# Restricted Scope

Entities that are `Restrictable` will have a restricted scope defined. This scope is applied on every base query our endpoints provide.

When requesting data from the intratool API all queries to `Restrictable` models will be restricted to the current user.

There are "administration routes" where [EntityPermissions](https://docs.api.intratool.de/api-reference/entity-permissions) are ignored so privileged Users can access the requested content without having the `EntityPermission`.

## Relation

Models provided by the intratool API that are `Restrictable` will always have a relation key `entityPermissions` that gives information about permissions attached to the content.

See [Query Manipulation](https://docs.api.intratool.de/introduction/query-manipulation) to learn how to retrieve this information by requesting our endpoints.

## Adding permissions

When creating or updating content by requesting the intratool API you can always add the fieldkey `entity_permissions` if the model the endpoint grants access to is `Restrictable`.

The `entity_permissions` value is expected to be an array with one or more permission definitions. The following structure is expected:

```json
[
  {
    "key": "view",
    "target_entity": "user",
    "target_entity_id": 25
  },
  {
    "key": "view",
    "target_entity": "user",
    "target_entity_id": 26
  }
]
```