Access Policy
An Object
| Note |
Parent
This Access Policy is contained within a Platform.
Properties
The following properties are available:
| Property | Type | Default | Read-Only | Description |
|---|---|---|---|---|
| _doc | string | No | The primary ID | |
| _system | object | No | Metadata maintained by the system | |
| order | string | No | ||
| scope | string | No | ||
| statements | array | No |
Methods
The following methods are available:
- Assign
- Check Permission
- Check Single Authority
- Check multiple Authorities
- Check multiple Permissions
- Conditions
- Create Access Policy
- Delete Access Policy
- Delete Access Policy
- Find
- Finds all of the resources that are assigned targets of this access policy. The targets are returned as references which identify resources that are bestowed the grants and revokes indicated by the policy. The targets are generally Users, Groups or Teams.
- Grant Authority
- Lists Access Policy
- Lists access policy templates
- Lists the system access policies
- Queries for Access Policy
- Read ACL
- Read ACL for Principal
- Read Access Policy
- Read Authorities Report
- Read a system access policy
- Read an access policy template
- Revoke Authority
- Starts an export job for this resource
- Starts an import job for this resource
- Unassign
- Unassignall
- Update Access Policy
- Update Access Policy
Assign
POST /access/policies/{accessPolicyId}/assign
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| accessPolicyId | true | string | |
| ref | true | string |
Response
{}Check Permission
Checks whether one or more authorities against the specified accessPolicy are granted for a given set of users
POST /access/policies/{accessPolicyId}/permissions/{permissionId}/check
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| accessPolicyId | true | string | |
| permissionId | true | string | |
| id | true | string |
Response
{
"$ref": "#/components/schemas/checkPermission"
}Check Single Authority
Checks whether a single authority is granted against the specified accessPolicy for the given user
POST /access/policies/{accessPolicyId}/authorities/{authorityId}/check
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| accessPolicyId | true | string | |
| authorityId | true | string | The ID or authority key for the authority |
| id | true | string |
Response
{
"type": "object",
"description": "Check",
"extends": "status",
"properties": {
"check": {
"type": "boolean"
},
"ok": null
}
}Check multiple Authorities
Checks whether one or more authorities against the specified accessPolicy are granted for a given set of users
POST /access/policies/authorities/check
Parameters
This function has no parameters.
Response
{
"type": "object",
"description": "Check Multiple Authorities Out",
"properties": {
"checks": {
"type": "array",
"items": {
"type": "object",
"properties": {
"permissionedId": {
"type": "string"
},
"principalId": {
"type": "string"
},
"authorityId": {
"type": "string"
},
"result": {
"type": "boolean"
}
}
}
}
}
}Check multiple Permissions
Checks whether one or more permissions against the specified accessPolicy are granted for a given set of users
POST /access/policies/permissions/check
Parameters
This function has no parameters.
Response
{
"type": "object",
"description": "Check Multiple Permissions Out",
"properties": {
"checks": {
"type": "array",
"items": {
"type": "object",
"properties": {
"permissionedId": {
"type": "string"
},
"principalId": {
"type": "string"
},
"permissionId": {
"type": "string"
},
"result": {
"type": "boolean"
}
}
}
}
}
}Create Access Policy
Creates a new Access Policy
POST /access/policies
Parameters
This function has no parameters.
Response
{
"type": "object",
"description": "Status of Operation",
"properties": {
"ok": {
"type": "boolean",
"description": "Indicates whether the operation succeeded or not"
}
}
}Delete Access Policy
Deletes an existing Access Policy
DELETE /access/policies/{accessPolicyId}
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| accessPolicyId | true | string |
Response
{
"type": "object",
"description": "Status of Operation",
"properties": {
"ok": {
"type": "boolean",
"description": "Indicates whether the operation succeeded or not"
}
}
}Delete Access Policy
Deletes an existing Access Policy
POST /access/policies/{accessPolicyId}/delete
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| accessPolicyId | true | string |
Response
{
"type": "object",
"description": "Status of Operation",
"properties": {
"ok": {
"type": "boolean",
"description": "Indicates whether the operation succeeded or not"
}
}
}Find
POST /access/policies/find
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| ref | true | string | |
| scope | false | string |
Response
{}Finds all of the resources that are assigned targets of this access policy. The targets are returned as references which identify resources that are bestowed the grants and revokes indicated by the policy. The targets are generally Users, Groups or Teams.
List the assigned targets
GET /access/policies/{accessPolicyId}/targets
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| accessPolicyId | true | string | the ID of the access policy |
| sort | false | object | Defines how to sort fields in the result set |
| skip | false | number | Skips the result set cursor ahead the specified number of records |
| limit | false | number | Specifies the number of records to be handed back in the result set |
Response
{
"type": "object",
"description": "Result Map",
"properties": {
"total_rows": {
"type": "number"
},
"offset": {
"type": "number"
},
"size": {
"type": "number"
},
"rows": {
"type": "array",
"items": {
"$ref": "#/components/schemas/resultmap_accessPolicy"
}
}
}
}Grant Authority
Grants an authority against the specified accessPolicy to a given user
POST /access/policies/{accessPolicyId}/authorities/{authorityId}/grant
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| accessPolicyId | true | string | |
| authorityId | true | string | |
| id | true | string |
Response
{
"type": "object",
"description": "Status of Operation",
"properties": {
"ok": {
"type": "boolean",
"description": "Indicates whether the operation succeeded or not"
}
}
}Lists Access Policy
Retrieves a list of Access Policy instances
GET /access/policies
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| sort | false | object | Defines how to sort fields in the result set |
| skip | false | number | Skips the result set cursor ahead the specified number of records |
| limit | false | number | Specifies the number of records to be handed back in the result set |
Response
{
"type": "object",
"description": "Result Map",
"properties": {
"total_rows": {
"type": "number"
},
"offset": {
"type": "number"
},
"size": {
"type": "number"
},
"rows": {
"type": "array",
"items": {
"$ref": "#/components/schemas/resultmap_accessPolicy"
}
}
}
}Lists access policy templates
Lists access policy templates
GET /access/policies/templates
Parameters
This function has no parameters.
Response
{}Lists the system access policies
Lists the system access policies
GET /access/policies/system
Parameters
This function has no parameters.
Response
{}Queries for Access Policy
Queries for instances of type Access Policy
POST /access/policies/query
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| sort | false | object | Defines how to sort fields in the result set |
| skip | false | number | Skips the result set cursor ahead the specified number of records |
| limit | false | number | Specifies the number of records to be handed back in the result set |
Response
{
"type": "object",
"description": "Result Map",
"properties": {
"total_rows": {
"type": "number"
},
"offset": {
"type": "number"
},
"size": {
"type": "number"
},
"rows": {
"type": "array",
"items": {
"$ref": "#/components/schemas/resultmap_accessPolicy"
}
}
}
}Read ACL
Read the Access Control List for the specified accessPolicy
GET /access/policies/{accessPolicyId}/acl/list
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| accessPolicyId | true | string |
Response
{
"type": "object",
"description": "Result Map of ACL entries",
"properties": {
"total_rows": {
"type": "number"
},
"offset": {
"type": "number"
},
"size": {
"type": "number"
},
"rows": {
"type": "array",
"items": {
"type": "object",
"properties": {
"_doc": {
"type": "string",
"title": "Principal ID"
},
"name": {
"type": "string",
"title": "Principal Name"
},
"type": {
"type": "string",
"title": "Principal Type"
},
"domainId": {
"type": "string"
},
"domainQualifiedId": {
"type": "string"
},
"domainQualifiedName": {
"type": "string"
},
"principalId": {
"type": "string",
"title": "Principal ID"
},
"userEmail": {
"type": "string"
},
"userFirstName": {
"type": "string"
},
"userLastName": {
"type": "string"
},
"authorities": {
"type": "array",
"title": "Authorities",
"items": {
"type": "string",
"title": "Authority Key"
}
}
}
}
}
}
}Read ACL for Principal
Read the Access Control List for the specified accessPolicy and the given principal
GET /access/policies/{accessPolicyId}/acl
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| accessPolicyId | true | string | |
| id | true | string |
Response
{
"type": "object",
"description": "Result Map of Authority Keys",
"properties": {
"total_rows": {
"type": "number"
},
"offset": {
"type": "number"
},
"size": {
"type": "number"
},
"rows": {
"type": "array",
"items": {
"type": "string",
"description": "Authority Key"
}
}
}
}Read Access Policy
Reads an instance of a Access Policy
GET /access/policies/{accessPolicyId}
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| accessPolicyId | true | string |
Response
{
"type": "object",
"extends": "document",
"description": "Access Policy",
"container": "platform",
"properties": {
"scope": {
"type": "string"
},
"statements": {
"type": "array",
"items": {
"type": "object",
"items": {
"action": {
"type": "string"
},
"roles": {
"type": "array",
"items": {
"type": "string"
}
},
"conditions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"type": {
"type": "string"
},
"config": {
"type": "object"
}
}
}
}
}
}
},
"order": {
"type": "string"
},
"_doc": null,
"_system": null
}
}Read Authorities Report
Read the Authorities Report for the specified accessPolicy
POST /access/policies/{accessPolicyId}/authorities
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| accessPolicyId | true | string |
Response
{
"type": "object",
"description": "Authority Report",
"properties": {
"principalId": {
"type": "object",
"properties": {
"id": {
"type": "object",
"properties": {
"role-key": {
"type": "string"
},
"principal": {
"type": "string"
},
"permissioned": {
"type": "string"
},
"inheritsFrom": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"principal": {
"type": "string"
},
"permissioned": {
"type": "string"
}
}
}
}
}
}
}
}
}Read a system access policy
Read a system access policy
GET /access/policies/system/{key}
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| key | true | string |
Response
{}Read an access policy template
Read an access policy template
GET /access/policies/templates/{templateKey}
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| templateKey | true | string |
Response
{}Revoke Authority
Revokes an authority against the specified accessPolicy from a given user
POST /access/policies/{accessPolicyId}/authorities/{authorityId}/revoke
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| accessPolicyId | true | string | |
| authorityId | true | string | |
| id | true | string |
Response
{
"type": "object",
"description": "Status of Operation",
"properties": {
"ok": {
"type": "boolean",
"description": "Indicates whether the operation succeeded or not"
}
}
}Starts an export job for this resource
Starts an export job for this resource
POST /access/policies/{accessPolicyId}/export
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| accessPolicyId | true | string | |
| groupId | false | string | The Group ID to be assigned to the exported archive |
| artifactId | false | string | The Artifact ID to be assigned to the exported archive |
| versionId | false | string | The Version ID to be assigned to the exported archive |
| vaultId | false | string | The ID of the vault where the exported archive should be saved |
| schedule | false | string | Whether to run the job immediately or in the background (either 'synchronous' or 'asynchronous') |
Response
{
"type": "object",
"description": "Export Configuration",
"properties": {
"startDate": {
"type": "object"
},
"endDate": {
"type": "object"
},
"startChangeset": {
"type": "string"
},
"endChangeset": {
"type": "string"
},
"includeACLs": {
"type": "boolean"
},
"includeTeams": {
"type": "boolean"
},
"includeActivities": {
"type": "boolean"
},
"includeBinaries": {
"type": "boolean"
},
"includeAttachments": {
"type": "boolean"
},
"artifactDependencies": {
"type": "array",
"items": {
"type": "object"
}
},
"artifactIncludes": {
"type": "array",
"items": {
"type": "object"
}
},
"forceIncludes": {
"type": "boolean"
}
}
}Starts an import job for this resource
Starts an import job for this resource
POST /access/policies/{accessPolicyId}/import
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| accessPolicyId | true | string | |
| groupId | false | string | The Group ID to be assigned to the exported archive |
| artifactId | false | string | The Artifact ID to be assigned to the exported archive |
| versionId | false | string | The Version ID to be assigned to the exported archive |
| vaultId | false | string | The ID of the vault where the exported archive should be saved |
| schedule | false | string | Whether to run the job immediately or in the background (either 'synchronous' or 'asynchronous') |
Response
{
"type": "object",
"description": "Import Configuration",
"properties": {
"includeACLs": {
"type": "boolean"
},
"includeTeams": {
"type": "boolean"
},
"includeActivities": {
"type": "boolean"
},
"includeBinaries": {
"type": "boolean"
},
"includeAttachments": {
"type": "boolean"
},
"strategy": {
"type": "array",
"items": {
"type": "string"
}
},
"substitutions": {
"type": "string"
}
}
}Unassign
POST /access/policies/{accessPolicyId}/unassign
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| accessPolicyId | true | string | |
| ref | true | string |
Response
{}Unassignall
POST /access/policies/unassignall
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| ref | true | string |
Response
{}Update Access Policy
Updates an existing Access Policy
PUT /access/policies/{accessPolicyId}
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| accessPolicyId | true | string |
Response
{
"type": "object",
"description": "Status of Operation",
"properties": {
"ok": {
"type": "boolean",
"description": "Indicates whether the operation succeeded or not"
}
}
}Update Access Policy
Updates an existing Access Policy
POST /access/policies/{accessPolicyId}/update
Parameters
| Name | Required | Type | Description |
|---|---|---|---|
| accessPolicyId | true | string |
Response
{
"type": "object",
"description": "Status of Operation",
"properties": {
"ok": {
"type": "boolean",
"description": "Indicates whether the operation succeeded or not"
}
}
}Schema
{
"type": "object",
"extends": "document",
"description": "Access Policy",
"container": "platform",
"properties": {
"scope": {
"type": "string"
},
"statements": {
"type": "array",
"items": {
"type": "object",
"items": {
"action": {
"type": "string"
},
"roles": {
"type": "array",
"items": {
"type": "string"
}
},
"conditions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"type": {
"type": "string"
},
"config": {
"type": "object"
}
}
}
}
}
}
},
"order": {
"type": "string"
},
"_doc": null,
"_system": null
},
"id": "accessPolicy"
}