> ## Documentation Index
> Fetch the complete documentation index at: https://docs.brx.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Update BRK ACL

> Updates the access control list for a BRK

This endpoint updates the access control list (ACL) for a BRK. It allows you to change the visibility of a BRK (public or private), control whether it can be cloned, and manage user permissions. Only the owner of a BRK or users with editor permissions can update the ACL.

## Request

<ParamField body="brxId" type="string" required>
  The ID of the BRK to update ACL for
</ParamField>

<ParamField body="isPublic" type="boolean" optional>
  Whether the BRK is public (visible to all users) or private (visible only to specified users)
</ParamField>

<ParamField body="isClone" type="boolean" optional>
  Whether the BRK can be cloned by other users
</ParamField>

<ParamField body="emails" type="array" required>
  Array of user email addresses and their permission levels

  <Expandable title="items">
    <ParamField body="email" type="string" required>
      Email address of the user
    </ParamField>

    <ParamField body="permission" type="number" required>
      Permission level for the user. 0: Viewer (can view and execute the BRK), 1: Editor (can view, execute, and edit the BRK), 2: Owner (can view, execute, edit, and delete the BRK, as well as manage permissions)
    </ParamField>
  </Expandable>
</ParamField>

### Example Request (Make Private)

```json theme={null}
{
  "brxId": "brk-12345678-90ab-cdef-1234-567890abcdef",
  "isPublic": false,
  "isClone": true,
  "emails": [
    {
      "email": "owner@example.com",
      "permission": 2
    },
    {
      "email": "editor@example.com",
      "permission": 1
    },
    {
      "email": "viewer@example.com",
      "permission": 0
    }
  ]
}
```

### Example Request (Make Public)

```json theme={null}
{
  "brxId": "brk-12345678-90ab-cdef-1234-567890abcdef",
  "isPublic": true,
  "isClone": true,
  "emails": [
    {
      "email": "owner@example.com",
      "permission": 2
    }
  ]
}
```

## Response

<ResponseField name="httpResponse" type="object">
  <Expandable title="properties">
    <ResponseField name="isError" type="boolean">
      Indicates whether the request resulted in an error
    </ResponseField>

    <ResponseField name="statusMsg" type="string">
      A message describing the status of the request
    </ResponseField>
  </Expandable>
</ResponseField>

### Example Response

```json theme={null}
{
  "httpResponse": {
    "isError": false,
    "statusMsg": "Successfully updated BRK ACL"
  }
}
```

## Error Codes

<ResponseField name="400" type="object">
  Bad Request - The request was malformed or missing required parameters
</ResponseField>

<ResponseField name="401" type="object">
  Unauthorized - Authentication credentials are missing or invalid
</ResponseField>

<ResponseField name="403" type="object">
  Forbidden - The authenticated user does not have permission to update the ACL for the requested BRK
</ResponseField>

<ResponseField name="404" type="object">
  Not Found - The requested BRK does not exist
</ResponseField>

<ResponseField name="500" type="object">
  Internal Server Error - An unexpected error occurred on the server
</ResponseField>

## Notes

* Only the owner of a BRK or users with editor permissions can update the ACL.
* When making a BRK public (`isPublic: true`), it will be visible to all users, but only users with explicit permissions can edit or delete it.
* When making a BRK private (`isPublic: false`), it will only be visible to users specified in the `emails` array.
* The `isClone` parameter controls whether other users can clone the BRK. Cloning creates a copy of the BRK that the user owns and can modify.
* The `emails` array must include at least one user with owner permissions (permission level 2).
* Permission levels:
  * 0: Viewer (can view and execute the BRK)
  * 1: Editor (can view, execute, and edit the BRK)
  * 2: Owner (can view, execute, edit, and delete the BRK, as well as manage permissions)
* To check the current ACL for a BRK, use the [Check BRK ACL](/api-reference/endpoint/check-acl) endpoint.