Skip to main content
8-Gravel
April 15, 2026
Question

Lock tracker via REST API

  • April 15, 2026
  • 7 replies
  • 154 views

In the UI a tracker can be locked by a user for exclusive access, but this is not possible via REST API.

Use case:

The items of a tracker are modified outside the UI, e.g. to generate a item skeleton. This operation must be performed atomic, i.e. it must be prevented that someone else modifies any item of the tracker while the external modifications are done.

7 replies

BKampling_SAI
13-Aquamarine
May 12, 2026

@M a r k u S A tracker can be locked via the REST API:
 

 

8-Gravel
May 13, 2026

@BKampling_SAI :Unfortunatelly, it is a different lock. 

The Codebeamer UI and documentation are a mess.

There seems to be at least three different “locks”:

  1. Tracker configuration lock
    This is what your screenshot shows
  2. Tracker lock
    This enables “exclusive” access to the tracker items and can be obtained via (but there is no REST API):
  3. Tracker Item lock
    This is done, when you enter the “deailed view” of an item and prevents, that during this time any field of the item is modified by someone else.
    This can also be done via REST API:

 

 

BKampling_SAI
13-Aquamarine
May 15, 2026

@M a r k u S , thanks for the clarification.
Would you be willing to provide some additional context around what you are trying to accomplish?

8-Gravel
May 18, 2026

We do have external Generators that create the basic structure of some trackers. During the run of a Generator we must ensure, that no user will modify any items of the tracker - i.e. we need something like a “exclusive access” for a tracker.

4-Participant
June 18, 2026

We are also looking for the same. But when we locked it locked the configuration not the Tracker

Do you have any information on API to lock the tracker similar to how we do it through UI.

It will help to do some external activity on tracker (we are modifying field values in all items in a tracker where no user should do any activity, otherwise it leads to inconsistencies) as ​@M a r k u S mentioned.

It would be a great help if you provide info on that.

BKampling_SAI
13-Aquamarine
June 19, 2026

The best workaround would be to leverage project roles. You could create an “exclusive access” role and assign only the accounts that should have access during the generation. Once the generation is done, you could make a second call to update the permissions to what they need to be in the end.

8-Gravel
June 22, 2026

How is this “exclusive access” role configured?

BKampling_SAI
13-Aquamarine
June 22, 2026
  1. You would create a new role and name it whatever you want, such as “exclusive access” and give it the needed permissions.
  2. Assign only the account that the api is running under as a member.
  3. When creating the tracker and configuring it, set the tracker permissions so only the new role has access to see or modify the tracker.
  4. Once you are ready to open up the tracker, adjust the permissions to the desired end state.
8-Gravel
July 2, 2026

This topic is neither “SOLVED” nor there was a “Best answer”!

BKampling_SAI
13-Aquamarine
July 2, 2026

Do you have additional information to provide?

8-Gravel
July 3, 2026

Your proposal is impractical because it would require modifying the access rights for all roles and then restoring them. In other words, you would need an intermediate place outside of Codebeamer to store the access rights. 

This workaround would be "acceptable" if there were a global "exclusive access" flag to define access rights, but there isn't one. 

Therefore, the topic is neither solved nor do I have a "best answer".