{ 
    components: [ 
      The components whose access control list is to be updated; components can be groups, rule sets, or templates, which are the types of components that support ACLs 

       ComponentId
    ] * 

     customRights: { 
      The changes to be made to the rights in each component's ACL; this is a map where the key is a right string appropriate to the components, and the value is a flag indicating the type of change to make to the right; for the flag value, a null means no change, a true means grant the right, and a false means revoke the right; when this field is null, the specified roles are set back to default rights 
    } 

     roles: [ 
      The roles whose rights are to be modified in the access control list of each component 

       ComponentId
    ] * 
}

{ 
    canEditFlag: boolean 
   {{Whether or not the user is allowed to edit (grant or revoke) the rights for the specified role (read-only) }}

     roleId: ComponentId*
    The role being granted the specified rights 

     rights: [ 
      The rights being granted to the users who belong to the specified role; the right strings used here are specific to the type of component that owns this ACL; when null, means default rights are granted to the role (that is, the rights granted by the role definition, not by this ACL); when non-null but empty, means no rights are granted to the role;otherwise, the specified rights are granted to the role 

       string 
    ] 
}

{ 
    id: string 
    The database key of the component; an incoming component can be identified either by its database key, or by its unique name, or by its name with qualifiers which are unique when combined; when this database key is present, it takes precedence and componentName and qualifiers(when present) are used to verify the retrieved component 

     componentName: string 
    The name of the component; an incoming component can be identified either by its database key, or by its unique name, or by its name with qualifiers which are unique when combined; this name is used to verify any component retrieved by database key, and is used if there is no database key or if the database key fails to resolve; for componentType Configuration and HardwareInventory, componentName is the created timestamp (in milliseconds); for componentType SecurityVulnerability, componentName is the securityVulnerabilityID; for componentType SnmpManagerStation, componentName is the address 

     componentType: string * 
    The type of the component, used to verify what is retrieved by key/name; valid values are: Combogroup, Condition, Configuration, Device, DeviceAdapter, DeviceAgent, DeviceSecurityProfile DynamicField, EmailDistributionList, Group, HardwareInventory, JobApprovalType, Keyword, Model, OsImage, PredefinedJob, Realm, RemoteFileServer, Role, Rule, RuleSet, SecurityVulnerability, SnmpManagerStation, Template, and User 

     qualifiers: { 
      Any additional single qualifier needed to identify the component uniquely, when the name alone is not sufficient; the map key is the extra attribute name string; the map value string completes the identification of the component; for componentType Configuration and HardwareInventory: key=deviceKey, value=database key of the device the item belongs to, key=deviceName, value=name of the device the item belongs to, key=timestamp, value=creation date/time in server display format; for componentType DeviceAdapter: key=adapterType, value=type of the device adapter, key=parent, value=parent or owner used for organizing certain types of adapters, key=vendorName, value=name of the vendor that owns a device type; for componentType DynamicField: key=type, value=base class name of the component associated with the dynamic field; for componentType Group, ComboGroup: key=realmName, value=name of the realm the group belongs to; for componentType Model: key=vendorGuid, value=the vendor GUID; for componentType OsImage: key=filename, value=name of the file(s) making up the image; for componentType SecurityVulnerability: key=vendorGuid, value=the vendor GUID 
    } 
}

{ 
    availableCustomRights: [ 
      Full set of rights applicable to a component's ACL 

       string 
    ] 

     components: [ 
      The components whose access control list the user is allowed to edit; components can be groups, rule sets, or templates 

       ComponentId
    ] 

     defaultCustomRights: [ 
      For each role the user is allowed to edit, which of the availableCustomRights are granted by that role 

       PerRoleRightsDTO
    ] 

     grantedCustomRights: [ 
      Of the availableCustomRights, the rights the user is granted, and thus the rights the user is allowed to modify (grant or revoke) in the components 

       string 
    ] 
}

{ 
    id: string 
    The database key of the dynamic field whose value this is (read-only) 

     name: string 
    The name of the dynamic field (read-only) 

     values: [ 
      The value(s) for the dynamic field; for a single-value field, only the first entry is relevant; read-only for Auto Derived and Configuration Profiled types 

       string 
    ] 

     dynamicFieldDetailsLink: string 
    Link to get more detailed information about the dynamic field (read-only) 
}

[ 
    A list of JSON Patch operations 

     JsonPatch.OneOperation
  ]

{ 
}

string 
  Pointer or path to an element or property

{ 
    op: string * 
   Enum: [
     "add"
   ]
    value: any * 
    path: JsonPatch.Pointer*
}

{ 
    op: string * 
   Enum: [
     "remove"
   ]
    path: JsonPatch.Pointer*
}

{ 
    op: string * 
   Enum: [
     "replace"
   ]
    value: any * 
    path: JsonPatch.Pointer*
}

{ 
    op: string * 
   Enum: [
     "move"
   ]
    path: JsonPatch.Pointer*
    from: JsonPatch.Pointer*
}

{ 
    op: string * 
   Enum: [
     "copy"
   ]
    path: JsonPatch.Pointer*
    from: JsonPatch.Pointer*
}

{ 
    op: string * 
   Enum: [
     "test"
   ]
    value: any * 
    path: JsonPatch.Pointer*
}

{ 
    major: string * 
    The first element of a version number; asterisk wildcard is allowed 

     minor: string * 
    The second element of a version number; asterisk wildcard is allowed 

     build: string * 
    The rest of a version number; asterisk wildcard is allowed 
}

{ 
    role: ComponentId
    A role that can used for editing an ACL 

     rights: [ 
      The rights granted by the role; in case of groups, these are network rights for the realm that the group belongs to 

       string 
    ] 
}

{ 
    deviceTypeId: ComponentId
    The device type and vendor compatible with this content; a null indicates the content is compatible with any device type 

     injectionTemplateFlag: boolean 
    Whether or not the contents contain an injection template, for making device configuration changes using an API; when true, the contents are validated for proper XML syntax 

     minimumOSVersion: OsImageReleaseDTO
    The minimal OS version with which this content is compatible; required when deviceTypeGuid is not null 

     minimumOSVersionName: string 
    Displayable version of the minimumOSVersion, in major.minor.build format (read-only) 

     maximumOSVersion: OsImageReleaseDTO
    The maximal OS version with which this content is compatible; required when deviceTypeGuid is not null 

     maximumOSVersionName: string 
    Displayable version of the maximumOSVersion, in major.minor.build format (read-only) 

     scriptContents: string * 
    The configuration commands that are to be sent to a device during a deploy span action; any sensitive configuration data is masked when you retrieve the template if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the contents 
}

{ 
    id: string 
    The template's unique database key (read-only) 

     name: string * 
    The template's unique display name 

     acl: [ 
      How users can manipulate this template, for the accessible roles, containing template custom rights; applicable only when template ACLs are enabled in the system parameters; ignored on input if template ACLs are disabled; if there are multiple entries for the same role, the rights are combined together; during an update, a null value reverts the custom rights of accessible roles back to default rights 

       AclDTO
    ] 

     annotation: string 
    Notes, comments, description, explanation 

     canCopyFlag: boolean 
    Whether or not the user is allowed to copy this template (read-only) 

     canDeleteFlag: boolean 
    Whether or not the user is allowed to delete this template (read-only) 

     canEditFlag: boolean 
    Whether or not the user is allowed to edit this template (read-only) 

     contents: [ 
      The scripts that make up this template; there must be at least one 

       TemplateContentDTO
    ] * 

     hasRuntimeParameters: boolean 
    Whether or not the template references any runtime parameters (read-only) 

     validateSubstitutionParametersFlag: boolean 
    Whether or not substitution parameter syntax is validated in the contents before the template is stored; when true, invalid use of substitution parameters causes create, update, and patch requests to fail with an error; when false, the contents are not examined 

     dynamicFields: [ 
      The dynamic fields 

       DynamicFieldValueDTO
    ] 
}

{ 
    name: string 
    The name of the runtime parameter 

     defaultValue: string 
    Default value of the runtime parameter 

     options: [ 
      Menu options from which the user can choose a value for this parameter 

       string 
    ] 
}