API v2: Access Rights πΒΆ
Data StructuresΒΆ
Attribute |
Type |
Required |
Description |
|---|---|---|---|
|
string |
Read-only. Identifier of the subject (e.g., user or group). Uniqueness is required in the combination with attribute |
|
|
string |
Read-only. Name of the subject. Expensive to use. |
|
|
string |
Read-only. Identifier of the target object (e.g., safe, server, account). Uniqueness is required in the combination with attribute |
|
|
string |
Read-only. Name of the target object. Expensive to use. |
|
|
string-array |
Read-only. List of assigned rights. |
Retrieve Available Attributes of the AccessModelsΒΆ
Request
Method |
|
Path |
|
Variants |
|
Example Request
GET /api/v2/objspec/account_access
curl -s -k -X GET \
-H 'Authorization: proxycrypto' \
'https://10.31.117.68/api/v2/objspec/account_access'
Get All Access Rules for Selected Object TypeΒΆ
Request
Method |
|
Path |
|
Variants |
|
Example Request
GET /api/v2/access/safe
curl -s -k -X GET \
-H 'Authorization: proxycrypto' \
'https://10.31.117.68/api/v2/access/safe'
Response
{
"result": "success",
"safe_access": [
{
"subject_id": "1",
"subject_name": "system",
"object_id": "2",
"object_name": "portal",
"rights": [
"read",
"modify",
"delete",
"block",
"account-add",
"account-remove",
"group-add",
"group-remove",
"user-add",
"user-remove"
]
},
{
"subject_id": "1",
"subject_name": "system",
"object_id": "8673932882315575297",
"object_name": "main",
"rights": [
"read",
"modify",
"delete",
"block",
"account-add",
"account-remove",
"group-add",
"group-remove",
"user-add",
"user-remove"
]
},
{
"subject_id": "8673932882315575297",
"subject_name": "admin",
"object_id": "2",
"object_name": "portal",
"rights": [
"read",
"modify",
"delete",
"block",
"account-add",
"account-remove",
"group-add",
"group-remove",
"user-add",
"user-remove"
]
},
{
"subject_id": "8673932882315575297",
"subject_name": "admin",
"object_id": "8673932882315575297",
"object_name": "main",
"rights": [
"read",
"modify",
"delete",
"block",
"account-add",
"account-remove",
"group-add",
"group-remove",
"user-add",
"user-remove"
]
}
]
}
Get Access Rights of a Subject to a Specific ObjectΒΆ
Request
Method |
|
Path |
|
Variants |
|
Example: Retrieve Access Rights of User <user_id> to Group <group_id>
GET /api/v2/access/<user_id>/group/<group_id>
Note
<user_id> β Unique identifier (ID) of the user.
<group_id> β Unique identifier (ID) of the group.
Example Request
curl -s -k -X GET \
-H 'Authorization: proxycrypto' \
'https://10.31.117.68/api/v2/access/8673932882315575297/group/8673932882315575297'
Response
{
"result": "success",
"group_access": {
"subject_id": "8673932882315575297",
"subject_name": "admin",
"object_id": "8673932882315575297",
"object_name": "Group_1",
"rights": [
"read",
"modify",
"delete",
"user-add",
"user-remove"
]
}
}
Examples of Filtered Access RequestsΒΆ
Example 1: Retrieve All Accounts Accessible by User <user_id>
Request
Method |
|
Path |
|
Note
<user_id> β Unique identifier (ID) of the user.
GET /api/v2/access/account?filter=subject_id.eq(<user_id>)
Example Request
curl -s -k -X GET \
-H 'Authorization: proxycrypto' \
'https://10.31.117.68/api/v2/access/account?filter=subject_id.eq(8673932882315575297)'
Response
{
"result": "success",
"account_access": [
{
"subject_id": "8673932882315575297",
"subject_name": "admin",
"object_id": "8673932882315575299",
"object_name": "ad-user1-windows",
"rights": [
"read",
"modify",
"delete",
"block"
]
},
{
"subject_id": "8673932882315575297",
"subject_name": "admin",
"object_id": "8673932882315575300",
"object_name": "jools-Linux",
"rights": [
"read",
"modify",
"delete",
"block"
]
},
{
"subject_id": "8673932882315575297",
"subject_name": "admin",
"object_id": "8673932882315575301",
"object_name": "root-fudo",
"rights": [
"read",
"modify",
"delete",
"block"
]
}
]
}
Example 2: Retrieve All Users with Access to Safe <safe_id>
Request
Method |
|
Path |
|
Note
<safe_id> β Unique identifier (ID) of the safe.
GET /api/v2/access/safe?filter=object_id.eq(<safe_id>)
Example Request
curl -s -k -X GET \
-H 'Authorization: proxycrypto' \
'https://10.31.117.68/api/v2/access/safe?filter=object_id.eq(8673932882315575297)'
Response
{
"result": "success",
"safe_access": [
{
"subject_id": "8673932882315575297",
"subject_name": "admin",
"object_id": "2",
"object_name": "portal",
"rights": [
"read",
"modify",
"delete",
"block",
"account-add",
"account-remove",
"group-add",
"group-remove",
"user-add",
"user-remove"
]
},
{
"subject_id": "8673932882315575297",
"subject_name": "admin",
"object_id": "8673932882315575297",
"object_name": "main",
"rights": [
"read",
"modify",
"delete",
"block",
"account-add",
"account-remove",
"group-add",
"group-remove",
"user-add",
"user-remove"
]
}
]
}
Example 3: Retrieve Users Who Can Delete Server <server_id>
Request
Method |
|
Path |
|
Note
<server_id> β Unique identifier (ID) of the server.
GET /api/v2/access/server?filter=object_id.eq(<server_id>),rights .contains(delete)
Example Request
curl -s -k -X GET \
-H 'Authorization: proxycrypto' \
'https://10.31.117.68/api/v2/access/server?filter=object_id.eq(8673932882315575301),rights.contains(delete)'
Response
{
"result": "success",
"server_access": [
{
"subject_id": "1",
"subject_name": "system",
"object_id": "8673932882315575301",
"object_name": "fudo",
"rights": [
"read",
"modify",
"delete",
"block"
]
},
{
"subject_id": "8673932882315575297",
"subject_name": "admin",
"object_id": "8673932882315575301",
"object_name": "fudo",
"rights": [
"read",
"modify",
"delete",
"block"
]
}
]
}