GET Permissions/Object/{guid}/(ptype)/(pname)/ {external}/Effective

Retrieves effective permissions about a principal from an external provider such as an Active Directory (AD) or Light Directory Access Protocol (LDAP) service. This API requires:

  • Connectivity between the Trust Protection Platform and the service provider. For more information, see the Administration Guide.
  • The caller must be logged in to the same identity provider as the principal that is specified.

The basic syntax format is:

GET https://test.example/vedsdk/permissions/object/{guid}/(Provider Type)/(Provider Name)/(External)/Effective

Requirements

  • Permissions: The caller must have Manage permission to the specified object.
  • Token scope:  Security

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

Object

In the request URL, specify the word Object.

{guid}

In the request URL, specify the GUID of the object. Depending on your environment, the GUID may be expressed with or without curly braces {}. For example, {3d6b61d-1c71-4603-883f-25b8c2ceecdd}.

If you want effective permissions for a policy, either call POST Config/DnToGuid or get the GUID from the UI Support Attributes tab.

(ptype)

In the request URL, specify the identity provider type:

  • AD: Active Directory identity provider.
  • LDAP: Light Directory Access Protocol (LDAP) identity provider.

(pname)

In the request URL, specify a Universal Unique Identifier (UUID) of a person or group. Otherwise, specify the Prefixed Universal. To get this information, call POST Identity/Browse.

{external}

In the request URL, specify the Universal Unique Identifier (UUID) for the principal identity. To get the UUID, call POST Identity/BrowseThe format of the UUID, including the absence or presence of curly braces, depends on the settings from the identity provider.

(effective)

In the request URL, specify the word Effective.

Returns

Response description

Name

Description

HTTP 200

For valid requests, Permissions/Object/guid/external/Effective returns a HTTP 200 message and the following data:

HTTP 400

For invalid requests, one of the following errors may be present:

  • Unable to verify principal. Either correct the principal Guid or assign the principal identity to the appropriate object Guid in Trust Protection Platform. For the Principal parameter, try adding or omitting the curly braces. See the Principal parameter for details.
  • Failed to lookup DN: Unable to read object details of GUID {object Guid}; ObjectDoesNotExist. Obtain the correct object Guid value, from Trust Protection Platform.

Example: Get LDAP effective permissions on a policy folder

Request

GET https://test.example/vedsdk/permissions/object/
{76eb4c00-de74-4ec7-9a18-6c1573da2e67}/LDAP/odsee/
{13a0f88b-3e9211e2-80e19ef9-b11d4e56}/Effective
Authorization:Bearer 4MyGeneratedBearerTknz==

Response

HTTP/1.1 200 OK
{
   "EffectivePermissions":{
      "IsAssociateAllowed":true,
      "IsCreateAllowed":true,
      "IsReadAllowed":true,
      "IsRenameAllowed":true,
      "IsRevokeAllowed":true,
      "IsViewAllowed":true,
      "IsWriteAllowed":true
   }
}