TBA
Reference
Get permission
Get the permission for an action and requesterId or resource.
POST/v2/permission
Returns the permission for a given requesterId, action and resource OR the list of users who hae the permission for a given action and resource.
Request Parameters
| Field | Type | Required | Description |
|---|---|---|---|
| action | string | ✗ | Action you want to retrive permissions for. |
| debug | boolean | ✗ | If true, the logs contain the ES search query |
| list | boolean | ✗ | If true, list permissions for the given action and requester |
| requesterId | integer | ✗ | The id of the user you check this permission for. |
| resource | array | ✗ | In combination with list=true you can set the ressources you want to retrieve permission for. |
Response
| Field | Type | Description |
|---|---|---|
| action | string | Action you want to retrive permissions for. |
| allow | boolean | |
| jobId | string | JobId for the rebuild job. |
| permissions | arrayofObjects | List of permissions |
| └ action | string | Action |
| └ allow | boolean | Permission for this action |
| └ resource | array | Affected resource(s) as acrn |
| └ usedPolicies | array | List of policies (ids) used to determine the current permission |
| └ origins | array | List of policy origins used to determine the current permission |
| requesterId | integer | The id of the user you check this permission for. |
| resource | array | In combination with list=true you can set the ressources you want to retrieve permission for. |
| size | integer | Number of users who have the requested permissison |
| users | arrayofObjects | List of users who have the requested permission |
| └ id | integer | User Id |
| └ customerId | integer | Customer ID |
| E-Mail of this user | ||
| └ uiLanguage | string | uiLanguage for this user. |
List permission
List available permissions for a given model (e.g. user)
GET/v2/permission/list
Lists all available permissions for a given model.
Request Parameters
| Field | Type | Required | Description |
|---|---|---|---|
| model | string | ✓ | Model you want to retrieve a list of available permissions for. allowed values: user |
Response
| Field | Type | Description |
|---|---|---|
| allow | boolean | |
| description | string | |
| experimental | boolean | |
| title | string |
Assign Policy
Assign a policy to a customer, securityGroup or user.
POST/v2/permission/assignPolicy
Request Parameters
| Field | Type | Required | Description |
|---|---|---|---|
| customerId | integer | ✗ | |
| policyId | integer | ✓ | PolicyId for the user-to-policy permission. |
| securityGroupId | integer | ✗ | If set, assigns a policy to a securitygroup. |
| userId | integer | ✗ | If set, assigns a policy to a user. |
| waitForCompletion | boolean | ✗ | If true, the ES update is finished when the response is returned |
Remove Policy
Remove a policy from a customer, securityGroup or user
DELETE/v2/permission/removepolicy
Request Parameters
| Field | Type | Required | Description |
|---|---|---|---|
| customerId | integer | ✗ | CustomerId for the user-to-policy permission to remove. Can be combined with userId or securityGroupId |
| policyId | integer | ✓ | PolicyId for the user-to-policy permission. |
| securityGroupId | integer | ✗ | If set, assigns a policy to a securitygroup. |
| userId | integer | ✗ | If set, assigns a policy to a user. |
| waitForCompletion | boolean | ✗ | If true, the ES update is finished when the response is returned |
Create user-to-policy relation
Relate and existing policy with a user. Usually you should prefer relation policies to securitygroups instead of invidual users!
POST/v2/permission/usertopolicy
Request Parameters
| Field | Type | Required | Description |
|---|---|---|---|
| customerId | integer | ✗ | CustomerId for the user-to-policy permission. |
| policyId | integer | ✓ | PolicyId for the user-to-policy permission. |
| userId | integer | ✓ | If set, assigns a policy to a user. |
| waitForCompletion | boolean | ✗ | If true, the ES update is finished when the response is returned |
Delete user-to-policy relation
Delete a policy that is related to a user.
DELETE/v2/permission/usertopolicy
Request Parameters
| Field | Type | Required | Description |
|---|---|---|---|
| customerId | integer | ✗ | CustomerId for the permission. |
| policyId | integer | ✓ | PolicyId for the user-to-policy permission. |
| userId | integer | ✓ | If set, assigns a policy to a user. |
| waitForCompletion | boolean | ✗ | If true, the ES update is finished when the response is returned |