code and message attributes, which help locate the issue during development.
pass
@staticmethod
async def main_async(
args: List[str],
) -> None:
client = Sample.create_client()
update_contact_restrict_setting_headers = dingtalkcontact__1__0_models.UpdateContactRestrictSettingHeaders()
update_contact_restrict_setting_headers.x_acs_dingtalk_access_token = '<your access token>'
update_contact_restrict_setting_request = dingtalkcontact__1__0_models.UpdateContactRestrictSettingRequest(
id=10001,
name='Members of department xxx can view self only',
description='Members of department xxx are restricted from viewing other departments',
subject_user_ids=[
'userId1'
],
subject_dept_ids=[
10000
],
subject_tag_ids=[
20000
],
type='excludeNode',
exclude_user_ids=[
'userId2'
],
exclude_dept_ids=[
10000
],
exclude_tag_ids=[
20000
],
active=True,
restrict_in_user_profile=True,
restrict_in_search=True
)
try:
await client.update_contact_restrict_setting_with_options_async(update_contact_restrict_setting_request, update_contact_restrict_setting_headers, util_models.RuntimeOptions())
except Exception as err:
if not UtilClient.empty(err.code) and not UtilClient.empty(err.message):
# err contains the code and message attributes, which help locate the issue during development.
pass
if __name__ == '__main__':
Sample.main(sys.argv[1:])
<?php
// This file is auto-generated, don't edit it. Thanks.
namespace AlibabaCloud\SDK\Sample;
use AlibabaCloud\SDK\Dingtalk\Vcontact_1_0\Dingtalk;
use \Exception;
use AlibabaCloud\Tea\Exception\TeaError;
use AlibabaCloud\Tea\Utils\Utils;
use Darabonba\OpenApi\Models\Config;
use AlibabaCloud\SDK\Dingtalk\Vcontact_1_0\Models\UpdateContactRestrictSettingHeaders;
use AlibabaCloud\SDK\Dingtalk\Vcontact_1_0\Models\UpdateContactRestrictSettingRequest;
use AlibabaCloud\Tea\Utils\Utils\RuntimeOptions;
class Sample {
/**
* Initialize the account Client using a Token
* @return Dingtalk Client
*/
public static function createClient(){
$config = new Config([]);
$config->protocol = "https";
$config->regionId = "central";
return new Dingtalk($config);
}
/**
* @param string[] $args
* @return void
*/
public static function main($args){
$client = self::createClient();
$updateContactRestrictSettingHeaders = new UpdateContactRestrictSettingHeaders([]);
$updateContactRestrictSettingHeaders->xAcsDingtalkAccessToken = "<your access token>";
$updateContactRestrictSettingRequest = new UpdateContactRestrictSettingRequest([
"id" => 10001,
"name" => "Members of department xxx can view self only",
"description" => "Members of department xxx are restricted from viewing other departments",
"subjectUserIds" => [
"userId1"
],
"subjectDeptIds" => [
10000
],
"subjectTagIds" => [
20000
],
"type" => "excludeNode",
"excludeUserIds" => [
"userId2"
],
"excludeDeptIds" => [
10000
],
"excludeTagIds" => [
20000
],
"active" => true,
"restrictInUserProfile" => true,
"restrictInSearch" => true
]);
try {
$client->updateContactRestrictSettingWithOptions($updateContactRestrictSettingRequest, $updateContactRestrictSettingHeaders, new RuntimeOptions([]));
}
catch (Exception $err) {
if (!($err instanceof TeaError)) {
$err = new TeaError([], $err->getMessage(), $err->getCode(), $err);
}
if (!Utils::empty_($err->code) && !Utils::empty_($err->message)) {
// err contains the code and message attributes, which help locate the issue during development.
}
}
}
}
$path = __DIR__ . \DIRECTORY_SEPARATOR . '..' . \DIRECTORY_SEPARATOR . 'vendor' . \DIRECTORY_SEPARATOR . 'autoload.php';
if (file_exists($path)) {
require_once $path;
}
Sample::main(array_slice($argv, 1));
// This file is auto-generated, don't edit it. Thanks.
package main
import (
"os"
util "github.com/alibabacloud-go/tea-utils/v2/service"
dingtalkcontact_1_0 "github.com/alibabacloud-go/dingtalk/contact_1_0"
openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client"
"github.com/alibabacloud-go/tea/tea"
)
/**
* Initialize the account Client using a Token
* @return Client
* @throws Exception
*/
func CreateClient () (_result *dingtalkcontact_1_0.Client, _err error) {
config := &openapi.Config{}
config.Protocol = tea.String("https")
config.RegionId = tea.String("central")
_result = &dingtalkcontact_1_0.Client{}
_result, _err = dingtalkcontact_1_0.NewClient(config)
return _result, _err
}
func _main (args []*string) (_err error) {
client, _err := CreateClient()
if _err != nil {
return _err
}
updateContactRestrictSettingHeaders := &dingtalkcontact_1_0.UpdateContactRestrictSettingHeaders{}
updateContactRestrictSettingHeaders.XAcsDingtalkAccessToken = tea.String("<your access token>")
updateContactRestrictSettingRequest := &dingtalkcontact_1_0.UpdateContactRestrictSettingRequest{
Id: tea.Int64(10001),
Name: tea.String("Members of department xxx can view self only"),
Description: tea.String("Members of department xxx are restricted from viewing other departments"),
SubjectUserIds: []*string{tea.String("userId1")},
SubjectDeptIds: []*int64{tea.Int64(10000)},
SubjectTagIds: []*int64{tea.Int64(20000)},
Type: tea.String("excludeNode"),
ExcludeUserIds: []*string{tea.String("userId2")},
ExcludeDeptIds: []*int64{tea.Int64(10000)},
ExcludeTagIds: []*int64{tea.Int64(20000)},
Active: tea.Bool(true),
RestrictInUserProfile: tea.Bool(true),
RestrictInSearch: tea.Bool(true),
}
tryErr := func()(_e error) {
defer func() {
if r := tea.Recover(recover()); r != nil {
_e = r
}
}()
_, _err = client.UpdateContactRestrictSettingWithOptions(updateContactRestrictSettingRequest, updateContactRestrictSettingHeaders, &util.RuntimeOptions{})
if _err != nil {
return _err
}
return nil
}()
if tryErr != nil {
var err = &tea.SDKError{}
if _t, ok := tryErr.(*tea.SDKError); ok {
err = _t
} else {
err.Message = tea.String(tryErr.Error())
}
if !tea.BoolValue(util.Empty(err.Code)) && !tea.BoolValue(util.Empty(err.Message)) {
// err contains the code and message attributes, which help locate the issue during development.
}
}
return _err
}
func main() {
err := _main(tea.StringSlice(os.Args[1:]))
if err != nil {
panic(err)
}
}
// This file is auto-generated, don't edit it
import Util, * as $Util from '@alicloud/tea-util';
import dingtalkcontact_1_0, * as $dingtalkcontact_1_0 from '@alicloud/dingtalk/contact_1_0';
import OpenApi, * as $OpenApi from '@alicloud/openapi-client';
import * as $tea from '@alicloud/tea-typescript';
export default class Client {
/**
* Initialize the account Client using a Token
* @return Client
* @throws Exception
*/
static createClient(): dingtalkcontact_1_0 {
let config = new $OpenApi.Config({ });
config.protocol = "https";
config.regionId = "central";
return new dingtalkcontact_1_0(config);
}
static async main(args: string[]): Promise<void> {
let client = Client.createClient();
let updateContactRestrictSettingHeaders = new $dingtalkcontact_1_0.UpdateContactRestrictSettingHeaders({ });
updateContactRestrictSettingHeaders.xAcsDingtalkAccessToken = "<your access token>";
let updateContactRestrictSettingRequest = new $dingtalkcontact_1_0.UpdateContactRestrictSettingRequest({
id: 10001,
name: "Members of department xxx can view self only",
description: "Members of department xxx are restricted from viewing other departments",
subjectUserIds: [
"userId1"
],
subjectDeptIds: [
10000
],
subjectTagIds: [
20000
],
type: "excludeNode",
excludeUserIds: [
"userId2"
],
excludeDeptIds: [
10000
],
excludeTagIds: [
20000
],
active: true,
restrictInUserProfile: true,
restrictInSearch: true,
});
try {
await client.updateContactRestrictSettingWithOptions(updateContactRestrictSettingRequest, updateContactRestrictSettingHeaders, new $Util.RuntimeOptions({ }));
} catch (err) {
if (!Util.empty(err.code) && !Util.empty(err.message)) {
// err contains the code and message attributes, which help locate the issue during development.
}
}
}
}
Client.main(process.argv.slice(2));
// This file is auto-generated, don't edit it. Thanks.
using System;
using System.Collections;
using System.Collections.Generic;
using System.IO;
using System.Threading.Tasks;
using Tea;
using Tea.Utils;
namespace AlibabaCloud.SDK.Sample
{
public class Sample
{
/**
* Initialize the account Client using a Token
* @return Client
* @throws Exception
*/
public static AlibabaCloud.SDK.Dingtalkcontact_1_0.Client CreateClient()
{
AlibabaCloud.OpenApiClient.Models.Config config = new AlibabaCloud.OpenApiClient.Models.Config();
config.Protocol = "https";
config.RegionId = "central";
return new AlibabaCloud.SDK.Dingtalkcontact_1_0.Client(config);
}
public static void Main(string[] args)
{
AlibabaCloud.SDK.Dingtalkcontact_1_0.Client client = CreateClient();
AlibabaCloud.SDK.Dingtalkcontact_1_0.Models.UpdateContactRestrictSettingHeaders updateContactRestrictSettingHeaders = new AlibabaCloud.SDK.Dingtalkcontact_1_0.Models.UpdateContactRestrictSettingHeaders();
updateContactRestrictSettingHeaders.XAcsDingtalkAccessToken = "<your access token>";
AlibabaCloud.SDK.Dingtalkcontact_1_0.Models.UpdateContactRestrictSettingRequest updateContactRestrictSettingRequest = new AlibabaCloud.SDK.Dingtalkcontact_1_0.Models.UpdateContactRestrictSettingRequest
{
Id = 10001,
Name = "Members of department xxx can view self only",
Description = "Members of department xxx are restricted from viewing other departments",
SubjectUserIds = new List<string>
{
"userId1"
},
SubjectDeptIds = new List<long?>
{
10000
},
SubjectTagIds = new List<long?>
{
20000
},
Type = "excludeNode",
ExcludeUserIds = new List<string>
{
"userId2"
},
ExcludeDeptIds = new List<long?>
{
10000
},
ExcludeTagIds = new List<long?>
{
20000
},
Active = true,
RestrictInUserProfile = true,
RestrictInSearch = true,
};
try
{
client.UpdateContactRestrictSettingWithOptions(updateContactRestrictSettingRequest, updateContactRestrictSettingHeaders, new AlibabaCloud.TeaUtil.Models.RuntimeOptions());
}
catch (TeaException err)
{
if (!AlibabaCloud.TeaUtil.Common.Empty(err.Code) && !AlibabaCloud.TeaUtil.Common.Empty(err.Message))
{
// err contains the code and message attributes, which help locate the issue during development.
}
}
catch (Exception _err)
{
TeaException err = new TeaException(new Dictionary<string, object>
{
{ "message", _err.Message }
});
if (!AlibabaCloud.TeaUtil.Common.Empty(err.Code) && !AlibabaCloud.TeaUtil.Common.Empty(err.Message))
{
// err contains the code and message attributes, which help locate the issue during development.
}
}
}
}
}
Response
Response body
| Name | Type | Description |
|---|
| result | Long | The restriction setting ID. |
Response body example
HTTP/1.1 200 OK
Content-Type:application/json
{
"result" : 10001
}
Error codes
If an error is returned when calling this API, look up the solution in the Global error codes documentation based on the error message.
| HttpCode | Error code | Error message | Description |
|---|
| 400 | userIdInvalid | The userId does not exist. | The userId does not exist. |
| 400 | excludeNodeExceed | The total number of elements across the excludeUserIds, excludeDeptIds, and excludeTagIds arrays cannot exceed 50. | The total number of elements across the excludeUserIds, excludeDeptIds, and excludeTagIds arrays cannot exceed 50. |
| 400 | subjectNodeExceed | The total number of elements across the subjectUserIds, subjectDeptIds, and subjectTagIds arrays cannot exceed 50. | The total number of elements across the subjectUserIds, subjectDeptIds, and subjectTagIds arrays cannot exceed 50. |
| 400 | typeInvalid | The type must be one of excludeNode, onlySelf, or onlySelfDeptAndChild. | The type must be one of excludeNode, onlySelf, or onlySelfDeptAndChild. |
| 400 | subjectNodeEmpty | subjectUserIds, subjectDeptIds, and subjectTagIds cannot all be empty. | subjectUserIds, subjectDeptIds, and subjectTagIds cannot all be empty. |
| 400 | idInvalid | The setting corresponding to the id does not exist. | The setting corresponding to the id does not exist. |
| 500 | system.error | System error. | System error. |
