Get or Modify Access Permissions for entity.rights
If you are developing integrations for Bitrix24 using AI tools (Codex, Claude Code, Cursor), connect to the MCP server so that the assistant can utilize the official REST documentation.
Scope:
entityWho can execute the method:
- Any user can retrieve current permissions
- A user with access level
X(management) can modify permissions for the data storage
The entity.rights method retrieves the current set of access permissions for the application's data storage or modifies it.
The method works only in the context of the application.
Method Parameters
Required parameters are marked with *
|
Name |
Description |
|
ENTITY* |
Identifier of the application's data storage. Use the value specified when creating the storage. You can obtain the identifier using the entity.get method. |
|
ACCESS |
A new set of permissions in the format Examples of access codes:
The method accepts standard access codes from Bitrix24. You can check the name of the code using the access.name method. Supported levels:
If a different level is provided, that permission entry will not be added. When If the parameter is not provided, the method returns the current set of access permissions. |
Code Examples
How to Use Examples in Documentation
Example of modifying access permissions, where:
ENTITY— identifier of the storagedishACCESS— new set of permissions:U1with levelWandAUwith levelR
curl -X POST \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d '{"ENTITY":"dish","ACCESS":{"U1":"W","AU":"R"},"auth":"**put_access_token_here**"}' \
https://**put_your_bitrix24_address**/rest/entity.rights
try
{
const response = await $b24.callMethod(
'entity.rights',
{
ENTITY: 'dish',
ACCESS: {
U1: 'W',
AU: 'R',
},
}
);
const result = response.getData().result;
console.info(result);
}
catch (error)
{
console.error('Error:', error);
}
try {
$response = $b24Service
->core
->call(
'entity.rights',
[
'ENTITY' => 'dish',
'ACCESS' => [
'U1' => 'W',
'AU' => 'R',
],
]
);
$result = $response
->getResponseData()
->getResult();
echo '<pre>';
print_r($result);
echo '</pre>';
} catch (Throwable $e) {
error_log($e->getMessage());
echo 'Error getting entity rights: ' . $e->getMessage();
}
BX24.callMethod(
'entity.rights',
{
ENTITY: 'dish',
ACCESS: {
U1: 'W',
AU: 'R',
},
},
(result) => {
result.error()
? console.error(result.error())
: console.info(result.data())
;
},
);
require_once('crest.php');
$result = CRest::call(
'entity.rights',
[
'ENTITY' => 'dish',
'ACCESS' => [
'U1' => 'W',
'AU' => 'R',
],
]
);
echo '<PRE>';
print_r($result);
echo '</PRE>';
Response Handling
HTTP Status: 200
{
"result": {
"U1": "W",
"AU": "R",
"U577": "X"
},
"time": {
"start": 1774267885,
"finish": 1774267885.803565,
"duration": 0.8035650253295898,
"processing": 0,
"date_start": "2026-03-23T15:11:25+02:00",
"date_finish": "2026-03-23T15:11:25+02:00",
"operating_reset_at": 1774268485,
"operating": 0
}
}
Returned Data
|
Name |
Description |
|
result |
Root element of the response. Contains the current set of access permissions for the storage. |
|
time |
Information about the execution time of the request. |
Type result
|
Name |
Description |
|
Access permissions object in the format |
|
|
|
Returned if the storage with the provided |
Error Handling
HTTP Status: 400
{
"error": "ERROR_ARGUMENT",
"error_description": "Argument 'ENTITY' is null or empty",
"argument": "ENTITY"
}
|
Name |
Description |
|
error |
String error code. It may consist of digits, Latin letters, and underscores |
|
error_description |
Textual description of the error. The description is not intended to be shown to the end user in its raw form |
Possible Error Codes
|
Code |
Description |
Value |
|
|
Argument 'ENTITY' is null or empty |
Parameter |
|
|
Entity code is too long. Max length is 13 characters. |
The value of |
|
|
Access denied! |
Insufficient permissions to modify access permissions for the storage. |
Statuses and System Error Codes
HTTP Status: 20x, 40x, 50x
The errors described below may occur when calling any method.
|
Status |
Code |
Description |
|
|
|
An internal server error has occurred. Please contact the server administrator or Bitrix24 technical support |
|
|
|
An internal server error has occurred. Please contact the server administrator or Bitrix24 technical support |
|
|
|
The request intensity limit has been exceeded |
|
|
|
The current method is not permitted for calls using batch |
|
|
|
The maximum length of parameters passed to the batch method has been exceeded |
|
|
|
Invalid access token or webhook code |
|
|
|
The HTTPS protocol is required for method calls |
|
|
|
The REST API is blocked due to overload. This is a manual individual block; please contact Bitrix24 technical support to lift it |
|
|
|
The REST API is only available on commercial plans |
|
|
|
The user associated with the access token or webhook used to call the method lacks the necessary permissions |
|
|
|
The manifest is not available |
|
|
|
The request requires higher privileges than those provided by the webhook token |
|
|
|
The provided access token has expired |
|
|
|
The user does not have access to the application. This means that the application is installed, but the portal administrator has restricted access to this application to specific users only |
|
|
|
The public part of the site is closed. To open the public part of the site on an on-premise installation, disable the "Temporary closure of the public part of the site" option. Path to the setting: Desktop > Settings > Product Settings > Module Settings > Main Module > Temporary closure of the public part of the site |
Continue Learning
- Create a Data Storage entity.add
- Change Parameters of entity.update
- Get Storage Parameters or List of Storages entity.get
- Delete Data Store entity.delete