Skip to main content
Call this API to add permissions for a permission member based on the file UUID, operator unionId, role ID, and other information.

Request

Basic information

FieldValue
HTTP URLhttps://api.dingtalk.io/v2.0/storage/spaces/dentries/{dentryUuid}/permissions
HTTP MethodPOST
Supported app typeappType-Internal app
Required permissionspermission-Storage.Permission.Write-Write permission for organization storage authorization information

Request headers

NameTypeRequiredDescription
x-acs-dingtalk-access-tokenStringYesThe access credential used to call this API. Obtain it by calling the Get the access token of an internal app API.

Path parameters

NameTypeRequiredDescription
dentryUuidStringYesThe file UUID. Call the File Search API or the Get dentryUuid information API to obtain the value of the dentryUuid response parameter.

Query parameters

NameTypeRequiredDescription
unionIdStringYesThe unionId of the user. Call the Query user details API to obtain the value of the unionid parameter.

Request body

NameTypeRequiredDescription
roleIdStringYesThe role ID. Enum values: - OWNER: Owner, with the following permission scopes: - PermissionPrivilegeEnum.INFO - PermissionPrivilegeEnum.LIST - PermissionPrivilegeEnum.PREVIEW - PermissionPrivilegeEnum.READ - PermissionPrivilegeEnum.WRITE - PermissionPrivilegeEnum.DOWNLOAD - PermissionPrivilegeEnum.ADD - PermissionPrivilegeEnum.DELETE - PermissionPrivilegeEnum.MODIFY - PermissionPrivilegeEnum.COPY - PermissionPrivilegeEnum.RENAME - PermissionPrivilegeEnum.READ_PERMISSION - PermissionPrivilegeEnum.WRITE_PERMISSION - PermissionPrivilegeEnum.ASSIGN - MANAGER: Manager, with the following permission scopes: - PermissionPrivilegeEnum.INFO - PermissionPrivilegeEnum.LIST - PermissionPrivilegeEnum.PREVIEW - PermissionPrivilegeEnum.READ - PermissionPrivilegeEnum.WRITE - PermissionPrivilegeEnum.DOWNLOAD - PermissionPrivilegeEnum.ADD - PermissionPrivilegeEnum.DELETE - PermissionPrivilegeEnum.MODIFY - PermissionPrivilegeEnum.COPY - PermissionPrivilegeEnum.RENAME - PermissionPrivilegeEnum.READ_PERMISSION - PermissionPrivilegeEnum.WRITE_PERMISSION - EDITOR: Editor, with the following permission scopes: - PermissionPrivilegeEnum.INFO - PermissionPrivilegeEnum.LIST - PermissionPrivilegeEnum.PREVIEW - PermissionPrivilegeEnum.READ - PermissionPrivilegeEnum.WRITE - PermissionPrivilegeEnum.DOWNLOAD - PermissionPrivilegeEnum.ADD - DOWNLOADER: Viewer with download permission, with the following permission scopes: - PermissionPrivilegeEnum.INFO - PermissionPrivilegeEnum.LIST - PermissionPrivilegeEnum.PREVIEW - PermissionPrivilegeEnum.READ - PermissionPrivilegeEnum.DOWNLOAD - READER: View-only, with the following permission scopes: - PermissionPrivilegeEnum.INFO - PermissionPrivilegeEnum.LIST - PermissionPrivilegeEnum.PREVIEW
membersArrayYesThe list of permission members. A maximum of 30 members is allowed.
typeStringYesThe type of the permission member. Enum values: - ORG: Organization - DEPT: Department - TAG: Custom tag - CONVERSATION: Chat - USER: User
idStringYesThe ID of the permission member: - When type=ORG, id is the organization ID. - When type=DEPT, id is the department ID. - When type=TAG, id is the tag ID. - When type=CONVERSATION, id is the chat ID. - When type=USER, id is the userId of the employee.
corpIdStringNoThe organization to which the permission belongs: - If an organization ID exists, the permission is automatically cleared when the corresponding member leaves the organization. - If memberType is dept, an organization ID is required.
nameStringNoThe user name: - When type=ORG, name is the organization name. - When type=DEPT, name is the department name. - When type=TAG, name is the tag name. - When type=CONVERSATION, name is the chat name. - When type=USER, name is the employee name.
optionObjectNoOptional parameters.
durationLongNoThe validity period, in seconds. - Currently, only Spaces with an OwnerType of APP support temporary permissions. - The maximum value is 3600.

Request example

HTTP 
POST /v2.0/storage/spaces/dentries/EpGBxxxx7R35y/permissions?unionId=tXguNxxxxAiEiE HTTP/1.1
Host:api.dingtalk.io
x-acs-dingtalk-access-token:access_token
Content-Type:application/json

{
  "roleId" : "MANAGER",
  "members" : [ {
    "type" : "USER",
    "id" : "01472825524039877041",
    "corpId" : "ding16b241fd05********288"
  } ],
  "option" : {
    "duration" : 3600
  }
}
Java 
package com.aliyun.sample;

import com.aliyun.tea.*;

public class Sample {

    /**
     * <b>description</b> :
     * <p>Initialize the account Client with the Token</p>
     * @return Client
     * 
     * @throws Exception
     */
    public static com.aliyun.dingtalkstorage_2_0.Client createClient() throws Exception {
        com.aliyun.teaopenapi.models.Config config = new com.aliyun.teaopenapi.models.Config();
        config.protocol = "https";
        config.regionId = "central";
        return new com.aliyun.dingtalkstorage_2_0.Client(config);
    }

    public static void main(String[] args_) throws Exception {
        
        com.aliyun.dingtalkstorage_2_0.Client client = Sample.createClient();
        com.aliyun.dingtalkstorage_2_0.models.AddPermissionHeaders addPermissionHeaders = new com.aliyun.dingtalkstorage_2_0.models.AddPermissionHeaders();
        addPermissionHeaders.xAcsDingtalkAccessToken = "<your access token>";
        com.aliyun.dingtalkstorage_2_0.models.AddPermissionRequest.AddPermissionRequestOption option = new com.aliyun.dingtalkstorage_2_0.models.AddPermissionRequest.AddPermissionRequestOption()
                .setDuration(3600L);
        com.aliyun.dingtalkstorage_2_0.models.AddPermissionRequest.AddPermissionRequestMembers members0 = new com.aliyun.dingtalkstorage_2_0.models.AddPermissionRequest.AddPermissionRequestMembers()
                .setType("USER")
                .setId("01472825524039877041")
                .setCorpId("ding16b241fd05********288");
        com.aliyun.dingtalkstorage_2_0.models.AddPermissionRequest addPermissionRequest = new com.aliyun.dingtalkstorage_2_0.models.AddPermissionRequest()
                .setUnionId("tXguNxxxxAiEiE")
                .setRoleId("MANAGER")
                .setMembers(java.util.Arrays.asList(
                    members0
                ))
                .setOption(option);
        try {
            client.addPermissionWithOptions("EpGBxxxx7R35y", addPermissionRequest, addPermissionHeaders, new com.aliyun.teautil.models.RuntimeOptions());
        } catch (TeaException err) {
            if (!com.aliyun.teautil.Common.empty(err.code) && !com.aliyun.teautil.Common.empty(err.message)) {
                // err contains the code and message properties, which help you locate the issue
            }

        } catch (Exception _err) {
            TeaException err = new TeaException(_err.getMessage(), _err);
            if (!com.aliyun.teautil.Common.empty(err.code) && !com.aliyun.teautil.Common.empty(err.message)) {
                // err contains the code and message properties, which help you locate the issue
            }

        }        
    }
}
Python 
# -*- coding: utf-8 -*-
# This file is auto-generated, don't edit it. Thanks.
import os
import sys
import json

from typing import List

from alibabacloud_dingtalk.storage_2_0.client import Client as dingtalkstorage_2_0Client
from alibabacloud_tea_openapi import models as open_api_models
from alibabacloud_dingtalk.storage_2_0 import models as dingtalkstorage__2__0_models
from alibabacloud_tea_util import models as util_models
from alibabacloud_tea_util.client import Client as UtilClient

class Sample:
    def __init__(self):
        pass

    @staticmethod
    def create_client() -> dingtalkstorage_2_0Client:
        """
        Initialize the account Client with the Token
        @return: Client
        @throws Exception
        """
        config = open_api_models.Config()
        config.protocol = 'https'
        config.region_id = 'central'
        return dingtalkstorage_2_0Client(config)

    @staticmethod
    def main(
        args: List[str],
    ) -> None:
        client = Sample.create_client()
        add_permission_headers = dingtalkstorage__2__0_models.AddPermissionHeaders()
        add_permission_headers.x_acs_dingtalk_access_token = '<your access token>'
        option = dingtalkstorage__2__0_models.AddPermissionRequestOption(
            duration=3600
        )
        members_0 = dingtalkstorage__2__0_models.AddPermissionRequestMembers(
            type='USER',
            id='01472825524039877041',
            corp_id='ding16b241fd05********288'
        )
        add_permission_request = dingtalkstorage__2__0_models.AddPermissionRequest(
            union_id='tXguNxxxxAiEiE',
            role_id='MANAGER',
            members=[
                members_0
            ],
            option=option
        )
        try:
            client.add_permission_with_options('EpGBxxxx7R35y', add_permission_request, add_permission_headers, util_models.RuntimeOptions())
        except Exception as err:
            if not UtilClient.empty(err.code) and not UtilClient.empty(err.message):
                # err contains the code and message properties, which help you locate the issue
                pass

    @staticmethod
    async def main_async(
        args: List[str],
    ) -> None:
        client = Sample.create_client()
        add_permission_headers = dingtalkstorage__2__0_models.AddPermissionHeaders()
        add_permission_headers.x_acs_dingtalk_access_token = '<your access token>'
        option = dingtalkstorage__2__0_models.AddPermissionRequestOption(
            duration=3600
        )
        members_0 = dingtalkstorage__2__0_models.AddPermissionRequestMembers(
            type='USER',
            id='01472825524039877041',
            corp_id='ding16b241fd05********288'
        )
        add_permission_request = dingtalkstorage__2__0_models.AddPermissionRequest(
            union_id='tXguNxxxxAiEiE',
            role_id='MANAGER',
            members=[
                members_0
            ],
            option=option
        )
        try:
            await client.add_permission_with_options_async('EpGBxxxx7R35y', add_permission_request, add_permission_headers, util_models.RuntimeOptions())
        except Exception as err:
            if not UtilClient.empty(err.code) and not UtilClient.empty(err.message):
                # err contains the code and message properties, which help you locate the issue
                pass

if __name__ == '__main__':
    Sample.main(sys.argv[1:])
PHP 
<?php

// This file is auto-generated, don't edit it. Thanks.
namespace AlibabaCloud\SDK\Sample;

use AlibabaCloud\SDK\Dingtalk\Vstorage_2_0\Dingtalk;
use \Exception;
use AlibabaCloud\Tea\Exception\TeaError;
use AlibabaCloud\Tea\Utils\Utils;

use Darabonba\OpenApi\Models\Config;
use AlibabaCloud\SDK\Dingtalk\Vstorage_2_0\Models\AddPermissionHeaders;
use AlibabaCloud\SDK\Dingtalk\Vstorage_2_0\Models\AddPermissionRequest\option;
use AlibabaCloud\SDK\Dingtalk\Vstorage_2_0\Models\AddPermissionRequest\members;
use AlibabaCloud\SDK\Dingtalk\Vstorage_2_0\Models\AddPermissionRequest;
use AlibabaCloud\Tea\Utils\Utils\RuntimeOptions;

class Sample {

    /**
     * Initialize the account Client with the Token
     * @return Dingtalk Client
     */
    public static function createClient(){
        $config = new Config([]);
        $config->protocol = "https";
        $config->regionId = "central";
        return new Dingtalk($config);
    }

    /**
     * @param string[] $args
     * @return void
     */
    public static function main($args){
        $client = self::createClient();
        $addPermissionHeaders = new AddPermissionHeaders([]);
        $addPermissionHeaders->xAcsDingtalkAccessToken = "<your access token>";
        $option = new option([
            "duration" => 3600
        ]);
        $members0 = new members([
            "type" => "USER",
            "id" => "01472825524039877041",
            "corpId" => "ding16b241fd05********288"
        ]);
        $addPermissionRequest = new AddPermissionRequest([
            "unionId" => "tXguNxxxxAiEiE",
            "roleId" => "MANAGER",
            "members" => [
                $members0
            ],
            "option" => $option
        ]);
        try {
            $client->addPermissionWithOptions("EpGBxxxx7R35y", $addPermissionRequest, $addPermissionHeaders, new RuntimeOptions([]));
        }
        catch (Exception $err) {
            if (!($err instanceof TeaError)) {
                $err = new TeaError([], $err->getMessage(), $err->getCode(), $err);
            }
            if (!Utils::empty_($err->code) && !Utils::empty_($err->message)) {
                // err contains the code and message properties, which help you locate the issue
            }
        }
    }
}
$path = __DIR__ . \DIRECTORY_SEPARATOR . '..' . \DIRECTORY_SEPARATOR . 'vendor' . \DIRECTORY_SEPARATOR . 'autoload.php';
if (file_exists($path)) {
    require_once $path;
}
Sample::main(array_slice($argv, 1));
Go 
package main

import (
  "encoding/json"
  "strings"
  "fmt"
  "os"
  util  "github.com/alibabacloud-go/tea-utils/v2/service"
  dingtalkstorage_2_0  "github.com/alibabacloud-go/dingtalk/storage_2_0"
  openapi  "github.com/alibabacloud-go/darabonba-openapi/v2/client"
  "github.com/alibabacloud-go/tea/tea"
)

// Description:
// 
// Initialize the account Client with the Token
// 
// @return Client
// 
// @throws Exception
func CreateClient () (_result *dingtalkstorage_2_0.Client, _err error) {
  config := &openapi.Config{}
  config.Protocol = tea.String("https")
  config.RegionId = tea.String("central")
  _result = &dingtalkstorage_2_0.Client{}
  _result, _err = dingtalkstorage_2_0.NewClient(config)
  return _result, _err
}

func _main (args []*string) (_err error) {
  client, _err := CreateClient()
  if _err != nil {
    return _err
  }

  addPermissionHeaders := &dingtalkstorage_2_0.AddPermissionHeaders{}
  addPermissionHeaders.XAcsDingtalkAccessToken = tea.String("<your access token>")
  option := &dingtalkstorage_2_0.AddPermissionRequestOption{
    Duration: tea.Int64(3600),
  }
  members0 := &dingtalkstorage_2_0.AddPermissionRequestMembers{
    Type: tea.String("USER"),
    Id: tea.String("01472825524039877041"),
    CorpId: tea.String("ding16b241fd05********288"),
  }
  addPermissionRequest := &dingtalkstorage_2_0.AddPermissionRequest{
    UnionId: tea.String("tXguNxxxxAiEiE"),
    RoleId: tea.String("MANAGER"),
    Members: []*dingtalkstorage_2_0.AddPermissionRequestMembers{members0},
    Option: option,
  }
  tryErr := func()(_e error) {
    defer func() {
      if r := tea.Recover(recover()); r != nil {
        _e = r
      }
    }()
    _, _err = client.AddPermissionWithOptions(tea.String("EpGBxxxx7R35y"), addPermissionRequest, addPermissionHeaders, &util.RuntimeOptions{})
    if _err != nil {
      return _err
    }

    return nil
  }()

  if tryErr != nil {
    var err = &tea.SDKError{}
    if _t, ok := tryErr.(*tea.SDKError); ok {
      err = _t
    } else {
      err.Message = tea.String(tryErr.Error())
    }
    if !tea.BoolValue(util.Empty(err.Code)) && !tea.BoolValue(util.Empty(err.Message)) {
      // err contains the code and message properties, which help you locate the issue
    }

  }
  return _err
}

func main() {
  err := _main(tea.StringSlice(os.Args[1:]))
  if err != nil {
    panic(err)
  }
}
Node.js 
'use strict';
// This file is auto-generated, don't edit it
const Util = require('@alicloud/tea-util');
const dingtalkstorage_2_0 = require('@alicloud/dingtalk/storage_2_0');
const OpenApi = require('@alicloud/openapi-client');
const Tea = require('@alicloud/tea-typescript');

class Client {

  /**
   * Initialize the account Client with the Token
   * @return Client
   * @throws Exception
   */
  static createClient() {
    let config = new OpenApi.Config({ });
    config.protocol = 'https';
    config.regionId = 'central';
    return new dingtalkstorage_2_0.default(config);
  }

  static async main(args) {
    let client = Client.createClient();
    let addPermissionHeaders = new dingtalkstorage_2_0.AddPermissionHeaders({ });
    addPermissionHeaders.xAcsDingtalkAccessToken = '<your access token>';
    let option = new dingtalkstorage_2_0.AddPermissionRequestOption({
      duration: 3600,
    });
    let members0 = new dingtalkstorage_2_0.AddPermissionRequestMembers({
      type: 'USER',
      id: '01472825524039877041',
      corpId: 'ding16b241fd05********288',
    });
    let addPermissionRequest = new dingtalkstorage_2_0.AddPermissionRequest({
      unionId: 'tXguNxxxxAiEiE',
      roleId: 'MANAGER',
      members: [
        members0
      ],
      option: option,
    });
    try {
      await client.addPermissionWithOptions('EpGBxxxx7R35y', addPermissionRequest, addPermissionHeaders, new Util.RuntimeOptions({ }));
    } catch (err) {
      if (!Util.default.empty(err.code) && !Util.default.empty(err.message)) {
        // err contains the code and message properties, which help you locate the issue
      }

    }    
  }

}

exports.Client = Client;
Client.main(process.argv.slice(2));
C# 
using Newtonsoft.Json;
using System;
using System.Collections;
using System.Collections.Generic;
using System.IO;
using System.Threading.Tasks;

using Tea;
using Tea.Utils;

namespace AlibabaCloud.SDK.Sample
{
    public class Sample 
    {

        /// <term><b>Description:</b></term>
        /// <description>
        /// <para>Initialize the account Client with the Token</para>
        /// </description>
        /// 
        /// <returns>
        /// Client
        /// </returns>
        /// 
        /// <term><b>Exception:</b></term>
        /// Exception
        public static AlibabaCloud.SDK.Dingtalkstorage_2_0.Client CreateClient()
        {
            AlibabaCloud.OpenApiClient.Models.Config config = new AlibabaCloud.OpenApiClient.Models.Config();
            config.Protocol = "https";
            config.RegionId = "central";
            return new AlibabaCloud.SDK.Dingtalkstorage_2_0.Client(config);
        }

        public static void Main(string[] args)
        {
            AlibabaCloud.SDK.Dingtalkstorage_2_0.Client client = CreateClient();
            AlibabaCloud.SDK.Dingtalkstorage_2_0.Models.AddPermissionHeaders addPermissionHeaders = new AlibabaCloud.SDK.Dingtalkstorage_2_0.Models.AddPermissionHeaders();
            addPermissionHeaders.XAcsDingtalkAccessToken = "<your access token>";
            AlibabaCloud.SDK.Dingtalkstorage_2_0.Models.AddPermissionRequest.AddPermissionRequestOption option = new AlibabaCloud.SDK.Dingtalkstorage_2_0.Models.AddPermissionRequest.AddPermissionRequestOption
            {
                Duration = 3600,
            };
            AlibabaCloud.SDK.Dingtalkstorage_2_0.Models.AddPermissionRequest.AddPermissionRequestMembers members0 = new AlibabaCloud.SDK.Dingtalkstorage_2_0.Models.AddPermissionRequest.AddPermissionRequestMembers
            {
                Type = "USER",
                Id = "01472825524039877041",
                CorpId = "ding16b241fd05********288",
            };
            AlibabaCloud.SDK.Dingtalkstorage_2_0.Models.AddPermissionRequest addPermissionRequest = new AlibabaCloud.SDK.Dingtalkstorage_2_0.Models.AddPermissionRequest
            {
                UnionId = "tXguNxxxxAiEiE",
                RoleId = "MANAGER",
                Members = new List<AlibabaCloud.SDK.Dingtalkstorage_2_0.Models.AddPermissionRequest.AddPermissionRequestMembers>
                {
                    members0
                },
                Option = option,
            };
            try
            {
                client.AddPermissionWithOptions("EpGBxxxx7R35y", addPermissionRequest, addPermissionHeaders, new AlibabaCloud.TeaUtil.Models.RuntimeOptions());
            }
            catch (TeaException err)
            {
                if (!AlibabaCloud.TeaUtil.Common.Empty(err.Code) && !AlibabaCloud.TeaUtil.Common.Empty(err.Message))
                {
                    // err contains the code and message properties, which help you locate the issue
                }
            }
            catch (Exception _err)
            {
                TeaException err = new TeaException(new Dictionary<string, object>
                {
                    { "message", _err.Message }
                });
                if (!AlibabaCloud.TeaUtil.Common.Empty(err.Code) && !AlibabaCloud.TeaUtil.Common.Empty(err.Message))
                {
                    // err contains the code and message properties, which help you locate the issue
                }
            }
        }

    }
}

Response

Response body

NameTypeDescription
successBooleanIndicates whether the operation succeeded.

Response body example

HTTP/1.1 200 OK
Content-Type:application/json

{
  "success" : true
}

Error codes

If an error is returned when you call this API, look up the solution in the Global error codes document based on the error message.
HttpCodeError codeError messageDescription
400paramError%sParameter error
400paramError.dentryUuid%sParameter error - dentryUuid
400paramError.roleId%sParameter error - roleId
400paramError.permissionMemberType%sParameter error - permissionMemberType
403permissionDenied%sThe user lacks the required authorization.
404spaceNotExist%sThe space does not exist.
404dentryNotExist%sThe file does not exist.
500systemError%sSystem error
500unknownErrorUnknown ErrorUnknown error
503operationTimeout%sRequest timed out