1. Create Permission
This POST method creates a permission.
Note: To execute this API, the user should have permission assigned (through policy) with action as authz.permission.create.
| POST | {{url}}/api/v1/policy-admin/permissions |
curl -X POST '{{url}}/api/v1/policy-admin/permissions'
-H 'Authorization: Bearer <token>' -H 'content-type: application/json'
-d
{
"name": "DocVaultPermission",
"description": "Vault Permission testing",
"consumer": "secretmanager",
"actions": ["sm.passwordpolicy.*"],
"resources": ["*"]
}'Response Example
| Status: 201 Created |
{
"id": "b762825e-c13c-4b32-8780-0a21a6f17025",
"name": "DocVaultPermission",
"description": "Vault Permission testing",
"consumer": "secretmanager",
"actions": [
"sm.passwordpolicy.read",
"sm.passwordpolicy.update",
"sm.passwordpolicy.list",
"sm.passwordpolicy.create",
"sm.passwordpolicy.delete"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": false
}2. Get Permission by Name
This GET method returns details of a permission filtered by permission name.
Note: To execute this API, user should have permission assigned (through policy) with action as authz.permission.list.
| GET | {{url}}/api/v1/policy-admin/permissions?filter=name eq {{permission_name}} |
Request Parameters
The request parameters used in this method are shown in the following table:
| Parameter | Description | Data Type | Required |
filter | The filter that can filter the list of actions based on the name of permissions. The supported operators are 'eq', 'sw' and 'co'. An example format is given here: name eq TestVault | String | Optional |
pageToken | Autogenerated token for next page of records in case the results are more than one page. Append this token in requested API URL to access the next set of pages. | String | Optional |
Request Example
curl -X GET '{{url}}/api/v1/policy-admin/permissions?filter=name%20eq%20DocVault' -H 'Authorization: Bearer <token>'Response Example
| Status: 200 Ok |
{
"result": [
{
"id": "b762825e-c13c-4b32-8780-0a21a6f17025",
"name": "DocVault",
"description": "Vault Permission testing",
"consumer": "secretmanager",
"actions": [
"sm.passwordpolicy.read",
"sm.passwordpolicy.list",
"sm.passwordpolicy.update",
"sm.passwordpolicy.create",
"sm.passwordpolicy.delete"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": false
}
],
"pagination": {
"next": "",
"prev": ""
}
}3. Get Permission by ID
This GET method returns details of a permission specified by <permission_id>.
Note: To execute this API, the user should have permission assigned (through policy) with action as authz.permission.read.
| GET | {{url}}/api/v1/policy-admin/permissions/{{permission_id}} |
Request Example
curl -X GET '{{url}}/api/v1/policy-admin/permissions/<permission_id>' -H 'Authorization: Bearer <token>'Response Example
| Status: 200 Ok |
{
"id": "b762825e-c13c-4b32-8780-0a21a6f17025",
"name": "DocVault",
"description": "Vault Permission testing",
"consumer": "secretmanager",
"actions": [
"sm.passwordpolicy.read",
"sm.passwordpolicy.list",
"sm.passwordpolicy.update",
"sm.passwordpolicy.create",
"sm.passwordpolicy.delete"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": false
}4. Get All Permissions
This GET method returns a list of all permissions.
Note: To execute this API, the user should have permission assigned (through policy) with action as authz.permission.list.
| GET | {{url}}/api/v1/policy-admin/permissions |
Request Parameters
The request parameter used in this method is shown in the following table:
| Parameter | Description | Data Type | Required |
pageToken | Autogenerated token for next page of records in case the results are more than one page. Append this token in requested API URL to access the next set of pages. | String | Optional |
Request Example
curl -X GET '{{url}}/api/v1/policy-admin/permissions' -H 'Authorization: Bearer <token>'Response Example
| Status: 200 Ok |
{
"result": [
{
"id": "0263cd12-a26b-4d21-b98f-631e05ad5d64",
"name": "AuthzAdminPermission",
"description": "View permission for \"Identity Management\" and Security and administrative permission for \"Role and Policy Management\".",
"consumer": "authz",
"actions": [
"authz.action.list",
"authz.policy.create",
"authz.permission.create",
"authz.permission.read",
"authz.role.create",
"authz.role.update",
"authz.action.read",
"authz.consumer.list",
"authz.permission.list",
"authz.policy.update",
"authz.role.list",
"authz.role.delete",
"authz.policy.delete",
"authz.permission.delete",
"authz.policy.list",
"authz.permission.update",
"authz.policy.read",
"authz.role.read"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "111f2f4d-b365-4e1b-ad20-d19729bacac4",
"name": "WorkflowViewPermission",
"description": "View permission for Workflows.",
"consumer": "workflows",
"actions": [
"workflows.notification.list",
"workflows.notification.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "1273b27a-c6a8-498e-897b-ea9a514232ed",
"name": "AuthzAuditorPermission",
"description": "View permission for \"Identity Management\", Security and \"Role and Policy Management\".",
"consumer": "authz",
"actions": [
"authz.action.list",
"authz.permission.list",
"authz.role.list",
"authz.policy.list",
"authz.permission.read",
"authz.policy.read",
"authz.action.read",
"authz.consumer.list",
"authz.role.read"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "586cc11f-b210-4f57-b00b-28c459cb9286",
"name": "NMAdminPermission",
"description": "Administrative permission for \"Notification Service\"",
"consumer": "notificationmanager",
"actions": [
"nm.notification.create",
"nm.notificationmetadata.list",
"nm.channels.list",
"nm.notification.list",
"nm.notification.*",
"nm.notification.update",
"nm.*.*",
"nm.notification.read",
"nm.notification.delete",
"nm.notificationmetadata.read"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "5a937d6f-1f55-4555-b02d-04645a3a0798",
"name": "NMAuditorPermission",
"description": "View permission for \"Notification Service\"",
"consumer": "notificationmanager",
"actions": [
"nm.notificationmetadata.list",
"nm.channels.list",
"nm.notification.list",
"nm.notification.read",
"nm.notificationmetadata.read"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "65c043c4-7ec3-4185-aa08-613087a621ca",
"name": "WorkflowAdminPermission",
"description": "Administrative permission for Workflows.",
"consumer": "workflows",
"actions": [
"workflows.notification.list",
"workflows.notification.manage",
"workflows.notification.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "8d4493e0-81b5-406c-b3ec-852527217f2a",
"name": "AnalyticsViewPermission",
"description": "View permission for \"Advanced Data Analytics\".",
"consumer": "ada",
"actions": [
"ada.queryengine.view",
"ada.riskanalytics.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "916b8bd3-71e0-4780-a788-7b38d1225ee2",
"name": "ReportsViewPermission",
"description": "View permission for \"Application and Access Profile Management\".",
"consumer": "reports",
"actions": [
"reports.report.view",
"reports.report.list"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "93530518-800c-4e4b-9025-04bce8f582e4",
"name": "SecurityAdminPermission",
"description": "Administrative permission for Security.",
"consumer": "securityadmin",
"actions": [
"securityadmin.security.view",
"securityadmin.security.list",
"securityadmin.security.manage"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "9a5dd107-0851-476b-a79c-f72486bd029c",
"name": "12345",
"description": "",
"consumer": "secretmanager",
"actions": [
"authz.policy.create"
],
"resources": [
"/"
],
"isInline": false,
"isReadOnly": false
},
{
"id": "b762825e-c13c-4b32-8780-0a21a6f17025",
"name": "DocVault",
"description": "Vault Permission testing",
"consumer": "secretmanager",
"actions": [
"sm.passwordpolicy.read",
"sm.passwordpolicy.list",
"sm.passwordpolicy.update",
"sm.passwordpolicy.create",
"sm.passwordpolicy.delete"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": false
},
{
"id": "c489343d-33a7-4b8f-afc3-f16e4d7064b9",
"name": "ApplicationAdminPermission",
"description": "Administrative permission for \"Application and Access Profile Management\".",
"consumer": "apps",
"actions": [
"apps.app.view",
"apps.app.manage",
"apps.app.list"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "c492459c-68b9-4530-931e-ee59f03a7d6d",
"name": "SMAdminPermission",
"description": "Administrative permission for \"Secret Manager\"",
"consumer": "secretmanager",
"actions": [
"sm.secret.list",
"sm.node.update",
"sm.node.delete",
"sm.passwordpolicy.delete",
"sm.secret.read",
"sm.secret.create",
"sm.secrettemplate.create",
"sm.passwordpolicy.update",
"sm.node.list",
"sm.vault.create",
"sm.node.create",
"sm.node.read",
"sm.secrettemplate.read",
"authz.policy.create",
"sm.secret.delete",
"sm.secrettemplate.delete",
"sm.secrettemplate.list",
"sm.vault.delete",
"sm.key.rotate",
"sm.secrettemplate.update",
"authz.policy.update",
"sm.vault.update",
"authz.policy.delete",
"sm.passwordpolicy.read",
"authz.policy.list",
"sm.passwordpolicy.list",
"sm.secret.update",
"sm.vault.list",
"authz.policy.read",
"sm.passwordpolicy.create",
"sm.vault.read"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "cb428506-d6c9-4b84-996a-86aed5844a27",
"name": "SecurityViewPermission",
"description": "View permission for Security.",
"consumer": "securityadmin",
"actions": [
"securityadmin.security.view",
"securityadmin.security.list"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "cc1f750c-4cd7-498f-9d99-79364e419242",
"name": "UserAdminPermission",
"description": "Administrative permission for \"Identity Management\".",
"consumer": "identity",
"actions": [
"identity.user.list",
"identity.user.manage",
"identity.user.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "d1b4dc40-f91d-4fe6-adbf-c09ae479974b",
"name": "SMAuditorPermission",
"description": "View permission for \"Secret Manager\"",
"consumer": "secretmanager",
"actions": [
"sm.secrettemplate.read",
"sm.secret.list",
"sm.passwordpolicy.read",
"authz.policy.list",
"sm.passwordpolicy.list",
"sm.vault.list",
"sm.secrettemplate.list",
"sm.node.list",
"authz.policy.read",
"sm.node.read",
"sm.secret.read",
"sm.vault.read"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "d5fa6644-641f-426a-82b2-a3e7aa287cdb",
"name": "UserViewPermission",
"description": "View permission for \"Identity Management\".",
"consumer": "identity",
"actions": [
"identity.user.list",
"identity.user.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "d95b9a36-4113-49ce-a4ac-54b6d6784fa1",
"name": "--lp--Perm--",
"description": "",
"consumer": "authz",
"actions": [
"authz.permission.list",
"authz.permission.create",
"authz.permission.delete",
"authz.permission.update",
"authz.permission.read"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": false
},
{
"id": "edc99d2d-ba7d-49da-aa59-aa89a20179fc",
"name": "Authz_Read",
"description": "",
"consumer": "authz",
"actions": [
"authz.condition.list",
"authz.policy.list",
"authz.consumer.read",
"authz.permission.read",
"authz.action.read",
"authz.role.read"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": false
},
{
"id": "fc73eac4-d9dd-4117-836d-db919db0ce6b",
"name": "AuditLogViewPermission",
"description": "View permission for Diagnostics.",
"consumer": "diagnostics",
"actions": [
"diagnostics.audit.view",
"diagnostics.audit.list"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "ff82a768-a651-4916-80a3-1e86dcd7b6cf",
"name": "ApplicationViewPermission",
"description": "View permission for \"Application and Access Profile Management\".",
"consumer": "apps",
"actions": [
"apps.app.view",
"apps.app.list"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
}
],
"pagination": {
"next": "",
"prev": ""
}
}5. Update Permission
This PATCH method updates permission details for a specified <permission_id>.
Note: To execute this API, the user should have permission assigned (through policy) with action as authz.permission.update.
| PATCH | {{url}}/api/v1/policy-admin/permissions/<permission_id> |
curl -X PATCH '{{url}}/api/v1/policy-admin/permissions/<permission_id>'
-H 'Authorization: Bearer <token>' -H 'content-type: application/json'
-d
'{
"name": "DocVaultPermission",
"description": "Doc Vault Permission testing",
"consumer": "secretmanager",
"actions": ["sm.passwordpolicy.*"],
"resources": ["*"]
}'Response Example
| Status: 204 No Content |
6. Delete Permission
This DELETE method deletes a permission specified by <permission_id>.
Note: To execute this API, the user should have permission assigned (through policy) with action as authz.permission.delete.
| DELETE | {{url}}/api/v1/policy-admin/permissions/<id> |
curl -X DELETE ‘{{url}}/api/v1/policy-admin/permissions/<id>’ -H 'Authorization: Bearer <token>'| Status: 204 No Content |