GET Permissions/Object/(guid}/(ptype)/{principal}
Retrieves explicit and implicit permissions about the principal on the specified object. The principal identity can originate from an AD, LDAP, or local identity provider.
Requirements
- Permissions: The caller must have Manage permission to the specified object. Use credentials that match the identity provider. For example, if the principal is an AD group, the caller must use AD credentials.
- Token scope: Security
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
Object |
In the request URL, specify the word Object. |
{guid} |
In the request URL, specify the GUID of the object. Depending on your environment, the GUID may be expressed with or without curly braces {}. For example, {3d6b61d-1c71-4603-883f-25b8c2ceecdd}. For example, if you want effective permissions for a policy, either call POST Config/DnToGuid or get the GUID from the Support Attributes tab. |
(ptype) |
In the request URL, type one of the following words for the identity provider type:
|
(pname) |
In the request URL, specify the identity provider name that appears in Trust Protection Platform. |
{principal} |
In the request URL, specify the Universal Identifier for the principal identity that has permissions to the object. For example, call POST Identity/Browse or get the Universal ID from the Users and Groups tab.
|
Returns
Name |
Description |
---|---|
HTTP 200 |
For valid requests, Permissions/Object/guid/provider/ principal returns a HTTP 200 message and the following data:
|
HTTP 400 |
For invalid requests, one of the following errors may be present:
|
Example 1: Get permissions from a local Trust Protection Platform provider
Request for example 1
GET https://test.example/vedsdk/permissions/object/{3415e47d-835c-4949-af5b-c226817f7d40}/local/{a58437d1-e6d4-46f8-b790-bc1bedb943f1} Authorization:Bearer 4MyGeneratedBearerTknz==
Response for Example 1
HTTP/1.1 200 OK {
"ExplicitPermissions":{
"IsAssociateAllowed":false,
"IsCreateAllowed":false,
"IsDeleteAllowed":false,
"IsManagePermissionsAllowed":false,
"IsPolicyWriteAllowed":true,
"IsPrivateKeyReadAllowed":false,
"IsPrivateKeyWriteAllowed":false,
"IsReadAllowed":false,
"IsRenameAllowed":false,
"IsRevokeAllowed":true,
"IsViewAllowed":true,
"IsWriteAllowed":false
},
"ImplicitPermissions":{
"IsAssociateAllowed":false,
"IsCreateAllowed":false,
"IsDeleteAllowed":false,
"IsManagePermissionsAllowed":false,
"IsPolicyWriteAllowed":true,
"IsPrivateKeyReadAllowed":false,
"IsPrivateKeyWriteAllowed":false,
"IsReadAllowed":true,
"IsRenameAllowed":false,
"IsRevokeAllowed":true,
"IsViewAllowed":true,
"IsWriteAllowed":true
}
}
Example 2: Get a principal from an AD provider
Request for eExample 2
GET https://test.example/vedsdk/permissions/object/{3415e47d-835c-4949-af5b-c226817f7d40}/AD/AD1/a58437d1-e6d4-46f8-b790-bc1bedb943f1 Authorization:Bearer 4MyGeneratedBearerTknz==
Response for Example 2
HTTP/1.1 200 OK { "ExplicitPermissions":{ "IsAssociateAllowed":false, "IsCreateAllowed":false, "IsDeleteAllowed":false, "IsManagePermissionsAllowed":false, "IsPolicyWriteAllowed":false, "IsPrivateKeyReadAllowed":false, "IsPrivateKeyWriteAllowed":false, "IsReadAllowed":true, "IsRenameAllowed":false, "IsRevokeAllowed":false, "IsViewAllowed":true, "IsWriteAllowed":false }, "ImplicitPermissions":{ "IsAssociateAllowed":false, "IsCreateAllowed":false, "IsDeleteAllowed":false, "IsManagePermissionsAllowed":false, "IsPolicyWriteAllowed":false, "IsPrivateKeyReadAllowed":false, "IsPrivateKeyWriteAllowed":false, "IsReadAllowed":true, "IsRenameAllowed":false, "IsRevokeAllowed":false, "IsViewAllowed":true, "IsWriteAllowed":false } }