> ## Documentation Index > Fetch the complete documentation index at: https://docs.prisme.ai/llms.txt > Use this file to discover all available pages before exploring further. # Get Security > Get workspace security ## OpenAPI ````yaml /api-reference/swagger.yml get /v2/workspaces/{workspaceId}/security openapi: 3.0.0 info: version: 1.0.0 title: Prisme.ai APIs description: Prisme.ai APIs specifications termsOfService: https://www.prisme.ai/mentions-legales contact: name: Prisme.ai Support Team email: support@prisme.ai url: https://www.prisme.ai license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html servers: - url: https://api.studio.prisme.ai description: Prisme.ai Cloud - url: https://{customDomain} description: Self-hosted Prisme.ai instance variables: customDomain: default: api.your-prisme-instance.com description: API hostname of your self-hosted Prisme.ai deployment - url: http://localhost:3001 description: Local development security: - BearerAuth: [] - OrgApiKeyAuth: [] - BearerAuth: [] OrgApiKeyAuth: [] tags: - name: API Gateway description: >- Authentication, session management, SSO providers, and user profile endpoints. - name: Prisme.ai Workspaces description: >- CRUD operations for workspaces and their resources (pages, apps, automations, imports, variables). - name: Prisme.ai Runtime description: Execute workspace automations and manage their runtime lifecycle. - name: Prisme.ai Events description: Event ingestion, delivery, and subscription filtering across the platform. - name: Organizations description: >- Manage organizations, members, roles, invites, groups, and org-level service accounts. - name: Subscriptions description: >- Manage organization subscription plans and tier assignments (SuperAdmin only). - name: Secrets description: Read and patch encrypted key-value secrets scoped to a workspace. - name: ApiKeys description: Create, list, rotate, and validate workspace-scoped API keys. - name: Permissions description: >- Share or unshare resources (workspaces, pages, …) with users via roles or fine-grained rules. - name: Monitoring description: Platform readiness checks across services (SuperAdmin only). - name: AuthProviders paths: /v2/workspaces/{workspaceId}/security: get: tags: - Prisme.ai Workspaces summary: Get Security description: Get workspace security operationId: getSecurity parameters: - name: workspaceId in: path description: Workspace id required: true schema: type: string responses: '200': description: Success Response content: application/json: schema: $ref: '#/components/schemas/WorkspaceSecurity' '400': description: Bad parameters content: application/json: schema: $ref: '#/components/schemas/BadParametersError' '401': description: AuthenticationError content: application/json: schema: $ref: '#/components/schemas/AuthenticationError' '403': description: Bad permissions content: application/json: schema: $ref: '#/components/schemas/ForbiddenError' '404': description: Object not found content: application/json: schema: $ref: '#/components/schemas/ObjectNotFoundError' components: schemas: WorkspaceSecurity: type: object additionalProperties: false properties: authorizations: $ref: '#/components/schemas/WorkspaceAuthorizations' authentication: type: object properties: clientId: type: string BadParametersError: type: object properties: error: type: string example: BadParameters message: type: string details: {} AuthenticationError: type: object properties: error: type: string example: AuthenticationError message: type: string example: Unauthenticated ForbiddenError: type: object properties: error: type: string example: ForbiddenError message: type: string example: Forbidden ObjectNotFoundError: type: object properties: error: type: string example: ObjectNotFound message: type: string WorkspaceAuthorizations: type: object additionalProperties: false properties: roles: additionalProperties: $ref: '#/components/schemas/WorkspaceRole' rules: type: array items: $ref: '#/components/schemas/PermissionRule' WorkspaceRole: type: object additionalProperties: false properties: description: type: string auth: type: object properties: prismeai: type: object properties: conditions: type: object additionalProperties: true azure: type: object properties: conditions: type: object additionalProperties: true basic: type: object properties: username: type: string password: type: string apiKey: type: object PermissionRule: type: object additionalProperties: false required: - action - subject properties: role: description: The roles to which this rule is restricted oneOf: - type: array items: type: string - type: string inverted: type: boolean description: If true, will forbid instead of allow reason: type: string action: description: The actions that we want to allow/deny anyOf: - $ref: '#/components/schemas/ActionTypes' - type: array items: $ref: '#/components/schemas/ActionTypes' - type: string - type: array items: type: string subject: oneOf: - $ref: '#/components/schemas/SubjectTypes' - type: array items: $ref: '#/components/schemas/SubjectTypes' conditions: type: object description: >- Matching conditions written using a subset of MongoDB queries. This rule will take effect only if conditions match (or are empty). See https://casl.js.org/v5/en/guide/conditions-in-depth additionalProperties: true fields: type: array items: type: string description: >- Field-level permissions. When specified, the rule only applies to these fields of the subject. priority: type: number ActionTypes: type: string enum: - manage - create - read - update - delete - manage_permissions - manage_security - manage_repositories - read_app_dsul - get_usage - aggregate_search - execute - test SubjectTypes: type: string enum: - apps - pages - files - events - workspaces - automations - secrets - secure_secrets - workspace_keyrings - roles - orgs - orgs:members - orgs:groups - orgs:groups:members - orgs:invites - orgs:subscriptions - orgs:roles - orgs:apikeys - orgs:sso - orgs:service-accounts - users - all securitySchemes: BearerAuth: type: http scheme: bearer bearerFormat: JWT OrgApiKeyAuth: type: apiKey in: header name: x-prismeai-api-key ````