Effective Permissions parameters
Effective permissions grant permission to principal users or groups to perform Trust Protection Platform operations. When any permissions are added or removed from a principal, the corresponding changes also occur in Secret Store without any additional action required by the caller. For example, permission changes automatically update the appropriate Config, UI, and Secret Store permissions.
Web SDK parameter name |
UI permission name |
Effective and any implicit permission grants |
---|---|---|
IsAssociateAllowed |
Associate |
Requires:
The caller can:
|
IsCreateAllowed |
Create |
The caller can create subordinate objects, such as Devices and Applications. Create permission grants implicit View permission. |
IsDeleteAllowed |
Delete |
The caller can delete objects. |
IsManagePermissionsAllowed |
Master Admin or ManagePermissions |
The caller can grant other user or group Identities permission to the current object or subordinate objects. |
IsPolicyWriteAllowed |
Manage Policy |
The caller can modify policy values on folders. Also requires View permission. Manage Policy permission grants implicit Read permission and Write permission. |
IsPrivateKeyReadAllowed |
Private Key Read |
The caller can download the private key for Policy and Certificate objects. |
IsPrivateKeyWriteAllowed |
Private Key Write |
The caller can upload the private key for Policy, Certificate, and Private Key Credential objects to Trust Protection Platform. |
IsReadAllowed |
Read |
The caller can view and read object data from the Policy tree. However, to view subordinate objects, View permission or higher permissions is also required. |
IsRenameAllowed |
Rename |
The caller can rename and move Policy tree objects. Move capability also requires Rename permission to the object and Create permission to the target folder. |
IsRevokeAllowed |
Revoke |
The caller can invalidate a certificate. Also requires Write permission to the certificate. |
IsViewAllowed |
View |
The caller can confirm that the object is present in the Policy tree. |
IsWriteAllowed |
Write |
The caller can edit object attributes. To move objects in the tree, the caller must have Write permission to the objects and Create permission to the target folder. Write permission grants implicit Read permission. |