Getting Started with Organization Authorizations

Warning

Deprecation Notice
The Marketing version 202303 (Marketing March 2023) and below has been sunset and the unversioned APIs are going to be sunset soon. We recommend that you migrate to the versioned APIs as well as migrate to the new Content and Community Management APIs to avoid disruptions. See the Migration page for more details. If you haven’t yet migrated and have questions, submit a request on the LinkedIn Developer Support Portal.

Members require more granular permissions to assign administrator roles to an employee's job function. In the past, this may have required assigning everyone as an administrator. As new roles are introduced, the task of discovering, mapping, and assigning roles to permissions can be time-consuming.

Current role-based permissions using /organizationAcls are either too powerful or too restrictive.

LinkedIn recommends that partners call the permission-based endpoint /organizationAuthorizations, to check a user's permission level, e.g., authorize user to post as an organization (company.)

host: api.linkedin.com
basePath: /v2
scheme: https
endpoint: /organizationAuthorizations
methods: GET, BATCH_GET, BATCH_FIND

Caution

All request headers should have X-Restli-Protocol-Version: 2.0.0

Role Checking Types

Endpoint Authorization type Access Control Code changes
/organizationAcls role-based Organization Access Controls For every new role
/organizationAuthorizations permission-based Organization Authorizations None

Note

Using /organizationAuthorizations is optional but recommended.

Why Use Organization Authorizations?

The /organizationAuthorizations endpoint provides a way to determine if a user has access to a particular feature without needing know which roles the user has.

When using /organizationAcls, every new Role introduced by Linkedin will require additional checks for each of your user's permissions. For example, if you are checking /organizationAcls "isAdmin" to determine whether or not they can post as the company, you will need to also check is admin || content admin || each time a new role is released.

Role to Permission Mapping

Each Role is authorized to perform a certain behavior which is mapped a list of permissions with same OrganizationAuthorizationAction, or permission type.

ADMINISTRATOR ROLE

Behavior Authorization Actions (permissions)
Retrieve and Update Access Control Assignments OrganizationRoleAuthorizationActionType

ADMINISTRATOR_READ
ADMINISTRATOR_WRITE
DIRECT_SPONSORED_CONTENT_POSTER_READ
DIRECT_SPONSORED_CONTENT_POSTER_WRITE
PIPELINE_BUILDER_READ
PIPELINE_BUILDER_WRITE
PENDING_ADMIN_READ
PENDING_ADMIN_WRITE
PENDING_DIRECT_SPONSORED_CONTENT_POSTER_READ
PENDING_DIRECT_SPONSORED_CONTENT_POSTER_WRITE
Create, Edit, and Read Posts OrganizationContentAuthorizationActionType

ORGANIC_SHARE_VIEW_AS_AUTHOR
ORGANIC_SHARE_CREATE
ORGANIC_SHARE_EDIT
ORGANIC_SHARE_DELETE
DARK_SHARE_CREATE
DARK_SHARE_EDIT
DARK_SHARE_DELETE
DARK_SHARE_VIEW_AS_AUTHOR
Read Company Information OrganizationProfileAuthorizationActionType

ADMINISTRATION_PAGE_VIEW
View Notifications OrganizationActivityAuthorizationActionType

ORGANIZATION_ACTIVITY_READ
View Analytics OrganizationAnalyticsAuthorizationActionType

VISITOR_ANALYTICS_READ
FOLLOWER_ANALYTICS_READ
UPDATE_ANALYTICS_READ
Associate Developer Application OrganizationApplicationAuthorizationActionType

APPLICATION_ASSOCIATE

CONTENT ADMIN ROLE

Behavior Authorization Actions (permissions)
Retrieve Access Control Assignments OrganizationRoleAuthorizationActionType

ADMINISTRATOR_READ
DIRECT_SPONSORED_CONTENT_POSTER_READ
PIPELINE_BUILDER_READ
PIPELINE_BUILDER_WRITE
PENDING_ADMIN_READ
PENDING_DIRECT_SPONSORED_CONTENT_POSTER_READ
Create, Edit, and Read Posts OrganizationContentAuthorizationActionType

ORGANIC_SHARE_VIEW_AS_AUTHOR
ORGANIC_SHARE_CREATE
ORGANIC_SHARE_EDIT
ORGANIC_SHARE_DELETE
DARK_SHARE_CREATE
DARK_SHARE_EDIT
DARK_SHARE_DELETE
DARK_SHARE_VIEW_AS_AUTHOR
Read Company Information OrganizationProfileAuthorizationActionType
ADMINISTRATION_PAGE_VIEW
View Notifications OrganizationActivityAuthorizationActionType
ORGANIZATION_ACTIVITY_READ
View Analytics OrganizationAnalyticsAuthorizationActionType

VISITOR_ANALYTICS_READ
FOLLOWER_ANALYTICS_READ
UPDATE_ANALYTICS_READ

ANALYST ROLE

Behavior Authorization Actions (permissions)
Retrieve Access Control Assignments OrganizationRoleAuthorizationActionType

ADMINISTRATOR_READ
DIRECT_SPONSORED_CONTENT_POSTER_READ
PIPELINE_BUILDER_READ
PIPELINE_BUILDER_WRITE
PENDING_ADMIN_READ
PENDING_DIRECT_SPONSORED_CONTENT_POSTER_READ
Read Posts OrganizationContentAuthorizationActionType

ORGANIC_SHARE_VIEW_AS_AUTHOR
DARK_SHARE_VIEW_AS_AUTHOR
Read Company Information OrganizationProfileAuthorizationActionType

ADMINISTRATION_PAGE_VIEW
View Notifications OrganizationActivityAuthorizationActionType

ORGANIZATION_ACTIVITY_READ
View Analytics OrganizationAnalyticsAuthorizationActionType

VISITOR_ANALYTICS_READ
FOLLOWER_ANALYTICS_READ
UPDATE_ANALYTICS_READ

CURATOR ROLE

Behavior Authorization Actions (permissions)
View Notifications OrganizationActivityAuthorizationActionType

ORGANIZATION_ACTIVITY_READ
View Analytics OrganizationAnalyticsAuthorizationActionType

VISITOR_ANALYTICS_READ
FOLLOWER_ANALYTICS_READ
UPDATE_ANALYTICS_READ

Next steps: Organization Authorizations