GET Permissions/Object/{guid}/local/{uuid}/Effective

Retrieves effective permissions for folders or other objects in Trust Protection Platform.

The basic syntax is:

GET https://test.example/vedsdk/permissions/object/{guid}/local/{Universal ID}/Effective

Requirements

  • Permissions: The caller must have Manage permission to the specified object. The caller must also be logged in to the same identity provider as the principal's provider.
  • Token scope:  Security

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

{guid}

In the request URL, specify the GUID of the object. Depending on your environment, the GUID may be expressed with or without curly braces {}. For example, {3d6b61d-1c71-4603-883f-25b8c2ceecdd}. If you want effective permissions for a policy, either call POST Config/DnToGuid or get the GUID from the UI Support Attributes tab.

local

In the request, specify word local as the provider type.

{uuid}

In the request URL, specify the Universal Unique Identifier (UUID) of the principal identity. To get the correct formatting, call POST Identity/Browse.

Effective

In the request URL, specify the word Effective.

Returns

Response description

Name

Description

HTTP 200

For valid requests, Permissions/Object/guid/local/Effective returns a HTTP 200 message and the following data:

HTTP 400

For invalid requests, one of the following errors may be present:

  • Unable to verify principal. Either correct the principal Guid or assign the principal identity to the appropriate object Guid in Trust Protection Platform. For the Principal parameter, try adding or omitting the curly braces. See the Principal parameter for details.
  • Failed to lookup DN: Unable to read object details of GUID {object Guid}; ObjectDoesNotExist. Obtain the correct object Guid value, from Trust Protection Platform.

Example: Get the effective permissions for a local user on a policy folder

Request

GET https://test.venafi.example/vedsdk/permissions/object/{44721e18-b8fa-4a1b-bcea-63bd46c6f523}/local/{c18d6102-1915-43c6-b373-a25caea40506}/Effective
Authorization:Bearer 4MyGeneratedBearerTknz==

Response

HTTP/1.1 200 OK 
{
   "EffectivePermissions":{
      "IsAssociateAllowed":true,
      "IsCreateAllowed":true,
      "IsReadAllowed":true,
      "IsRenameAllowed":true,
      "IsRevokeAllowed":true,
      "IsViewAllowed":true,
      "IsWriteAllowed":true
   }
}