Root Access Control
- Last UpdatedOct 05, 2022
- 2 minute read
APIs to manage default access to entities governed by an AccessControlList.
Get Root Namespace Acl
Retrieves the AccessControlList that is used to authorize access to a Namespace if none is specified during creation.
Request
GET /api/v1/Tenants/{tenantId}/AccessControl/Namespaces
Parameters
string tenantId
The identifier of the Tenant.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | AccessControlList | The root AccessControlList for Namespace. |
| 400 | None | Could not retrieve the AccessControlList due to missing or invalid input. |
| 403 | None | Forbidden. |
Example response body
200 Response
{
"RoleTrusteeAccessControlEntries": [
{
"Trustee": {
"Type": 3,
"ObjectId": "a4e06a18-9a0e-4721-9772-524c937bdb5c"
},
"AccessRights": 1
},
{
"Trustee": {
"Type": 3,
"ObjectId": "a9a3b01b-e0d3-49c9-b931-72433152c192"
},
"AccessRights": 3
},
{
"Trustee": {
"Type": 3,
"ObjectId": "e1aaf6ac-3416-4db2-bd5d-d62b13340f4d"
},
"AccessRights": 31
}
]
}
Set Root Namespace Acl
Modifies the AccessControlList that is used to authorize access to a Namespace if none is specified during creation.
Request
PUT /api/v1/Tenants/{tenantId}/AccessControl/Namespaces
Parameters
string tenantId
The identifier of the Tenant.
Request Body
The new root AccessControlList for Namespaces.
{
"RoleTrusteeAccessControlEntries": [
{
"Trustee": {
"Type": 1,
"ObjectId": "string",
"TenantId": "string"
},
"AccessType": 0,
"AccessRights": 0
}
]
}
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | AccessControlList | The new AccessControlList for Namespace. |
| 400 | None | Could not update the AccessControlList due to missing or invalid input. |
| 403 | None | Forbidden. |
| 405 | None | Method not allowed at this base URL. Try the request again at the Global base URL. |
Example response body
200 Response
{
"RoleTrusteeAccessControlEntries": [
{
"Trustee": {
"Type": 3,
"ObjectId": "a4e06a18-9a0e-4721-9772-524c937bdb5c"
},
"AccessRights": 1
},
{
"Trustee": {
"Type": 3,
"ObjectId": "a9a3b01b-e0d3-49c9-b931-72433152c192"
},
"AccessRights": 3
},
{
"Trustee": {
"Type": 3,
"ObjectId": "e1aaf6ac-3416-4db2-bd5d-d62b13340f4d"
},
"AccessRights": 31
}
]
}
Definitions
AccessControlList
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| RoleTrusteeAccessControlEntries | [AccessControlEntry] | false | true | None |
{
"RoleTrusteeAccessControlEntries": [
{
"Trustee": {
"Type": 1,
"ObjectId": "string",
"TenantId": "string"
},
"AccessType": 0,
"AccessRights": 0
}
]
}
AccessControlEntry
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| Trustee | Trustee | false | true | None |
| AccessType | AccessType | false | false | None |
| AccessRights | int64 | false | false | None |
{
"Trustee": {
"Type": 1,
"ObjectId": "string",
"TenantId": "string"
},
"AccessType": 0,
"AccessRights": 0
}
Trustee
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| Type | TrusteeType | false | false | None |
| ObjectId | string | false | true | None |
| TenantId | string | false | true | None |
{
"Type": 1,
"ObjectId": "string",
"TenantId": "string"
}
TrusteeType
Enumerated Values
| Property | Value |
|---|---|
| User | 1 |
| Client | 2 |
| Role | 3 |
AccessType
Enumerated Values
| Property | Value |
|---|---|
| Allowed | 0 |
| Denied | 1 |