> ## Documentation Index
> Fetch the complete documentation index at: https://prismeai-legacy.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Put v2workspaces security

> Update workspace security



## OpenAPI

````yaml /api-reference/swagger.yml put /v2/workspaces/{workspaceId}/security
openapi: 3.0.0
info:
  version: 1.0.0
  title: Prisme.ai APIs
  description: Prisme.ai APIs specifications
  termsOfService: https://www.prisme.ai/mentions-legales
  contact:
    name: Prisme.ai Support Team
    email: support@prisme.ai
    url: https://www.prisme.ai
  license:
    name: Apache 2.0
    url: https://www.apache.org/licenses/LICENSE-2.0.html
servers:
  - url: https://api.eda.prisme.ai
  - url: http://localhost:3001
security:
  - BearerAuth: []
  - WorkspaceApiKeyAuth: []
  - BearerAuth: []
    WorkspaceApiKeyAuth: []
paths:
  /v2/workspaces/{workspaceId}/security:
    put:
      tags:
        - Prisme.ai Workspaces
      description: Update workspace security
      operationId: updateSecurity
      parameters:
        - name: workspaceId
          in: path
          description: Workspace id
          required: true
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/WorkspaceSecurity'
      responses:
        '200':
          description: Success Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/WorkspaceSecurity'
        '400':
          description: Bad parameters
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BadParametersError'
        '401':
          description: AuthenticationError
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthenticationError'
        '403':
          description: Bad permissions
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ForbiddenError'
        '404':
          description: Object not found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ObjectNotFoundError'
components:
  schemas:
    WorkspaceSecurity:
      type: object
      additionalProperties: false
      properties:
        authorizations:
          $ref: '#/components/schemas/WorkspaceAuthorizations'
        authentication:
          type: object
          properties:
            clientId:
              type: string
    BadParametersError:
      type: object
      properties:
        error:
          type: string
          example: BadParameters
        message:
          type: string
        details: {}
    AuthenticationError:
      type: object
      properties:
        error:
          type: string
          example: AuthenticationError
        message:
          type: string
          example: Unauthenticated
    ForbiddenError:
      type: object
      properties:
        error:
          type: string
          example: ForbiddenError
        message:
          type: string
          example: Forbidden
    ObjectNotFoundError:
      type: object
      properties:
        error:
          type: string
          example: ObjectNotFound
        message:
          type: string
    WorkspaceAuthorizations:
      type: object
      additionalProperties: false
      properties:
        roles:
          additionalProperties:
            $ref: '#/components/schemas/WorkspaceRole'
        rules:
          type: array
          items:
            $ref: '#/components/schemas/PermissionRule'
    WorkspaceRole:
      type: object
      additionalProperties: false
      properties:
        description:
          type: string
        auth:
          type: object
          properties:
            prismeai:
              type: object
              properties:
                conditions:
                  type: object
                  additionalProperties: true
            azure:
              type: object
              properties:
                conditions:
                  type: object
                  additionalProperties: true
            basic:
              type: object
              properties:
                username:
                  type: string
                password:
                  type: string
            apiKey:
              type: object
    PermissionRule:
      type: object
      additionalProperties: false
      required:
        - action
        - subject
      properties:
        role:
          description: The roles to which this rule is restricted
          oneOf:
            - type: array
              items:
                type: string
            - type: string
        inverted:
          type: boolean
          description: If true, will forbid instead of allow
        reason:
          type: string
        action:
          description: The actions that we want to allow/deny
          anyOf:
            - $ref: '#/components/schemas/ActionTypes'
            - type: array
              items:
                $ref: '#/components/schemas/ActionTypes'
            - type: string
            - type: array
              items:
                type: string
        subject:
          oneOf:
            - $ref: '#/components/schemas/SubjectTypes'
            - type: array
              items:
                $ref: '#/components/schemas/SubjectTypes'
        conditions:
          type: object
          description: >-
            Matching conditions written using a subset of MongoDB queries. This
            rule will take effect only if conditions match (or are empty). See
            https://casl.js.org/v5/en/guide/conditions-in-depth
          additionalProperties: true
        priority:
          type: number
    ActionTypes:
      type: string
      enum:
        - manage
        - create
        - read
        - update
        - delete
        - manage_permissions
        - manage_security
        - manage_repositories
        - read_app_dsul
        - get_usage
        - aggregate_search
        - execute
        - test
    SubjectTypes:
      type: string
      enum:
        - apps
        - pages
        - files
        - events
        - workspaces
        - automations
        - secrets
        - roles
        - all
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
    WorkspaceApiKeyAuth:
      type: apiKey
      in: header
      name: x-prismeai-api-key

````