# Data Access Controls API



<Callout type="warn">
  The API endpoints below have been deprecated and will be removed in a future release.
</Callout>

<EndpointIndex
  names={[
  	'addDataSecurityMask',
  	'fetchUserMask',
  	'fetchUserMasks',
  	'fetchUserMasksForTenant',
  	'deleteUserMasks',
  ]}
/>

Add Data Security Mask [#add-data-security-mask]

<ApiEndpoint name="addDataSecurityMask" />

Fetch User Mask [#fetch-user-mask]

<ApiEndpoint name="fetchUserMask" />

Fetch User Masks [#fetch-user-masks]

<ApiEndpoint name="fetchUserMasks" />

Fetch User Masks For Tenant [#fetch-user-masks-for-tenant]

<ApiEndpoint name="fetchUserMasksForTenant" />

Delete User Masks [#delete-user-masks]

<ApiEndpoint name="deleteUserMasks" />

<ApiSchema name="UserDataSecurityMaskRequest" />

<ApiSchema name="UserDataAccessControlMaskResponse" />

See Also [#see-also]

* [Data Access Controls](/configuration/general-topics/data-access-controls)


## API Reference

PATCH /auth/users/{locator}/accessmask — addDataSecurityMask
Tags: users-controller
Permissions: write
Parameters:
  locator (uuid, path, required)
Request body (UserDataSecurityMaskRequest):
Responses:
  200 UserDataAccessControlMaskResponse — OK

GET /auth/users/{locator}/accessmask/{tenantLocator}/{type} — fetchUserMask
Tags: users-controller
Permissions: read
Parameters:
  locator (uuid, path, required)
  tenantLocator (uuid, path, required)
  type (Enum account | policy, path, required)
Responses:
  200 UserDataAccessControlMaskResponse — OK

GET /auth/users/{locator}/accessmask — fetchUserMasks
Tags: users-controller
Permissions: read
Parameters:
  locator (uuid, path, required)
Responses:
  200 UserDataAccessControlMaskResponse[] — OK

GET /auth/users/{locator}/accessmask/{tenantLocator} — fetchUserMasksForTenant
Tags: users-controller
Permissions: read
Parameters:
  locator (uuid, path, required)
  tenantLocator (uuid, path, required)
Responses:
  200 UserDataAccessControlMaskResponse[] — OK

DELETE /auth/users/{locator}/accessmask/{tenantLocator} — deleteUserMasks
Tags: users-controller
Permissions: write
Parameters:
  locator (uuid, path, required)
  tenantLocator (uuid, path, required)
Responses:
  200 — OK

UserDataSecurityMaskRequest
Properties:
  tenantLocator (uuid, required)
  type (Enum account | policy, required)
  fields (map<string, string[]>, required)

UserDataAccessControlMaskResponse
Properties:
  userLocator (uuid, required)
  tenantLocator (uuid, required)
  maskType (Enum account | policy, required)
  fields (map<string, string[]>, required)