API v2: Access Rights πŸ†•ΒΆ

Data StructuresΒΆ

AccessModelΒΆ
Attribute Type Required Description
subject_id string   Read-only. Identifier of the subject (e.g., user or group). Uniqueness is required in the combination with attribute object_id.
subject_name string   Read-only. Name of the subject. Expensive to use.
object_id string   Read-only. Identifier of the target object (e.g., safe, server, account). Uniqueness is required in the combination with attribute subject_id.
object_name string   Read-only. Name of the target object. Expensive to use.
rights string-array   Read-only. List of assigned rights.

Request for Retrieving Available Attributes of the AccessModelsΒΆ

Request

Method GET
Path /api/v2/objspec/{objtype}_access
Variants
  • /api/v2/objspec/account_access
  • /api/v2/objspec/group_access
  • /api/v2/objspec/pool_access
  • /api/v2/objspec/safe_access
  • /api/v2/objspec/server_access
  • /api/v2/objspec/user_access

Example Request

GET /api/v2/objspec/account_access

curl -s -k -X GET \
  -H 'Authorization: proxycrypto' \
  'https://10.31.117.68/api/v2/objspec/account_access'

Get All Access Rules for Selected Object TypeΒΆ

Request

Method GET
Path /api/v2/access/{objtype}
Variants
  • /api/v2/access/account
  • /api/v2/access/group
  • /api/v2/access/pool
  • /api/v2/access/safe
  • /api/v2/access/server
  • /api/v2/access/user

Example Request

GET /api/v2/access/safe

curl -s -k -X GET \
  -H 'Authorization: proxycrypto' \
  'https://10.31.117.68/api/v2/access/safe'

Response

{
    "result": "success",
    "safe_access": [
        {
            "subject_id": "1",
            "subject_name": "system",
            "object_id": "2",
            "object_name": "portal",
            "rights": [
                "read",
                "modify",
                "delete",
                "block",
                "account-add",
                "account-remove",
                "group-add",
                "group-remove",
                "user-add",
                "user-remove"
            ]
        },
        {
            "subject_id": "1",
            "subject_name": "system",
            "object_id": "8673932882315575297",
            "object_name": "main",
            "rights": [
                "read",
                "modify",
                "delete",
                "block",
                "account-add",
                "account-remove",
                "group-add",
                "group-remove",
                "user-add",
                "user-remove"
            ]
        },
        {
            "subject_id": "8673932882315575297",
            "subject_name": "admin",
            "object_id": "2",
            "object_name": "portal",
            "rights": [
                "read",
                "modify",
                "delete",
                "block",
                "account-add",
                "account-remove",
                "group-add",
                "group-remove",
                "user-add",
                "user-remove"
            ]
        },
        {
            "subject_id": "8673932882315575297",
            "subject_name": "admin",
            "object_id": "8673932882315575297",
            "object_name": "main",
            "rights": [
                "read",
                "modify",
                "delete",
                "block",
                "account-add",
                "account-remove",
                "group-add",
                "group-remove",
                "user-add",
                "user-remove"
            ]
        }
    ]
}

Get Access Rights of a Subject to a Specific ObjectΒΆ

Request

Method GET
Path /api/v2/access/<subject_id>/{objtype}/<object_id>
Variants
  • /api/v2/access/<subject_id>/safe/<object_id>
  • /api/v2/access/<subject_id>/group/<object_id>
  • /api/v2/access/<subject_id>/pool/<object_id>
  • /api/v2/access/<subject_id>/safe/<object_id>
  • /api/v2/access/<subject_id>/server/<object_id>
  • /api/v2/access/<subject_id>/user/<object_id>

Example: Retrieve Access Rights of User <user_id> to Group <group_id>

GET /api/v2/access/<user_id>/group/<group_id>

Note

<user_id> – Unique identifier (ID) of the user.

<group_id> – Unique identifier (ID) of the group.

Example Request

curl -s -k -X GET \
  -H 'Authorization: proxycrypto' \
  'https://10.31.117.68/api/v2/access/8673932882315575297/group/8673932882315575297'

Response

{
    "result": "success",
    "group_access": {
        "subject_id": "8673932882315575297",
        "subject_name": "admin",
        "object_id": "8673932882315575297",
        "object_name": "Group_1",
        "rights": [
            "read",
            "modify",
            "delete",
            "user-add",
            "user-remove"
        ]
    }
}

Examples of Filtered Access RequestsΒΆ

Example 1: Retrieve All Accounts Accessible by User <user_id>

Request

Method GET
Path /api/v2/access/account?filter=subject_id.eq(<user_id>)

Note

<user_id> – Unique identifier (ID) of the user.

GET /api/v2/access/account?filter=subject_id.eq(<user_id>)

Example Request

curl -s -k -X GET \
  -H 'Authorization: proxycrypto' \
  'https://10.31.117.68/api/v2/access/account?filter=subject_id.eq(8673932882315575297)'

Response

{
    "result": "success",
    "account_access": [
        {
            "subject_id": "8673932882315575297",
            "subject_name": "admin",
            "object_id": "8673932882315575299",
            "object_name": "ad-user1-windows",
            "rights": [
                "read",
                "modify",
                "delete",
                "block"
            ]
        },
        {
            "subject_id": "8673932882315575297",
            "subject_name": "admin",
            "object_id": "8673932882315575300",
            "object_name": "jools-Linux",
            "rights": [
                "read",
                "modify",
                "delete",
                "block"
            ]
        },
        {
            "subject_id": "8673932882315575297",
            "subject_name": "admin",
            "object_id": "8673932882315575301",
            "object_name": "root-fudo",
            "rights": [
                "read",
                "modify",
                "delete",
                "block"
            ]
        }
    ]
}

Example 2: Retrieve All Users with Access to Safe <safe_id>

Request

Method GET
Path /api/v2/access/safe?filter=object_id.eq(<safe_id>)

Note

<safe_id> – Unique identifier (ID) of the safe.

GET /api/v2/access/safe?filter=object_id.eq(<safe_id>)

Example Request

curl -s -k -X GET \
  -H 'Authorization: proxycrypto' \
  'https://10.31.117.68/api/v2/access/safe?filter=object_id.eq(8673932882315575297)'

Response

{
    "result": "success",
    "safe_access": [
        {
            "subject_id": "8673932882315575297",
            "subject_name": "admin",
            "object_id": "2",
            "object_name": "portal",
            "rights": [
                "read",
                "modify",
                "delete",
                "block",
                "account-add",
                "account-remove",
                "group-add",
                "group-remove",
                "user-add",
                "user-remove"
            ]
        },
        {
            "subject_id": "8673932882315575297",
            "subject_name": "admin",
            "object_id": "8673932882315575297",
            "object_name": "main",
            "rights": [
                "read",
                "modify",
                "delete",
                "block",
                "account-add",
                "account-remove",
                "group-add",
                "group-remove",
                "user-add",
                "user-remove"
            ]
        }
    ]
}

Example 3: Retrieve Users Who Can Delete Server <server_id>

Request

Method GET
Path /api/v2/access/server?filter=object_id.eq(<server_id>), rights.contains(delete)

Note

<server_id> – Unique identifier (ID) of the server.

GET /api/v2/access/server?filter=object_id.eq(<server_id>),rights .contains(delete)

Example Request

curl -s -k -X GET \
  -H 'Authorization: proxycrypto' \
  'https://10.31.117.68/api/v2/access/server?filter=object_id.eq(8673932882315575301),rights.contains(delete)'

Response

{
    "result": "success",
    "server_access": [
        {
            "subject_id": "1",
            "subject_name": "system",
            "object_id": "8673932882315575301",
            "object_name": "fudo",
            "rights": [
                "read",
                "modify",
                "delete",
                "block"
            ]
        },
        {
            "subject_id": "8673932882315575297",
            "subject_name": "admin",
            "object_id": "8673932882315575301",
            "object_name": "fudo",
            "rights": [
                "read",
                "modify",
                "delete",
                "block"
            ]
        }
    ]
}