PUT Permissions/Object/{guid}/(ptype)/{principal}

Modifies a principal's existing permissions. The principal identity can originate from an AD, LDAP, or local identity provider.

Requirements

  • Permissions:  The caller must have Manage permission to the specified object. The caller must also be logged into the same identity provider as the specified principal. For example, if the principal is a group that uses ActiveDirectory1, the caller must also be an account that is accessible via ActiveDirectory1.
  • Token scope:  Security:Manage

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

Object

In the request URL, specify the word Object.

{guid}

In the request URL, specify the GUID of the object for which to list principals assigned permissions.

(ptype)

In the request URL, use the appropriate syntax for the identity provider type:

  • AD/[providerName]: Active Directory identity provider. For example: /AD/venqa.

  • LDAP/[providerName]: Light Directory Access Protocol. For example: /LDAP/ODSEE.
  • localTrust Protection Platform identity provider.

{principal}

In the request URL, specify a Universal Unique Identifier (UUID) of a person or group. Otherwise, specify the Prefixed Universal. To get this information, call POST Identity/Browse.

(permissions)

Case sensitive. In the request body, specify one or more Effective Permissions parameters to grant the principal access to the object.

Returns

Returns no other content except unless there is an error.

Response description

Name

Description

HTTP 200

OK. Successful change of permissions assignment for the specified object and principal.

HTTP 404

Not found. Error

Error

Permission does not exist so cannot be updated. Accompanies a HTTP 404.

Example 1: Set New Permissions for Principal

Request for Example 1

PUT https://test.venafi.example/vedsdk/Permissions/object/{3415e47d-835c-4949-af5b-c226817f7d40}/local/{a58437d1-e6d4-46f8-b790-bc1bedb943f1} 
Authorization:Bearer 4MyGeneratedBearerTknz==       
{
   "IsAssociateAllowed":true,
   "IsCreateAllowed":true,
   "IsDeleteAllowed":true,
   "IsManagePermissionsAllowed":true,
   "IsPolicyWriteAllowed":true,
   "IsPrivateKeyReadAllowed":true,
   "IsPrivateKeyWriteAllowed":true,
   "IsReadAllowed":true,
   "IsRenameAllowed":true,
   "IsRevokeAllowed":true,
   "IsViewAllowed":true,
   "IsWriteAllowed":true
}

Response for Example 1

HTTP/1.1 200 OK         
{  

}

Example 2: Find a principal that has no granted permissions

In this example, the principal specified does not currently have permissions granted on the object so they cannot be modified using the PUT Permissions/Object/Principal.

Request for Example 2

PUT https://test.venafi.example/vedsdk/Permissions/object/{3415e47d-835c-4949-af5b-c226817f7d40}/local/{a58437d1-e6d4-46f8-b790-bc1bedb943f1} 
Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "IsAssociateAllowed":true,
   "IsCreateAllowed":true,
   "IsDeleteAllowed":true,
   "IsManagePermissionsAllowed":true,
   "IsPolicyWriteAllowed":true,
   "IsPrivateKeyReadAllowed":true,
   "IsPrivateKeyWriteAllowed":true,
   "IsReadAllowed":true,
   "IsRenameAllowed":true,
   "IsRevokeAllowed":true,
   "IsViewAllowed":true,
   "IsWriteAllowed":true
}

Response for Example 2

HTTP/1.1 404 Not Found         
{
   "Error":"Permission does not exist so cannot be updated."
}