POST Codesign/GetObjectRights

Returns all identities that have rights to a CodeSign Protect object. An identity or trustee can be an AD, LDAP, or local user or group.

Requirements

  • Permissions:  The caller must be a Code Signing Administrator.

  • Integration: In the UI, use an API integration to import a set of scopes that your application will use.

     

  • Token scope:  Codesign:Admin

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

Dn

The Distinguished Name (DN) of an object. Use the appropriate syntax. For example, in Postman:

  • Application: \\VED\\Code Signing\\Signing Applications\\[YourSgnApp].
  • ApplicationCollection: \\VED\\Code Signing\\Signing Applications\\[YourSgnAppCollection].
  • Project: \\VED\\Code Signing\\Projects\\[YourPrjName].

Returns

Response description

Name

Description

HTTP 200

For valid requests, this call returns a HTTP 200 message and the following data in the message body:

  • Error: Appears only when Success is false. An error message that accompanies the Result. Check your payload input values.

  • Rightslist: An array of object rights that are assigned to the object:
    • key: The trustee has rights to this array of DNs. If you need the person or group name, call POST Identity/Browse.
    • value: The SignRight object value or the sum of various rights for the identity. For example, a value of 72 ,means the identity has Owner (8) plus ApproveUse (64) rights.

  • Result: The Result code of this API call. For more information, see Sign Result Codes.

  • Success: The result of this API call: A value of false indicates the request failed due to an Error. Otherwise, true.

HTTP 400

For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body:

  • error: The reason for the error.
  • error_description: If available, additional information about how to retry the request.

Example: Show identity rights of a project

Request

POST https://codesign.venafi.example///vedsdk/Codesign/GetObjectRights
Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "Dn": "\\VED\\Code Signing\\Projects\\Lab 4"
}

Response

HTTP/1.1 200 OK
{
   "Result":1,
   "RightsList":[
      {
         "key":"local:{3acf7adc-29ad-48ea-afce-c3dfa65f91d5}",
         "value":72
      },
      {
         "key":"local:{e59f7aa8-4acd-49ad-9329-185cfc639130}",
         "value":4
      },
      {
         "key":"local:{47f403b3-4e56-4f43-903f-9f9885a96619}",
         "value":2
      }
   ],
   "Success":true
}