POST OAuth/GetRules
Looks up rules for users, applications, or a combination of both.
Requirements
- Roles: Admin, Grant Admin, Auditor, or Application Owner. See OAuth roles for more information.
- Token scope: Admin
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
NOTE At least one parameter is required.
|
Name |
Description |
|---|---|
|
TrusteePrefixedUniversal string |
The prefixed universal of the identity whose rules to retrieve. |
|
ApplicationId string |
The application ID any returned values must be applicable to. |
Returns
|
Name |
Description |
|---|---|
|
HTTP 200 |
See OAuth result codes. A Rules object is returned with an array of rules matched by the request. The following values are included in each object in the array:
|
|
HTTP 400 |
For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body:
|
|
HTTP 401 |
For authentication errors, this call returns HTTP 401 Unauthorized and the following data in the message body:
|
|
HTTP 403 |
If the response is HTTP 403 Forbidden, the requester's token does not include the admin scope. Call POST Authorize/OAuth with the correct scope and restriction. Update the header with the new token and retry.
|
Example
Request all rules for a user
POST /vedsdk/oauth/getrules HTTP/1.1
Host: tpp-server-url
Content-Type: application/json
Accept: application/json
Authorization: Bearer 4MyGeneratedBearerTknz==
{
"TrusteePrefixedUniversal": "local:{7879a929-157c-479e-b81a-350661aa7d45}"
}
Response
{
"Result": 0,
"Rules": [
{
"ApplicationId": "VenafiMMCEventViewer",
"Description": "VCC Installation Grant",
"MaximumScope": "admin:viewlogs,grantrights;configuration;security",
"TrusteePrefixedUniversal": "local:{7879a929-157c-479e-b81a-350661aa7d45}"
},
{
"ApplicationId": "VenafiMMCCodeSigning",
"Description": "VCC Installation Grant",
"MaximumScope": "codesign:admin,approve,delete,manage;configuration:delete,manage;security:manage",
"TrusteePrefixedUniversal": "local:{7879a929-157c-479e-b81a-350661aa7d45}"
},
{
"ApplicationId": "VenafiMMCStatistics",
"Description": "VCC Installation Grant",
"MaximumScope": "statistics:sensitive,manage",
"TrusteePrefixedUniversal": "local:{7879a929-157c-479e-b81a-350661aa7d45}"
}
],
"Success": true
}
Request all rules for an application
POST /vedsdk/oauth/getrules HTTP/1.1
Host: tpp-server-url
Content-Type: application/json
Accept: application/json
Authorization: Bearer 4MyGeneratedBearerTknz==
{
"ApplicationId": "VenafiMMCEventViewer"
}
Response
{
"Result": 0,
"Rules": [
{
"ApplicationId": "VenafiMMCEventViewer",
"Description": "VCC Installation Grant",
"MaximumScope": "admin:viewlogs,grantrights;configuration;security",
"TrusteePrefixedUniversal": "local:{7879a929-157c-479e-b81a-350661aa7d45}"
},
{
"ApplicationId": "VenafiMMCEventViewer",
"Description": "",
"MaximumScope": "admin:grantrights,viewlogs;configuration;security",
"TrusteePrefixedUniversal": "local:{5a32c46e-e7d8-404d-9987-2e68c0928219}"
}
],
"Success": true
}
Request all rules for a user for a specific application
POST /vedsdk/oauth/getrules HTTP/1.1
Host: tpp-server-url
Content-Type: application/json
Accept: application/json
Authorization: Bearer 4MyGeneratedBearerTknz==
{
"ApplicationId": "VenafiMMCEventViewer",
"TrusteePrefixedUniversal": "local:{7879a929-157c-479e-b81a-350661aa7d45}"
}
Response
{
"Result": 0,
"Rules": [
{
"ApplicationId": "VenafiMMCEventViewer",
"Description": "VCC Installation Grant",
"MaximumScope": "admin:viewlogs,grantrights;configuration;security",
"TrusteePrefixedUniversal": "local:{7879a929-157c-479e-b81a-350661aa7d45}"
}
],
"Success": true
}