DELETE Permissions/Object/{guid}/(ptype)/{principal}

Deletes assigned permissions for a principal on the specified object. The principal identity can originate from an AD, LDAP, or local identity provider.

Requirements

  • Permissions: The caller must have Manage permission to the specified object.
  • Token scope:  Security:Delete

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

{guid}

In the request URL, specify the GUID of the object for which to list principals assigned permissions.

Depending on your environment, the GUID may be expressed with or without curly braces {}. For example, {3d6b61d-1c71-4603-883f-25b8c2ceecdd}.

(ptype)

In the request URL, use the appropriate syntax for the identity provider type:

  • AD/[providerName]: Active Directory identity provider. For example: /AD/venqa.

  • LDAP/[providerName]: Light Directory Access Protocol. For example: /LDAP/ODSEE.
  • localTrust Protection Platform identity provider.

principal

In the request URL, specify a Universal Unique Identifier (UUID) of a person or group. Otherwise, specify the Prefixed Universal. To get this information, call POST Identity/Browse.

Returns

Returns no other content except unless there is an error.

Response description

Name

Description

HTTP 200

(empty response body) Successful deletion of the permissions assignment for the specified object and principal.

HTTP 404

Not Found. Error

Error

Permission does not exist so cannot be updated. Accompanies a HTTP 404.

Unable to verify principal.

Example 1: Delete a local user's permissions on a policy folder

Request for Example 1

DELETE https://test.venafi.example/vedsdk/Permissions/object/{3415e47d-835c-4949-af5b-c226817f7d40}/local/{a58437d1-e6d4-46f8-b790-bc1bedb943f1} 
Authorization:Bearer 4MyGeneratedBearerTknz==

Response for Example 1

HTTP/1.1 200      
{
}

Example 2: Delete a AD user's permissions on a policy folder

Request for Example 2

DELETE https://test.venafi.example/vedsdk/Permissions/object/{ad804700-16b4-4f60-b716-49e81a38149e}/AD/venqa/8985afadc76293499e6ef76b216be640
Authorization:Bearer 4MyGeneratedBearerTknz==

Response for Example 2

HTTP/1.1 200      
{
}

Example 3: No permissions assigned to principal

Request for Example 3

DELETE https://test.venafi.example/vedsdk/Permissions/object/{3415e47d-835c-4949-af5b-c226817f7d40}/local/{a58437d1-e6d4-46f8-b790-bc1bedb943f1}
Authorization:Bearer 4MyGeneratedBearerTknz==

Response for Example 3

HTTP/1.1 404 Not Found
{
   "Error":"No permission granted to principal."
}