Non-cardholder CUD requires RESTConfiguration licence

ref/cardholders.html

@@ -329,7 +329,21 @@ <h1 class="doc-title">Command Centre REST API: Cardholders
                   <a href="events.html#authentication">Authentication section</a> of the accompanying Alarms and Events API documentation to learn how to format your queries, and Command Centre&#39;s Configuration Client online help to learn how to ready the server to receive them (search for &#39;REST API&#39;).</p>
                 <p>Each section contains a list of use cases intended as quick solutions for simple tasks or a how-to to get you started toward your particular goal. However they also serve as a good introduction to the API if you step through them using a web browser, starting at <code>/api</code> on your Command Centre server. To do that, you will need a browser plugin that lets you set an Authorization HTTP header, and a JSON formatter to prettify the results documents. Search the Configuration client&#39;s online help for &#39;test REST API&#39; for guidance. You will also need to prepare Command Centre, as above.</p>
                 <h3 id="licensing">Licensing</h3>
-                <p>All of the API calls described here except visitor management are available with the RESTCardholders licence. Visitor management calls need both RESTCardholders and VisitorManagement. Without RESTCardholders, lockers and locker banks are available with the RESTStatus licence, and partially with the RESTOverrides licence.</p>
+                <p>All of the API calls described here are available with the RESTCardholders licence, with the following exceptions and notes:</p>
+                <ul>
+                  <li>
+                    <p>Visitor management calls need both RESTCardholders and VisitorManagement.</p>
+                  </li>
+                  <li>
+                    <p>Creating, modifying, and deleting competencies requires the RESTConfiguration licence.</p>
+                  </li>
+                  <li>
+                    <p>Creating, modifying, and deleting access groups, card types, personal data definitions, and roles will require the RESTConfiguration licence. These features are coming soon.</p>
+                  </li>
+                  <li>
+                    <p>Lockers and locker banks are also available with the RESTStatus licence, and a subset of their fields (enough to allow overriding them) are available with the RESTOverrides licence.</p>
+                  </li>
+                </ul>
                 <p>The server will return a 403 if you attempt an operation for which the server is not licensed.</p>
                 <h3 id="versions">Versions</h3>
                 <p>The body of this document clearly indicates when recent features arrived in the API so that readers with older versions of Command Centre know not to expect them.</p>
@@ -3955,6 +3969,7 @@ <h2 class="operation-title">
                   <p>You will achieve better performance if you combine all you want to achieve into one POST, rather than creating the access group bare with a POST then refining it with PATCHes later.</p>
                   <p>When successful it returns a location header containing the address of the new access group.</p>
                   <p>Note that you can only create one access group per POST.</p>
+                  <p>This call requires the RESTConfiguration licence.</p>
                 </section>
               </div>
             </div>
@@ -4353,6 +4368,7 @@ <h2 class="operation-title">
                   <p>The PATCH expects a document in the same format as the
                     <a href="#definition-Access-group-detail">the access group detail</a> but with fewer fields, given in
                     <a href="#definition-Access-group-POST-example">this POST example</a>. Note that you cannot change everything on an access group that the API shows you, such as its membership, access, and permissions. You can change its basic fields, PDFs, and membership defaults.</p>
+                  <p>This call requires the RESTConfiguration licence.</p>
                 </section>
               </div>
             </div>
@@ -4488,6 +4504,7 @@ <h2 class="operation-title">
                     </strong>
                   </p>
                   <p>This call removes an access group from Command Centre.</p>
+                  <p>This call requires the RESTConfiguration licence.</p>
                 </section>
               </div>
             </div>
@@ -4709,6 +4726,7 @@ <h2 class="operation-title">
                   <p>Note that you can only create one competency per POST.</p>
                   <p>Do not code this URL into your application. Take it from the results of <code>GET /api</code>.</p>
                   <p>New to Command Centre 9.10.</p>
+                  <p>This requires the RESTConfiguration licence.</p>
                 </section>
               </div>
             </div>
@@ -5229,6 +5247,7 @@ <h2 class="operation-title">
                     <a href="#definition-Competency-detail">the competency detail</a> but with fewer fields. An example is
                     <a href="#definition-Competency-PATCH-and-POST-example">this PATCH example</a>.</p>
                   <p>New to Command Centre 9.10.</p>
+                  <p>This call requires the RESTConfiguration licence.</p>
                 </section>
               </div>
             </div>
@@ -5355,6 +5374,7 @@ <h2 class="operation-title">
                 <section class="swagger-operation-description">
                   <p>This call removes a competency from Command Centre.</p>
                   <p>New to Command Centre 9.10.</p>
+                  <p>This call requires the RESTConfiguration licence.</p>
                 </section>
               </div>
             </div>
@@ -5387,6 +5407,7 @@ <h2 class="operation-title">
                     </div>
                     <div class="prop-value">
                       <p>Deleting the competency failed. This happens when the item is still being used by another item.</p>
+                      <p>This call requires the RESTConfiguration licence.</p>
                     </div>
                   </div>
                   <div class="prop-row prop-group">

ref/events.html

@@ -164,6 +164,7 @@ <h1 class="doc-title">Command Centre REST API: Alarms and Events
                 <p>Helper methods allow you to look up Command Centre&#39;s internal identifiers for cardholders, divisions, and other items, so that you can use those identifiers in search filters.</p>
                 <h3 id="licensing">Licensing</h3>
                 <p>All of the GETs in this document and the POSTs that manage alarms require the RESTEvents licence. The POST to create a new event requires RESTCreateEvents.</p>
+                <p>Creating, modifying, and deleting a division requires the RESTConfiguration licence.</p>
                 <p>The server will return a 403 if you attempt an operation for which the server is not licensed.</p>
                 <h3 id="versions">Versions</h3>
                 <p>The body of this document clearly indicates when recent features arrived in the API so that readers with older versions of Command Centre know not to expect them.</p>

swagger/cardholdersApi.yaml

@@ -44,11 +44,18 @@ info:
 
     ### Licensing
 
-    All of the API calls described here except visitor management are available with the
-    RESTCardholders licence.  Visitor management calls need both RESTCardholders and
-    VisitorManagement.  Without RESTCardholders, lockers and locker banks are available with the
-    RESTStatus licence, and partially with the
-    RESTOverrides licence.
+    All of the API calls described here are available with the RESTCardholders licence, with the
+    following exceptions and notes:
+
+      * Visitor management calls need both RESTCardholders and VisitorManagement.
+
+      * Creating, modifying, and deleting competencies requires the RESTConfiguration licence.
+
+      * Creating, modifying, and deleting access groups, card types, personal data definitions, and
+        roles will require the RESTConfiguration licence.  These features are coming soon.
+
+      * Lockers and locker banks are also available with the RESTStatus licence, and a subset of
+        their fields (enough to allow overriding them) are available with the RESTOverrides licence.
 
     The server will return a 403 if you attempt an operation for which the server is not licensed.
 
@@ -6739,6 +6746,8 @@ paths:
 
         Note that you can only create one access group per POST.
 
+        This call requires the RESTConfiguration licence.
+
       parameters:
         - name: "this string necessary but not rendered"
           in: body
@@ -6832,6 +6841,8 @@ paths:
         an access group that the API shows you, such as its membership, access, and permissions.
         You can change its basic fields, PDFs, and membership defaults.
 
+        This call requires the RESTConfiguration licence.
+
       parameters:
         - name: "this name not rendered"
           in: body
@@ -6883,6 +6894,8 @@ paths:
 
         This call removes an access group from Command Centre.
 
+        This call requires the RESTConfiguration licence.
+
       responses: 
         200: { description: "Success." }
         204: { description: "Success." }
@@ -6970,6 +6983,8 @@ paths:
 
         New to Command Centre 9.10.
 
+        This requires the RESTConfiguration licence.
+
       parameters:
         - name: "this name not rendered"
           in: body
@@ -7112,6 +7127,8 @@ paths:
 
         New to Command Centre 9.10.
 
+        This call requires the RESTConfiguration licence.
+
       parameters:
         - name: "this name not rendered"
           in: body
@@ -7161,13 +7178,18 @@ paths:
         This call removes a competency from Command Centre.
 
         New to Command Centre 9.10.
+
+        This call requires the RESTConfiguration licence.
       responses: 
         200: { description: "Success." }
         204: { description: "Success." }
         400:
           description: |
             Deleting the competency failed.  This happens when the item is still being used by
             another item.
+
+            This call requires the RESTConfiguration licence.
+
         403:
           description: |
             The operator has the permission to view the item but not delete it, or the server is not

swagger/eventsApi.yaml

@@ -35,6 +35,8 @@ info:
     All of the GETs in this document and the POSTs that manage alarms require the RESTEvents
     licence.  The POST to create a new event requires RESTCreateEvents.
 
+    Creating, modifying, and deleting a division requires the RESTConfiguration licence.
+
     The server will return a 403 if you attempt an operation for which the server is not licensed.
 
     ### Versions

training/rest_training.adoc

@@ -4113,6 +4113,9 @@ elevator settings.
 8.80 adds cardholder redaction:  scrubbing a person's activity and identifying information out of
 the database to help with privacy protection regulations.
 
+9.00 allows creating, modifying, and deleting access groups and
+competencies.  These require a new licence, RESTConfiguration.
+
 Car parks remain on the roadmap.
 
 These cardholder functions require the RESTCardholders licence. 8.20
@@ -4149,5 +4152,7 @@ Day categories are divisionless, which led to a slight change in the
 
 8.50 allows viewing elevator groups.
 
-As of 8.60, cardholders, schedules, and visits are the only items you
-can modify via the API.
+In versions up to and including 8.90, cardholders, schedules, and
+visits are the only items you can modify via the API.  9.00 added the
+ability to create, modify, and delete competencies and divisions under
+the new RESTConfiguration licence.