Access Control List
- Last UpdatedSep 08, 2023
- 6 minute read
List Access Rights
Returns a list of the CommonAccessRights the requesting Identity has on the specified rule.
Request
GET /api/v1/tenants/{tenantId}/namespaces/{namespaceId}/assetrules/{ruleId}/accessrights
Parameters
string tenantId
Tenant identifier.string namespaceId
Namespace identifier.string ruleId
Rule identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | Inline | The CommonAccessRights the requesting Identity has on the specified rule. |
| 403 | ResponseBody | Forbidden. |
| 404 | ResponseBody | The specified rule was not found. |
| 500 | ResponseBody | Internal server error. |
Example response body
200 Response
[
"Read",
"Write",
"Delete",
"ManageAccessControl"
]
403 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
404 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
500 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
Access Control List
Get Acl
Returns the AccessControlList of the specified rule.
Request
GET /api/v1/tenants/{tenantId}/namespaces/{namespaceId}/assetrules/{ruleId}/accesscontrol
Parameters
string tenantId
Tenant identifier.string namespaceId
Namespace identifier.string ruleId
Rule identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | AccessControlList | Success. |
| 403 | ResponseBody | Forbidden. |
| 404 | ResponseBody | The specified rule was not found. |
| 500 | ResponseBody | Internal server error. |
Example response body
200 Response
{
"RoleTrusteeAccessControlEntries": [
{
"Trustee": {
"Type": 3,
"ObjectId": "00000000-0000-0000-0000-000000000000"
},
"AccessType": 0,
"AccessRights": 15
}
]
}
403 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
404 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
500 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
Set Acl
Replaces the AccessControlList of the specified rule.
Request
PUT /api/v1/tenants/{tenantId}/namespaces/{namespaceId}/assetrules/{ruleId}/accesscontrol
Parameters
string tenantId
Tenant identifier.string namespaceId
Namespace identifier.string ruleId
Rule identifier.
Request Body
The ACL object.
{
"RoleTrusteeAccessControlEntries": [
{
"Trustee": {
"Type": 1,
"ObjectId": "string",
"TenantId": "string"
},
"AccessType": 0,
"AccessRights": 0
}
]
}
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | AccessControlList | The new AccessControlList. |
| 400 | ResponseBody | Missing or invalid inputs. |
| 403 | ResponseBody | Forbidden. |
| 404 | ResponseBody | The specified rule was not found. |
| 500 | ResponseBody | Internal server error. |
Example response body
200 Response
{
"RoleTrusteeAccessControlEntries": [
{
"Trustee": {
"Type": 3,
"ObjectId": "00000000-0000-0000-0000-000000000000"
},
"AccessType": 0,
"AccessRights": 15
}
]
}
400 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
403 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
404 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
500 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
Get Collection Acl
Returns the AccessControlList for the rules collection.
Request
GET /api/v1/tenants/{tenantId}/namespaces/{namespaceId}/accesscontrol/assetrules
Parameters
string tenantId
Tenant identifier.string namespaceId
Namespace identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | AccessControlList | The AccessControlList for the rules collection. |
| 403 | ResponseBody | Forbidden. |
| 500 | ResponseBody | Internal server error. |
Example response body
200 Response
{
"RoleTrusteeAccessControlEntries": [
{
"Trustee": {
"Type": 3,
"ObjectId": "00000000-0000-0000-0000-000000000000"
},
"AccessType": 0,
"AccessRights": 15
}
]
}
403 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
500 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
Set Collection Acl
Replaces the AccessControlList for the rules collection.
Request
PUT /api/v1/tenants/{tenantId}/namespaces/{namespaceId}/accesscontrol/assetrules
Parameters
string tenantId
Tenant identifier.string namespaceId
Namespace identifier.
Request Body
The new ACL for the rules collection.
{
"RoleTrusteeAccessControlEntries": [
{
"Trustee": {
"Type": 1,
"ObjectId": "string",
"TenantId": "string"
},
"AccessType": 0,
"AccessRights": 0
}
]
}
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | AccessControlList | The new AccessControlList for the rules collection. |
| 400 | ResponseBody | Missing or invalid inputs. |
| 403 | ResponseBody | Forbidden. |
| 500 | ResponseBody | Internal server error. |
Example response body
200 Response
{
"RoleTrusteeAccessControlEntries": [
{
"Trustee": {
"Type": 3,
"ObjectId": "00000000-0000-0000-0000-000000000000"
},
"AccessType": 0,
"AccessRights": 15
}
]
}
400 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
403 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
500 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
Access Control List
List Access Rights
Returns a list of the CommonAccessRights the requesting Identity has on the assetrules collection.
Request
GET /api/v1/tenants/{tenantId}/namespaces/{namespaceId}/AccessRights/AssetRules
Parameters
string tenantId
Tenant identifier.string namespaceId
Namespace identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | Inline | The CommonAccessRights the requesting Identity has on the assetrules collection. |
| 403 | ResponseBody | Forbidden. |
| 404 | ResponseBody | The specified rule was not found. |
| 500 | ResponseBody | Internal server error. |
Example response body
200 Response
[
"Read",
"Write",
"Delete",
"ManageAccessControl"
]
403 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
404 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
500 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
Access Control List
Get Owner
Returns the Trustee of the specified rule.
Request
GET /api/v1/tenants/{tenantId}/namespaces/{namespaceId}/assetrules/{ruleId}/owner
Parameters
string tenantId
Tenant identifier.string namespaceId
Namespace identifier.string ruleId
Rule identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | Trustee | The Trustee of the specified rule. |
| 403 | ResponseBody | Forbidden. |
| 404 | ResponseBody | The specified rule was not found. |
| 500 | ResponseBody | Internal server error. |
Example response body
200 Response
{
"Type": 2,
"TenantId": "00000000-0000-0000-0000-000000000000",
"ObjectId": "00000000-0000-0000-0000-000000000000"
}
403 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
404 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
500 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
Set Owner
Replaces the Trustee of the specified rule.
Request
PUT /api/v1/tenants/{tenantId}/namespaces/{namespaceId}/assetrules/{ruleId}/owner
Parameters
string tenantId
Tenant identifier.string namespaceId
Namespace identifier.string ruleId
Rule identifier.
Request Body
The owner.
{
"Type": 1,
"ObjectId": "string",
"TenantId": "string"
}
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | Trustee | The new Trustee of the specified rule. |
| 400 | ResponseBody | Missing or invalid inputs. |
| 403 | ResponseBody | Forbidden. |
| 404 | ResponseBody | The specified rule was not found. |
| 500 | ResponseBody | Internal server error. |
Example response body
200 Response
{
"Type": 2,
"TenantId": "00000000-0000-0000-0000-000000000000",
"ObjectId": "00000000-0000-0000-0000-000000000000"
}
400 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
403 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
404 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
500 Response
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
Definitions
ResponseBody
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| OperationId | string | false | true | None |
| Error | string | false | true | None |
| Reason | string | false | true | None |
| Resolution | string | false | true | None |
| Parameters | object | false | true | None |
{
"OperationId": "00000000-0000-0000-0000-000000000000",
"Error": "Error message.",
"Reason": "Reason that caused the error.",
"Resolution": "Possible resolution for the error.",
"Parameters": {
"key1": "value1",
"key2": "value2"
}
}
AccessControlList
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| RoleTrusteeAccessControlEntries | [AccessControlEntry] | false | true | None |
{
"RoleTrusteeAccessControlEntries": [
{
"Trustee": {
"Type": 1,
"ObjectId": "string",
"TenantId": "string"
},
"AccessType": 0,
"AccessRights": 0
}
]
}
AccessControlEntry
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| Trustee | Trustee | false | true | None |
| AccessType | AccessType | false | false | None |
| AccessRights | int64 | false | false | None |
{
"Trustee": {
"Type": 1,
"ObjectId": "string",
"TenantId": "string"
},
"AccessType": 0,
"AccessRights": 0
}
Trustee
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| Type | TrusteeType | false | false | None |
| ObjectId | string | false | true | None |
| TenantId | string | false | true | None |
{
"Type": 1,
"ObjectId": "string",
"TenantId": "string"
}
TrusteeType
Enumerated Values
| Property | Value |
|---|---|
| User | 1 |
| Client | 2 |
| Role | 3 |
AccessType
Enumerated Values
| Property | Value |
|---|---|
| Allowed | 0 |
| Denied | 1 |