/
User Data Access Request History API
Document toolboxDocument toolbox

User Data Access Request History API

Owned by Marco Marasca
Last updated: Mar 10, 2025

See

PLFM-8805 - Getting issue details... STATUS
and the design at https://www.figma.com/design/AfH43XxYEHwkyEoO21erKQ/Access-History?node-id=1-5164&t=D0nXMrTryinmxDDj-0.

We currently do not have an existing API to fetch the submissions where a user is an accessor, we do have an API that performs a similar function, but it is targeted to ACT and data access reviewers (e.g. if a user is not in the ACT then it is treated as a reviewer, NOT as a generic user).

Additionally, the UI design calls for additional information that is relative to the caller user (e.g. expiration date of an approval):

user_data_access_list.jpg

Note that in addition to the APIs below we also need to modify the existing https://rest-docs.synapse.org/rest/GET/dataAccessSubmission/submissionId.html API to allow (on top of ACT or reviewers) accessors of a submission.

API

Request

Response

Description

API

Request

Response

Description

POST /dataAccessSubmission/userRequests

UserSubmissionSearchRequest

UserSubmissionSearchResponse

Allows to fetch a page of submissions where the calling user is an accessor. By default sorted by the submission creation date DESC.

It will include for each submission the specific submission approval status and expiration date (if any) for the user.

GET /dataAccessSubmission/{submissionId}/userAccessApproval

 

AccessApproval

Allows a user to fetch their own access approval information specific to a submission, as long as the user is an accessor in the submission.

UserSubmissionSearchRequest

{ "description": "A request to search through the user data access submissions", "properties": { "accessRequirementId": { "type": "string", "description": "Filter by the id of the access requirement of the submissions." }, "submissionState": { "description": "Filter by the state of the submissions", "$ref": "org.sagebionetworks.repo.model.dataaccess.SubmissionState" }, "sort": { "type": "array", "items": { "$ref": "org.sagebionetworks.repo.model.dataaccess.UserSubmissionSearchSort" } }, "nextPageToken": { "type": "string", "description": "A token used to get the next page of a request." } } }

UserSubmissionSearchResponse

{ "description": "Response for the request to search through the user data access submissions", "properties": { "results": { "type":"array", "items": { "$ref": "org.sagebionetworks.repo.model.dataaccess.UserSubmissionSearchResult" }, "description":"The matching submissions information corresponding to the search parameters" }, "nextPageToken": { "type": "string", "description": "A token used to get the next page of a particular search query." } } }

UserSubmissionSearchResult

{ "title": "User Data Access Submission Search Result Item", "description": "", "properties": { "id": { "description": "The id of the submission", "type": "string" }, "createdOn": { "type": "string", "format": "date-time" }, "modifiedOn": { "type": "string", "format": "date-time" }, "accessRequirementId": { "description": "The id of the access requirement the submission is for", "type": "string" }, "accessRequirementVersion": { "description": "The version of the requirement that the submission refers to", "type": "string" }, "accessRequirementName": { "description": "The name of the access requirement", "type": "string" }, "submitterId": { "description": "The principal ID of the person who created the submission", "type": "string" }, "state": { "$ref": "org.sagebionetworks.repo.model.dataaccess.SubmissionState" }, "userAccessApproval": { "description": "The access approval for the user in the context of the submission.", "$ref": "org.sagebionetworks.repo.model.AccessApproval" } } }

AccessApproval

{ "title": "Access Approval", "description": "JSON schema for AccessApproval POJO", "name": "AccessApproval", "properties": { "id": { "type": "integer", "description": "The unique immutable ID", "transient": true }, "etag": { "type": "string", "description": "Synapse employs an Optimistic Concurrency Control (OCC) scheme to handle concurrent updates. Since the E-Tag changes every time an entity is updated it is used to detect when a client's current representation of an object is out-of-date.", "transient": true }, "createdOn": { "type": "string", "format": "date-time", "description": "The date this object was created.", "title": "Created On", "transient": true }, "modifiedOn": { "type": "string", "format": "date-time", "description": "The date this object was last modified.", "title": "Modified On", "transient": true }, "createdBy": { "type": "string", "description": "The user that created this object.", "title": "Created By", "transient": true }, "modifiedBy": { "type": "string", "description": "The user that last modified this object.", "title": "Modified By", "transient": true }, "requirementId": { "type": "integer", "description": "The ID of the Access Requirement that this object approves.", "transient": true }, "requirementVersion": { "type": "integer", "description": "The version of the Access Requirement that this object approves.", "transient": true }, "submitterId": { "type": "string", "description": "The user who performed the necessary action(s) to gain this approval.", "transient": true }, "accessorId": { "type": "string", "description": "The ID of the principal (user or group) approved for access", "title": "Accessor", "transient": true }, "expiredOn": { "type": "string", "format": "date-time", "description": "The date this object will be expired.", "title": "Expired On", "transient": true }, "state": { "description": "The state of this approval.", "$ref": "org.sagebionetworks.repo.model.ApprovalState" } } }