GET Permissions/Object/{guid}/(ptype)/(pname)/ {external}/Effective
Retrieves effective permissions about a principal from an external provider such as an Active Directory (AD) or Light Directory Access Protocol (LDAP) service. This API requires:
- Connectivity between the Trust Protection Platform and the service provider. For more information, see the Administration Guide.
- The caller must be logged in to the same identity provider as the principal that is specified.
The basic syntax format is:
GET https://test.example/vedsdk/permissions/object/{guid}/(Provider Type)/(Provider Name)/(External)/Effective
Requirements
- Permissions: The caller must have Manage permission to the specified object.
- Token scope: Security
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
Object |
In the request URL, specify the word Object. |
{guid} |
In the request URL, specify the GUID of the object. Depending on your environment, the GUID may be expressed with or without curly braces {}. For example, {3d6b61d-1c71-4603-883f-25b8c2ceecdd}. If you want effective permissions for a policy, either call POST Config/DnToGuid or get the GUID from the UI Support Attributes tab. |
(ptype) |
In the request URL, specify the identity provider type:
|
(pname) |
In the request URL, specify a Universal Unique Identifier (UUID) of a person or group. Otherwise, specify the Prefixed Universal. To get this information, call POST Identity/Browse. |
{external} |
In the request URL, specify the Universal Unique Identifier (UUID) for the principal identity. To get the UUID, call POST Identity/BrowseThe format of the UUID, including the absence or presence of curly braces, depends on the settings from the identity provider. |
(effective) |
In the request URL, specify the word Effective. |
Returns
Name |
Description |
---|---|
HTTP 200 |
For valid requests, Permissions/Object/guid/external/Effective returns a HTTP 200 message and the following data:
|
HTTP 400 |
For invalid requests, one of the following errors may be present:
|
Example: Get LDAP effective permissions on a policy folder
Request
GET https://test.example/vedsdk/permissions/object/ {76eb4c00-de74-4ec7-9a18-6c1573da2e67}/LDAP/odsee/ {13a0f88b-3e9211e2-80e19ef9-b11d4e56}/Effective Authorization:Bearer 4MyGeneratedBearerTknz==
Response
HTTP/1.1 200 OK { "EffectivePermissions":{ "IsAssociateAllowed":true, "IsCreateAllowed":true, "IsReadAllowed":true, "IsRenameAllowed":true, "IsRevokeAllowed":true, "IsViewAllowed":true, "IsWriteAllowed":true } }