PUT Permissions/Object/{guid}/(ptype)/{principal}
Modifies a principal's existing permissions. The principal identity can originate from an AD, LDAP, or local identity provider.
Requirements
- Permissions: The caller must have Manage permission to the specified object. The caller must also be logged into the same identity provider as the specified principal. For example, if the principal is a group that uses ActiveDirectory1, the caller must also be an account that is accessible via ActiveDirectory1.
- Token scope: Security:Manage
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
Object |
In the request URL, specify the word Object. |
{guid} |
In the request URL, specify the GUID of the object for which to list principals assigned permissions. |
(ptype) |
In the request URL, use the appropriate syntax for the identity provider type:
|
{principal} |
In the request URL, specify a Universal Unique Identifier (UUID) of a person or group. Otherwise, specify the Prefixed Universal. To get this information, call POST Identity/Browse. |
(permissions) |
Case sensitive. In the request body, specify one or more Effective Permissions parameters to grant the principal access to the object. |
Returns
Returns no other content except unless there is an error.
Name |
Description |
---|---|
HTTP 200 |
OK. Successful change of permissions assignment for the specified object and principal. |
HTTP 404 |
Not found. Error |
Error |
Permission does not exist so cannot be updated. Accompanies a HTTP 404. |
Example 1: Set New Permissions for Principal
Request for Example 1
PUT https://test.venafi.example/vedsdk/Permissions/object/{3415e47d-835c-4949-af5b-c226817f7d40}/local/{a58437d1-e6d4-46f8-b790-bc1bedb943f1} Authorization:Bearer 4MyGeneratedBearerTknz== { "IsAssociateAllowed":true, "IsCreateAllowed":true, "IsDeleteAllowed":true, "IsManagePermissionsAllowed":true, "IsPolicyWriteAllowed":true, "IsPrivateKeyReadAllowed":true, "IsPrivateKeyWriteAllowed":true, "IsReadAllowed":true, "IsRenameAllowed":true, "IsRevokeAllowed":true, "IsViewAllowed":true, "IsWriteAllowed":true }
Response for Example 1
HTTP/1.1 200 OK { }
Example 2: Find a principal that has no granted permissions
In this example, the principal specified does not currently have permissions granted on the object so they cannot be modified using the PUT Permissions/Object/Principal.
Request for Example 2
PUT https://test.venafi.example/vedsdk/Permissions/object/{3415e47d-835c-4949-af5b-c226817f7d40}/local/{a58437d1-e6d4-46f8-b790-bc1bedb943f1} Authorization:Bearer 4MyGeneratedBearerTknz== { "IsAssociateAllowed":true, "IsCreateAllowed":true, "IsDeleteAllowed":true, "IsManagePermissionsAllowed":true, "IsPolicyWriteAllowed":true, "IsPrivateKeyReadAllowed":true, "IsPrivateKeyWriteAllowed":true, "IsReadAllowed":true, "IsRenameAllowed":true, "IsRevokeAllowed":true, "IsViewAllowed":true, "IsWriteAllowed":true }
Response for Example 2
HTTP/1.1 404 Not Found { "Error":"Permission does not exist so cannot be updated." }