API v2: Access Rights πΒΆ
Data StructuresΒΆ
Attribute | Type | Required | Description |
---|---|---|---|
subject_id |
string | Read-only. Identifier of the subject (e.g., user or group). Uniqueness is required in the combination with attribute object_id . |
|
subject_name |
string | Read-only. Name of the subject. Expensive to use. | |
object_id |
string | Read-only. Identifier of the target object (e.g., safe, server, account). Uniqueness is required in the combination with attribute subject_id . |
|
object_name |
string | Read-only. Name of the target object. Expensive to use. | |
rights |
string-array | Read-only. List of assigned rights. |
Request for Retrieving Available Attributes of the AccessModelsΒΆ
Request
Method | GET |
Path | /api/v2/objspec/{objtype}_access |
Variants |
|
Example Request
GET /api/v2/objspec/account_access
curl -s -k -X GET \
-H 'Authorization: proxycrypto' \
'https://10.31.117.68/api/v2/objspec/account_access'
Get All Access Rules for Selected Object TypeΒΆ
Request
Method | GET |
Path | /api/v2/access/{objtype} |
Variants |
|
Example Request
GET /api/v2/access/safe
curl -s -k -X GET \
-H 'Authorization: proxycrypto' \
'https://10.31.117.68/api/v2/access/safe'
Response
{
"result": "success",
"safe_access": [
{
"subject_id": "1",
"subject_name": "system",
"object_id": "2",
"object_name": "portal",
"rights": [
"read",
"modify",
"delete",
"block",
"account-add",
"account-remove",
"group-add",
"group-remove",
"user-add",
"user-remove"
]
},
{
"subject_id": "1",
"subject_name": "system",
"object_id": "8673932882315575297",
"object_name": "main",
"rights": [
"read",
"modify",
"delete",
"block",
"account-add",
"account-remove",
"group-add",
"group-remove",
"user-add",
"user-remove"
]
},
{
"subject_id": "8673932882315575297",
"subject_name": "admin",
"object_id": "2",
"object_name": "portal",
"rights": [
"read",
"modify",
"delete",
"block",
"account-add",
"account-remove",
"group-add",
"group-remove",
"user-add",
"user-remove"
]
},
{
"subject_id": "8673932882315575297",
"subject_name": "admin",
"object_id": "8673932882315575297",
"object_name": "main",
"rights": [
"read",
"modify",
"delete",
"block",
"account-add",
"account-remove",
"group-add",
"group-remove",
"user-add",
"user-remove"
]
}
]
}
Get Access Rights of a Subject to a Specific ObjectΒΆ
Request
Method | GET |
Path | /api/v2/access/<subject_id>/{objtype}/<object_id> |
Variants |
|
Example: Retrieve Access Rights of User <user_id> to Group <group_id>
GET /api/v2/access/<user_id>/group/<group_id>
Note
<user_id>
β Unique identifier (ID) of the user.
<group_id>
β Unique identifier (ID) of the group.
Example Request
curl -s -k -X GET \
-H 'Authorization: proxycrypto' \
'https://10.31.117.68/api/v2/access/8673932882315575297/group/8673932882315575297'
Response
{
"result": "success",
"group_access": {
"subject_id": "8673932882315575297",
"subject_name": "admin",
"object_id": "8673932882315575297",
"object_name": "Group_1",
"rights": [
"read",
"modify",
"delete",
"user-add",
"user-remove"
]
}
}
Examples of Filtered Access RequestsΒΆ
Example 1: Retrieve All Accounts Accessible by User <user_id>
Request
Method | GET |
Path | /api/v2/access/account?filter=subject_id.eq(<user_id>) |
Note
<user_id>
β Unique identifier (ID) of the user.
GET /api/v2/access/account?filter=subject_id.eq(<user_id>)
Example Request
curl -s -k -X GET \
-H 'Authorization: proxycrypto' \
'https://10.31.117.68/api/v2/access/account?filter=subject_id.eq(8673932882315575297)'
Response
{
"result": "success",
"account_access": [
{
"subject_id": "8673932882315575297",
"subject_name": "admin",
"object_id": "8673932882315575299",
"object_name": "ad-user1-windows",
"rights": [
"read",
"modify",
"delete",
"block"
]
},
{
"subject_id": "8673932882315575297",
"subject_name": "admin",
"object_id": "8673932882315575300",
"object_name": "jools-Linux",
"rights": [
"read",
"modify",
"delete",
"block"
]
},
{
"subject_id": "8673932882315575297",
"subject_name": "admin",
"object_id": "8673932882315575301",
"object_name": "root-fudo",
"rights": [
"read",
"modify",
"delete",
"block"
]
}
]
}
Example 2: Retrieve All Users with Access to Safe <safe_id>
Request
Method | GET |
Path | /api/v2/access/safe?filter=object_id.eq(<safe_id>) |
Note
<safe_id>
β Unique identifier (ID) of the safe.
GET /api/v2/access/safe?filter=object_id.eq(<safe_id>)
Example Request
curl -s -k -X GET \
-H 'Authorization: proxycrypto' \
'https://10.31.117.68/api/v2/access/safe?filter=object_id.eq(8673932882315575297)'
Response
{
"result": "success",
"safe_access": [
{
"subject_id": "8673932882315575297",
"subject_name": "admin",
"object_id": "2",
"object_name": "portal",
"rights": [
"read",
"modify",
"delete",
"block",
"account-add",
"account-remove",
"group-add",
"group-remove",
"user-add",
"user-remove"
]
},
{
"subject_id": "8673932882315575297",
"subject_name": "admin",
"object_id": "8673932882315575297",
"object_name": "main",
"rights": [
"read",
"modify",
"delete",
"block",
"account-add",
"account-remove",
"group-add",
"group-remove",
"user-add",
"user-remove"
]
}
]
}
Example 3: Retrieve Users Who Can Delete Server <server_id>
Request
Method | GET |
Path | /api/v2/access/server?filter=object_id.eq(<server_id>), rights.contains(delete) |
Note
<server_id>
β Unique identifier (ID) of the server.
GET /api/v2/access/server?filter=object_id.eq(<server_id>),rights .contains(delete)
Example Request
curl -s -k -X GET \
-H 'Authorization: proxycrypto' \
'https://10.31.117.68/api/v2/access/server?filter=object_id.eq(8673932882315575301),rights.contains(delete)'
Response
{
"result": "success",
"server_access": [
{
"subject_id": "1",
"subject_name": "system",
"object_id": "8673932882315575301",
"object_name": "fudo",
"rights": [
"read",
"modify",
"delete",
"block"
]
},
{
"subject_id": "8673932882315575297",
"subject_name": "admin",
"object_id": "8673932882315575301",
"object_name": "fudo",
"rights": [
"read",
"modify",
"delete",
"block"
]
}
]
}