new PermissionsClient(client,optionsoptional)
The PermissionsClient is intended to make it easy to setup and maintain permission policies in the fabric.
Item Policies:
- An item policy is the full specification of the policy for an object. It consists of a set of available profiles and a list of permissions.
- The item policy must be initialized using
CreateItemPolicybefore the other modification methods in this client can be used. - The item policy can be retrieved using the
ItemPolicymethod to check if the policy for a particular item has been initialized.
Dates:
-
startandendcan be specified in several places in the policy. These can be provided in any format supported by JavaScript'snew Date(date)constructor, such as Unix epoch timestamps or ISO timestamps. -
Permissions, profiles and custom profile permissions may have start and end times. The effective allowed access is the most restrictive combination of applicable start and end times.
Subjects:
-
A subject is a recipient of a permission - namely Fabric and oauth users and groups.
-
When specifying a subject, both the name and ID must be provided. For Fabric users, the ID is either the user or group address, or the igrp/iusr hash format of the address.
Items:
- An 'item' in this API is a content object to which permissions are granted. All profiles and permissions are on a per-item basis.
Profiles:
-
Profiles represent a set of permissions that can be applied to a subject (via a 'permission', see below)
-
A profile may have
startandendtimes -
A profile includes permission specifications for both the assets and the offerings of an item. Both must be specified when creating or modifying a profile.
-
For both assets and offerings, there is a
default_permissionentry, which can be eitherfull-accessorno-access. This represents the access allowed to the assets and offerings when a permission for the profile is granted, excepting any custom permissions that override it. -
For both assets and offerings, a profile may have a
custom_permissionssection, which specifies permissions for specific assets or offerings. These permissions must have apermissionentry which is eitherfull-accessorno-access, and may havestartandendtimes.
Example Profile Specification:
"pre-release": {
"start": "2020-12-10T08:00:00.000Z",
"end": "2020-12-31T08:00:00.000Z",
"assets": {
"custom_permissions": {
"2wLgQXV5VYvRPZlOEPN0.tif": {
"start": "2020-09-10T07:00:00.000Z",
"end": "2020-12-31T08:00:00.000Z",
"permission": "full-access"
},
"781rsItfv8UxrkYgSNhb.tif": {
"start": "2020-09-10T07:00:00.000Z",
"end": "2020-12-31T08:00:00.000Z",
"permission": "full-access"
},
"QCVtsOAcUKbA8svZeFRI.tif": {
"permission": "full-access"
},
"QXWQVA7FfUwLlEPlBI1G.tif": {
"permission": "full-access",
"start": "2020-09-30T07:00:00.000Z"
}
},
"default_permission": "no-access"
},
"offerings": {
"default_permission": "no-access"
}
}
Permissions:
-
A permission represents a grant of an item profile's permissions to a subject.
-
A permission must have a profile that is present in the item's policy
-
A permission may have
startandendtimes. As mentioned above, the effective start and end times of a permission are the most restrictive of all applicable start and end times. -
A permission must have a subject, which can be either a user or group, either from the Fabric or from an OAuth provider, or an NTP instance or an NTP Subject
-
A subject must have an ID and a name. In the case of certain OAuth providers, the name may be used as an ID in most cases, but the immutable ID for that subject must be used as the ID. For example, in Okta, a group may be specified by its name "Content Admins", but have the Okta ID "00g102tklfAorixGi4x7". The former should be used as the subjectName, and the latter as the subjectId
Example Permission:
{
"start": "2021-01-01T08:00:00.000Z",
"end": "2021-03-31T07:00:00.000Z",
"profileName": "servicing",
"subjectSource": "oauth",
"subjectType": "group",
"subjectName": "Partner1",
"subjectId: "00g102uednmwrTihN4x7"
}
Parameters:
| Name | Type | Attributes | Default | Description |
|---|---|---|---|---|
client |
An instance of ElvClient |
|||
options |
object |
<optional> |
{offline: |
false} - Options for the PermissionsClient
|
- Source:
Methods
async CloseOfflineDraft({policyId})
Close an offline draft - copies the metadata stored locally back to the write token's metadata. Does not finalize the write token.
Parameters:
| Name | Type | Description |
|---|---|---|
policyId |
string |
Object ID of the policy |
Example
- Source:
async CreateItemPolicy({policyId,policyWriteToken,itemId,profilesoptional})
Initialize policy for the specified item
Parameters:
| Name | Type | Attributes | Default | Description |
|---|---|---|---|---|
policyId |
string |
Object ID of the policy |
||
policyWriteToken |
string |
Write token for the policy |
||
itemId |
string |
Object ID of the item |
||
profiles |
object |
<optional> |
{} |
Profiles to create |
Examples
async CreateItemPolicy({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"policyWriteToken": "tqw__HSQQdnKZTMbqVWkQLrCyxWkPah6faERJGoaynX7JNbPgijJJXGdPu9Rybs2aus7rq4gWxRY362SKiDm78TT",
"itemId": "iq__2A5mVX6SZRPD5DiumRULLKrDJ3ay",
"profiles": {
"default": {}
}
});
<No Return Value>
async CreateItemPolicy({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"policyWriteToken": "tqw__HSQQdnKZTMbqVWkQLrCyxWkPah6faERJGoaynX7JNbPgijJJXGdPu9Rybs2auzsKhuTPdBVU6Rg4WRiPjtr",
"itemId": "iq__127hgef9FgcHkKxmwe6vTaW99UA",
"profiles": {
"all-access": {
"assets": {
"default_permission": "full-access"
},
"offerings": {
"default_permission": "full-access"
}
},
"special-access": {
"start": "2021-03-09T19:57:42.407Z",
"end": "2022-03-09T19:57:42.407Z",
"assets": {
"default_permission": "no-access",
"custom_permissions": {
"asset-id-1": {
"start": "2021-03-09T19:57:42.407Z",
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access"
},
"asset-id-2": {
"start": "2021-03-09T19:57:42.407Z",
"permission": "full-access"
},
"asset-id-3": {
"permission": "no-access"
}
}
},
"offerings": {
"default_permission": "no-access",
"custom_permissions": {
"offering-id-1": {
"start": "2021-03-09T19:57:42.407Z",
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access"
},
"offering-id-2": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access"
},
"offering-id-3": {
"permission": "no-access"
}
}
}
},
"no-access": {
"start": 1615319862407,
"end": 1646855862407,
"assets": {
"default_permission": "no-access"
},
"offerings": {
"default_permission": "no-access"
}
}
}
});
<No Return Value>
- Source:
async ItemPermissions({policyId,policyWriteTokenoptional,itemId}) → Promise.<Array>
Retrieve the permissions for the specified item policy
Returns: The list of permissions for the specified item
Parameters:
| Name | Type | Attributes | Description |
|---|---|---|---|
policyId |
string |
Object ID of the policy |
|
policyWriteToken |
string |
<optional> |
Write token for the policy object - if specified, info will be retrieved from the write draft instead of the last finalized policy object |
itemId |
string |
Object ID of the item |
Examples
async ItemPermissions({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"itemId": "iq__127hgef9FgcHkKxmwe6vTaW99UA"
});
[]
async ItemPermissions({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"itemId": "iq__127hgef9FgcHkKxmwe6vTaW99UA"
});
[
{
"profileName": "all-access",
"subjectSource": "fabric",
"subjectType": "user",
"subjectId": "0xb9b3a6218fe81a0b9f96a9a3140931c62ce85c82",
"subjectName": "Test Account"
},
{
"profileName": "no-access",
"subjectSource": "fabric",
"subjectType": "group",
"subjectId": "0x52d9657d802b2a7e18852dba579dba5083b13c43",
"subjectName": "Test Group",
"start": "2021-03-09T19:57:42.407Z"
},
{
"profileName": "special-access",
"subjectSource": "oauth",
"subjectType": "group",
"subjectId": "00uyyha6cjm2Q7Zgv4x6",
"subjectName": "OAuth Group",
"start": "2021-03-09T19:57:42.407Z",
"end": "2022-03-09T19:57:42.407Z"
},
{
"profileName": "special-access",
"subjectSource": "oauth",
"subjectType": "user",
"subjectId": "00g102v1ayVs5WQOu4x7",
"subjectName": "OAuth User (oauth@user.com)"
},
{
"profileName": "special-access",
"subjectSource": "fabric",
"subjectType": "ntp",
"subjectId": "QOTPQVagZQv7Mkt",
"subjectName": "Special Event NTP Instance"
},
{
"profileName": "special-access",
"subjectSource": "fabric",
"subjectType": "ntp_subject",
"subjectId": "special.event.subject@ntp.com",
"subjectName": "special.event.subject@ntp.com",
"subjectNTPId": "QOTPQVagZQv7Mkt"
}
]
async ItemPermissions({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"itemId": "iq__127hgef9FgcHkKxmwe6vTaW99UA"
});
[
{
"profileName": "no-access",
"subjectSource": "fabric",
"subjectType": "user",
"subjectId": "0xb9b3a6218fe81a0b9f96a9a3140931c62ce85c82",
"subjectName": "Test Account",
"start": "2021-03-09T19:57:42.407Z",
"end": "2022-03-09T19:57:42.407Z"
},
{
"profileName": "no-access",
"subjectSource": "fabric",
"subjectType": "group",
"subjectId": "0x52d9657d802b2a7e18852dba579dba5083b13c43",
"subjectName": "Test Group",
"start": "2021-03-09T19:57:42.407Z"
},
{
"profileName": "special-access",
"subjectSource": "oauth",
"subjectType": "group",
"subjectId": "00uyyha6cjm2Q7Zgv4x6",
"subjectName": "OAuth Group",
"start": "2022-03-09T19:57:42.407Z"
},
{
"profileName": "special-access",
"subjectSource": "oauth",
"subjectType": "user",
"subjectId": "00g102v1ayVs5WQOu4x7",
"subjectName": "OAuth User (oauth@user.com)"
},
{
"profileName": "special-access",
"subjectSource": "fabric",
"subjectType": "ntp",
"subjectId": "QOTPQVagZQv7Mkt",
"subjectName": "Special Event NTP Instance"
},
{
"profileName": "special-access",
"subjectSource": "fabric",
"subjectType": "ntp_subject",
"subjectId": "special.event.subject@ntp.com",
"subjectName": "special.event.subject@ntp.com",
"subjectNTPId": "QOTPQVagZQv7Mkt"
},
{
"profileName": "special-access",
"subjectSource": "oauth",
"subjectType": "group",
"subjectId": "00uqyha3cjm2Q7Zgv492",
"subjectName": "OAuth Group 2"
}
]
async ItemPermissions({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"itemId": "uninitializedId"
});
[]
async ItemPermissions({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"itemId": "iq__127hgef9FgcHkKxmwe6vTaW99UA"
});
[
{
"profileName": "no-access",
"subjectSource": "fabric",
"subjectType": "group",
"subjectId": "0x52d9657d802b2a7e18852dba579dba5083b13c43",
"subjectName": "Test Group",
"start": "2021-03-09T19:57:42.407Z"
},
{
"profileName": "special-access",
"subjectSource": "oauth",
"subjectType": "user",
"subjectId": "00g102v1ayVs5WQOu4x7",
"subjectName": "OAuth User (oauth@user.com)"
},
{
"profileName": "special-access",
"subjectSource": "fabric",
"subjectType": "ntp",
"subjectId": "QOTPQVagZQv7Mkt",
"subjectName": "Special Event NTP Instance"
},
{
"profileName": "special-access",
"subjectSource": "oauth",
"subjectType": "group",
"subjectId": "00uqyha3cjm2Q7Zgv492",
"subjectName": "OAuth Group 2"
},
{
"profileName": "all-access",
"subjectSource": "oauth",
"subjectType": "group",
"subjectId": "00qqwe3ZXm2Q8Zgq494",
"subjectName": "OAuth Group 3"
}
]
- Source:
async ItemPolicy({policyId,policyWriteTokenoptional,itemId}) → Promise.<(Object|undefined)>
Retrieve the full item policy for the given item.
Returns: The policy for the specified item. If none exists, returns undefined
Parameters:
| Name | Type | Attributes | Description |
|---|---|---|---|
policyId |
string |
Object ID of the policy |
|
policyWriteToken |
string |
<optional> |
Write token for the policy object - if specified, info will be retrieved from the write draft instead of the last finalized policy object |
itemId |
string |
Object ID of the item |
Examples
async ItemPolicy({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"itemId": "iq__127hgef9FgcHkKxmwe6vTaW99UA"
});
{
"profiles": {
"all-access": {
"assets": {
"default_permission": "full-access"
},
"offerings": {
"default_permission": "full-access"
}
},
"no-access": {
"assets": {
"default_permission": "no-access"
},
"end": "2022-03-09T19:57:42.407Z",
"offerings": {
"default_permission": "no-access"
},
"start": "2021-03-09T19:57:42.407Z"
},
"special-access": {
"assets": {
"custom_permissions": {
"asset-id-1": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"asset-id-2": {
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"asset-id-3": {
"permission": "no-access"
}
},
"default_permission": "no-access"
},
"end": "2022-03-09T19:57:42.407Z",
"offerings": {
"custom_permissions": {
"offering-id-1": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"offering-id-2": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access"
},
"offering-id-3": {
"permission": "no-access"
}
},
"default_permission": "no-access"
},
"start": "2021-03-09T19:57:42.407Z"
}
},
"permissions": [
{
"profileName": "no-access",
"subjectSource": "fabric",
"subjectType": "user",
"subjectId": "0xb9b3a6218fe81a0b9f96a9a3140931c62ce85c82",
"subjectName": "Test Account",
"start": "2021-03-09T19:57:42.407Z",
"end": "2022-03-09T19:57:42.407Z"
},
{
"profileName": "no-access",
"subjectSource": "fabric",
"subjectType": "group",
"subjectId": "0x52d9657d802b2a7e18852dba579dba5083b13c43",
"subjectName": "Test Group",
"start": "2021-03-09T19:57:42.407Z"
},
{
"profileName": "special-access",
"subjectSource": "oauth",
"subjectType": "group",
"subjectId": "00uyyha6cjm2Q7Zgv4x6",
"subjectName": "OAuth Group",
"start": "2022-03-09T19:57:42.407Z"
},
{
"profileName": "special-access",
"subjectSource": "oauth",
"subjectType": "user",
"subjectId": "00g102v1ayVs5WQOu4x7",
"subjectName": "OAuth User (oauth@user.com)"
},
{
"profileName": "special-access",
"subjectSource": "fabric",
"subjectType": "ntp",
"subjectId": "QOTPQVagZQv7Mkt",
"subjectName": "Special Event NTP Instance"
},
{
"profileName": "special-access",
"subjectSource": "fabric",
"subjectType": "ntp_subject",
"subjectId": "special.event.subject@ntp.com",
"subjectName": "special.event.subject@ntp.com",
"subjectNTPId": "QOTPQVagZQv7Mkt"
},
{
"profileName": "special-access",
"subjectSource": "oauth",
"subjectType": "group",
"subjectId": "00uqyha3cjm2Q7Zgv492",
"subjectName": "OAuth Group 2"
}
]
}
async ItemPolicy({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"itemId": "uninitializedId"
});
<No Return Value>
- Source:
async ItemProfiles({policyId,policyWriteTokenoptional,itemId,profileNameoptional})
Retrieve profile information on the specified item policy
Parameters:
| Name | Type | Attributes | Description |
|---|---|---|---|
policyId |
string |
Object ID of the policy |
|
policyWriteToken |
string |
<optional> |
Write token for the policy object - if specified, info will be retrieved from the write draft instead of the last finalized policy object |
itemId |
string |
Object ID of the item |
|
profileName |
string |
<optional> |
The name of the profile. If not specified, all profiles will be returned |
Examples
async ItemProfiles({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"itemId": "iq__2A5mVX6SZRPD5DiumRULLKrDJ3ay",
"profileName": "Special Access"
});
{
"assets": {
"default_permission": "no-access"
},
"end": "2022-03-09T19:57:42.407Z",
"offerings": {
"custom_permissions": {
"offering-id-1": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"offering-id-2": {
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"offering-id-3": {
"permission": "no-access"
}
},
"default_permission": "full-access"
},
"start": "2021-03-09T19:57:42.407Z"
}
async ItemProfiles({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"itemId": "iq__2A5mVX6SZRPD5DiumRULLKrDJ3ay",
"profileName": "Special Access"
});
{
"assets": {
"custom_permissions": {
"asset-id-1": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"asset-id-2": {
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"asset-id-3": {
"permission": "no-access"
}
},
"default_permission": "full-access"
},
"offerings": {
"custom_permissions": {},
"default_permission": "full-access"
}
}
async ItemProfiles({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"itemId": "iq__127hgef9FgcHkKxmwe6vTaW99UA"
});
{
"all-access": {
"assets": {
"default_permission": "full-access"
},
"offerings": {
"default_permission": "full-access"
}
},
"no-access": {
"assets": {
"default_permission": "no-access"
},
"end": "2022-03-09T19:57:42.407Z",
"offerings": {
"default_permission": "no-access"
},
"start": "2021-03-09T19:57:42.407Z"
},
"special-access": {
"assets": {
"custom_permissions": {
"asset-id-1": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"asset-id-2": {
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"asset-id-3": {
"permission": "no-access"
}
},
"default_permission": "no-access"
},
"end": "2022-03-09T19:57:42.407Z",
"offerings": {
"custom_permissions": {
"offering-id-1": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"offering-id-2": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access"
},
"offering-id-3": {
"permission": "no-access"
}
},
"default_permission": "no-access"
},
"start": "2021-03-09T19:57:42.407Z"
}
}
async ItemProfiles({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"itemId": "uninitializedId"
});
<No Return Value>
async ItemProfiles({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"itemId": "iq__2A5mVX6SZRPD5DiumRULLKrDJ3ay",
"profileName": "Special Access"
});
<No Return Value>
- Source:
async OpenOfflineDraft({policyId,policyLibraryId,policyWriteTokenoptional})
Open an offline draft - copies object data locally and allows the functions processing this data to operate on the local copy, much faster. Closing the draft will copy the data back to the object's write token.
Parameters:
| Name | Type | Attributes | Description |
|---|---|---|---|
policyId |
string |
Object ID of the policy |
|
policyLibraryId |
string |
Policy object library ID (optional) |
|
policyWriteToken |
string |
<optional> |
Write token for the policy object |
Example
- Source:
async PolicyItems({policyId,policyWriteTokenoptional}) → Promise.<Object>
Retrieve a list of all items in the specified policy
Returns: A mapping of item objectId to the display name of the item
Parameters:
| Name | Type | Attributes | Description |
|---|---|---|---|
policyId |
string |
Object ID of the policy |
|
policyWriteToken |
string |
<optional> |
Write token for the policy object - if specified, info will be retrieved from the write draft instead of the last finalized policy object |
Example
- Source:
async RemoveItemPolicy({policyId,policyWriteToken,itemId})
Remove the specified item policy
Parameters:
| Name | Type | Description |
|---|---|---|
policyId |
string |
Object ID of the policy |
policyWriteToken |
string |
Write token for the policy |
itemId |
string |
Object ID of the item |
Examples
async RemoveItemPolicy({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"policyWriteToken": "tqw__HSQQdnKZTMbqVWkQLrCyxWkPah6faERJGoaynX7JNbPgijJJXGdPu9Rybs2av6PXHvaP1tVDqiZjVZySVm1",
"itemId": "iq__2A5mVX6SZRPD5DiumRULLKrDJ3ay"
});
<No Return Value>
async RemoveItemPolicy({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"policyWriteToken": "tqw__HSQQdnKZTMbqVWkQLrCyxWkPah6faERJGoaynX7JNbPgijJJXGdPu9Rybs2av9BcvrU3NsMGrjFy6X6BkN6",
"itemId": "iq__127hgef9FgcHkKxmwe6vTaW99UA"
});
<No Return Value>
- Source:
async RemovePermission({policyId,policyWriteToken,itemId,subjectId})
Remove permission for the specified subject from the specified item policy
Parameters:
| Name | Type | Description |
|---|---|---|
policyId |
string |
Object ID of the policy |
policyWriteToken |
string |
Write token for the policy |
itemId |
string |
Object ID of the item |
subjectId |
string |
The ID of the subject |
Examples
async RemovePermission({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"policyWriteToken": "tqw__HSQQdnKZTMbqVWkQLrCyxWkPah6faERJGoaynX7JNbPgijJJXGdPu9Rybs2avJipQXSUbooGWukAgAvZePk",
"itemId": "iq__127hgef9FgcHkKxmwe6vTaW99UA",
"subjectId": "0xb9b3a6218fe81a0b9f96a9a3140931c62ce85c82"
});
<No Return Value>
async RemovePermission({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"policyWriteToken": "tqw__HSQQdnKZTMbqVWkQLrCyxWkPah6faERJGoaynX7JNbPgijJJXGdPu9Rybs2avJipQXSUbooGWukAgAvZePk",
"itemId": "iq__127hgef9FgcHkKxmwe6vTaW99UA",
"subjectId": "00uyyha6cjm2Q7Zgv4x6"
});
<No Return Value>
async RemovePermission({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"policyWriteToken": "tqw__HSQQdnKZTMbqVWkQLrCyxWkPah6faERJGoaynX7JNbPgijJJXGdPu9Rybs2avJipQXSUbooGWukAgAvZePk",
"itemId": "iq__127hgef9FgcHkKxmwe6vTaW99UA",
"subjectId": "special.event.subject@ntp.com"
});
<No Return Value>
async RemovePermission({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"policyWriteToken": "tqw__HSQQdnKZTMbqVWkQLrCyxWkPah6faERJGoaynX7JNbPgijJJXGdPu9Rybs2auxfMamN3DKuBg3aX5NUaE9T",
"subjectId": "QOTPQVagZQv7Mkt",
"itemId": "iq__127hgef9FgcHkKxmwe6vTaW99UA"
});
<No Return Value>
- Source:
async RemoveProfile({policyId,policyWriteToken,itemId,profileName,profileSpec})
Remove a profile from the specified item policy
Parameters:
| Name | Type | Description |
|---|---|---|
policyId |
string |
Object ID of the policy |
policyWriteToken |
string |
Write token for the policy |
itemId |
string |
Object ID of the item |
profileName |
string |
The name of the profile |
profileSpec |
object |
Specification for the profile. If not provided, profile will default to no access for both assets and offerings |
Example
- Source:
async RemoveSubjectPermissions({policyId,policyWriteToken,subjectId})
Remove all permissions for the specified subject.
Parameters:
| Name | Type | Description |
|---|---|---|
policyId |
string |
Object ID of the policy |
policyWriteToken |
string |
Write token for the policy |
subjectId |
string |
The ID of the subject |
Example
- Source:
async SetPermission({policyId,policyWriteToken,itemId,subjectSource,subjectType,subjectNameoptional,subjectId,subjectNTPIdoptional,profileName,start,end})
Add or modify permission for the specified subject to the specified item policy
Parameters:
| Name | Type | Attributes | Default | Description |
|---|---|---|---|---|
policyId |
string |
Object ID of the policy |
||
policyWriteToken |
string |
Write token for the policy |
||
itemId |
string |
Object ID of the item |
||
subjectSource |
string | "fabric" |
("fabric" | "oauth") - The source of the subject |
|
subjectType |
string | "group |
("user" | "group" | "ntp" | "ntp_subject") - The type of the subject |
|
subjectName |
string |
<optional> |
The name of the subject |
|
subjectId |
string |
The ID of the subject |
||
subjectNTPId |
string |
<optional> |
(For subjectType "ntp_subject") The NTP ID associated with the subject |
|
profileName |
string |
The profile to apply for the permission |
||
start |
string | number |
The start time for the permission |
||
end |
string | number |
The end time for the permission |
Examples
async SetPermission({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"policyWriteToken": "tqw__HSQQdnKZTMbqVWkQLrCyxWkPah6faERJGoaynX7JNbPgijJJXGdPu9Rybs2avJAMhRoTVZe1yox2J4AudXD",
"itemId": "iq__127hgef9FgcHkKxmwe6vTaW99UA",
"subjectId": "0xb9b3a6218fe81a0b9f96a9a3140931c62ce85c82",
"subjectName": "Test Account",
"subjectType": "user",
"subjectSource": "fabric",
"profileName": "all-access"
});
<No Return Value>
async SetPermission({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"policyWriteToken": "tqw__HSQQdnKZTMbqVWkQLrCyxWkPah6faERJGoaynX7JNbPgijJJXGdPu9Rybs2avJAMhRoTVZe1yox2J4AudXD",
"itemId": "iq__127hgef9FgcHkKxmwe6vTaW99UA",
"subjectId": "0x52d9657d802b2a7e18852dba579dba5083b13c43",
"subjectName": "Test Group",
"subjectType": "group",
"subjectSource": "fabric",
"profileName": "no-access",
"start": 1615319862407
});
<No Return Value>
async SetPermission({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"policyWriteToken": "tqw__HSQQdnKZTMbqVWkQLrCyxWkPah6faERJGoaynX7JNbPgijJJXGdPu9Rybs2avJAMhRoTVZe1yox2J4AudXD",
"itemId": "iq__127hgef9FgcHkKxmwe6vTaW99UA",
"subjectId": "00uyyha6cjm2Q7Zgv4x6",
"subjectName": "OAuth Group",
"subjectType": "group",
"subjectSource": "oauth",
"profileName": "special-access",
"start": "2021-03-09T19:57:42.407Z",
"end": "2022-03-09T19:57:42.407Z"
});
<No Return Value>
async SetPermission({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"policyWriteToken": "tqw__HSQQdnKZTMbqVWkQLrCyxWkPah6faERJGoaynX7JNbPgijJJXGdPu9Rybs2avJAMhRoTVZe1yox2J4AudXD",
"itemId": "iq__127hgef9FgcHkKxmwe6vTaW99UA",
"subjectId": "00g102v1ayVs5WQOu4x7",
"subjectName": "OAuth User (oauth@user.com)",
"subjectType": "user",
"subjectSource": "oauth",
"profileName": "special-access"
});
<No Return Value>
async SetPermission({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"policyWriteToken": "tqw__HSQQdnKZTMbqVWkQLrCyxWkPah6faERJGoaynX7JNbPgijJJXGdPu9Rybs2avJAMhRoTVZe1yox2J4AudXD",
"itemId": "iq__127hgef9FgcHkKxmwe6vTaW99UA",
"subjectId": "QOTPQVagZQv7Mkt",
"subjectName": "Special Event NTP Instance",
"subjectType": "ntp",
"subjectSource": "fabric",
"profileName": "special-access"
});
<No Return Value>
async SetPermission({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"policyWriteToken": "tqw__HSQQdnKZTMbqVWkQLrCyxWkPah6faERJGoaynX7JNbPgijJJXGdPu9Rybs2avJAMhRoTVZe1yox2J4AudXD",
"itemId": "iq__127hgef9FgcHkKxmwe6vTaW99UA",
"subjectId": "special.event.subject@ntp.com",
"subjectNTPId": "QOTPQVagZQv7Mkt",
"subjectType": "ntp_subject",
"subjectSource": "fabric",
"profileName": "special-access"
});
<No Return Value>
async SetPermission({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"policyWriteToken": "tqw__HSQQdnKZTMbqVWkQLrCyxWkPah6faERJGoaynX7JNbPgijJJXGdPu9Rybs2aupuBj9Rk7MEPJxkLRwW4ZKu",
"itemId": "iq__127hgef9FgcHkKxmwe6vTaW99UA",
"subjectId": "0xb9b3a6218fe81a0b9f96a9a3140931c62ce85c82",
"subjectName": "Test Account",
"subjectType": "user",
"subjectSource": "fabric",
"profileName": "no-access",
"start": 1615319862407,
"end": 1646855862407
});
<No Return Value>
async SetPermission({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"policyWriteToken": "tqw__HSQQdnKZTMbqVWkQLrCyxWkPah6faERJGoaynX7JNbPgijJJXGdPu9Rybs2aupuBj9Rk7MEPJxkLRwW4ZKu",
"itemId": "iq__127hgef9FgcHkKxmwe6vTaW99UA",
"subjectId": "00uyyha6cjm2Q7Zgv4x6",
"subjectName": "OAuth Group",
"subjectType": "group",
"subjectSource": "oauth",
"profileName": "special-access",
"start": "2022-03-09T19:57:42.407Z",
"end": null
});
<No Return Value>
async SetPermission({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"policyWriteToken": "tqw__HSQQdnKZTMbqVWkQLrCyxWkPah6faERJGoaynX7JNbPgijJJXGdPu9Rybs2aupuBj9Rk7MEPJxkLRwW4ZKu",
"itemId": "iq__127hgef9FgcHkKxmwe6vTaW99UA",
"subjectId": "00uqyha3cjm2Q7Zgv492",
"subjectName": "OAuth Group 2",
"subjectType": "group",
"subjectSource": "oauth",
"profileName": "special-access"
});
<No Return Value>
async SetPermission({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"policyWriteToken": "tqw__HSQQdnKZTMbqVWkQLrCyxWkPah6faERJGoaynX7JNbPgijJJXGdPu9Rybs2avJipQXSUbooGWukAgAvZePk",
"itemId": "iq__127hgef9FgcHkKxmwe6vTaW99UA",
"subjectId": "00qqwe3ZXm2Q8Zgq494",
"subjectName": "OAuth Group 3",
"subjectType": "group",
"subjectSource": "oauth",
"profileName": "all-access"
});
<No Return Value>
- Source:
async SetProfile({policyId,policyWriteToken,itemId,profileName,profileSpec})
Create or modify a profile for the specified item policy
Parameters:
| Name | Type | Description |
|---|---|---|
policyId |
string |
Object ID of the policy |
policyWriteToken |
string |
Write token for the policy |
itemId |
string |
Object ID of the item |
profileName |
string |
The name of the profile |
profileSpec |
object |
Specification for the profile. If not provided, profile will default to no access for both assets and offerings |
Examples
async SetProfile({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"policyWriteToken": "tqw__HSQQdnKZTMbqVWkQLrCyxWkPah6faERJGoaynX7JNbPgijJJXGdPu9Rybs2av79rX8RiMBHFRfHuysXW2Po",
"itemId": "iq__2A5mVX6SZRPD5DiumRULLKrDJ3ay",
"profileName": "Special Access",
"profileSpec": {
"start": "2021-03-09T19:57:42.407Z",
"end": "2022-03-09T19:57:42.407Z",
"assets": {
"default_permission": "no-access"
},
"offerings": {
"default_permission": "full-access",
"custom_permissions": {
"offering-id-1": {
"start": "2021-03-09T19:57:42.407Z",
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access"
},
"offering-id-2": {
"start": "2021-03-09T19:57:42.407Z",
"permission": "full-access"
},
"offering-id-3": {
"permission": "no-access"
}
}
}
}
});
<No Return Value>
async SetProfile({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"policyWriteToken": "tqw__HSQQdnKZTMbqVWkQLrCyxWkPah6faERJGoaynX7JNbPgijJJXGdPu9Rybs2avBStD9hvUi7YVfgUPMiWzcx",
"itemId": "iq__2A5mVX6SZRPD5DiumRULLKrDJ3ay",
"profileName": "Special Access",
"profileSpec": {
"start": null,
"end": null,
"assets": {
"default_permission": "full-access",
"custom_permissions": {
"asset-id-1": {
"start": "2021-03-09T19:57:42.407Z",
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access"
},
"asset-id-2": {
"start": "2021-03-09T19:57:42.407Z",
"permission": "full-access"
},
"asset-id-3": {
"permission": "no-access"
}
}
},
"offerings": {
"default_permission": "full-access",
"custom_permissions": {}
}
}
});
<No Return Value>
- Source:
async SubjectPermissions({policyId,policyWriteTokenoptional,subjectId}) → Object
Retrieve all permissions for the specified subject.
Returns: All permissions pertaining to the given subject. Format of result for each item is identical to the format of
ItemPolicy
Parameters:
| Name | Type | Attributes | Description |
|---|---|---|---|
policyId |
string |
Object ID of the policy |
|
policyWriteToken |
string |
<optional> |
Write token for the policy object - if specified, info will be retrieved from the write draft instead of the last finalized policy object |
subjectId |
string |
The ID of the subject |
Examples
async SubjectPermissions({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"subjectId": "00uyyha6cjm2Q7Zgv4x6"
});
{
"iq__127hgef9FgcHkKxmwe6vTaW99UA": {
"display_title": "Item 2",
"permissions": [
{
"profileName": "special-access",
"subjectSource": "oauth",
"subjectType": "group",
"subjectId": "00uyyha6cjm2Q7Zgv4x6",
"subjectName": "OAuth Group",
"start": "2022-03-09T19:57:42.407Z"
}
],
"profiles": {
"all-access": {
"assets": {
"default_permission": "full-access"
},
"offerings": {
"default_permission": "full-access"
}
},
"no-access": {
"assets": {
"default_permission": "no-access"
},
"end": "2022-03-09T19:57:42.407Z",
"offerings": {
"default_permission": "no-access"
},
"start": "2021-03-09T19:57:42.407Z"
},
"special-access": {
"assets": {
"custom_permissions": {
"asset-id-1": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"asset-id-2": {
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"asset-id-3": {
"permission": "no-access"
}
},
"default_permission": "no-access"
},
"end": "2022-03-09T19:57:42.407Z",
"offerings": {
"custom_permissions": {
"offering-id-1": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"offering-id-2": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access"
},
"offering-id-3": {
"permission": "no-access"
}
},
"default_permission": "no-access"
},
"start": "2021-03-09T19:57:42.407Z"
}
}
}
}
async SubjectPermissions({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"subjectId": "0xb9b3a6218fe81a0b9f96a9a3140931c62ce85c82"
});
{
"iq__127hgef9FgcHkKxmwe6vTaW99UA": {
"display_title": "Item 2",
"permissions": [
{
"profileName": "no-access",
"subjectSource": "fabric",
"subjectType": "user",
"subjectId": "0xb9b3a6218fe81a0b9f96a9a3140931c62ce85c82",
"subjectName": "Test Account",
"start": "2021-03-09T19:57:42.407Z",
"end": "2022-03-09T19:57:42.407Z"
}
],
"profiles": {
"all-access": {
"assets": {
"default_permission": "full-access"
},
"offerings": {
"default_permission": "full-access"
}
},
"no-access": {
"assets": {
"default_permission": "no-access"
},
"end": "2022-03-09T19:57:42.407Z",
"offerings": {
"default_permission": "no-access"
},
"start": "2021-03-09T19:57:42.407Z"
},
"special-access": {
"assets": {
"custom_permissions": {
"asset-id-1": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"asset-id-2": {
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"asset-id-3": {
"permission": "no-access"
}
},
"default_permission": "no-access"
},
"end": "2022-03-09T19:57:42.407Z",
"offerings": {
"custom_permissions": {
"offering-id-1": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"offering-id-2": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access"
},
"offering-id-3": {
"permission": "no-access"
}
},
"default_permission": "no-access"
},
"start": "2021-03-09T19:57:42.407Z"
}
}
}
}
async SubjectPermissions({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"subjectId": "special.event.subject@ntp.com"
});
{
"iq__127hgef9FgcHkKxmwe6vTaW99UA": {
"display_title": "Item 2",
"permissions": [
{
"profileName": "special-access",
"subjectSource": "fabric",
"subjectType": "ntp_subject",
"subjectId": "special.event.subject@ntp.com",
"subjectName": "special.event.subject@ntp.com",
"subjectNTPId": "QOTPQVagZQv7Mkt"
}
],
"profiles": {
"all-access": {
"assets": {
"default_permission": "full-access"
},
"offerings": {
"default_permission": "full-access"
}
},
"no-access": {
"assets": {
"default_permission": "no-access"
},
"end": "2022-03-09T19:57:42.407Z",
"offerings": {
"default_permission": "no-access"
},
"start": "2021-03-09T19:57:42.407Z"
},
"special-access": {
"assets": {
"custom_permissions": {
"asset-id-1": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"asset-id-2": {
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"asset-id-3": {
"permission": "no-access"
}
},
"default_permission": "no-access"
},
"end": "2022-03-09T19:57:42.407Z",
"offerings": {
"custom_permissions": {
"offering-id-1": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"offering-id-2": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access"
},
"offering-id-3": {
"permission": "no-access"
}
},
"default_permission": "no-access"
},
"start": "2021-03-09T19:57:42.407Z"
}
}
}
}
async SubjectPermissions({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"subjectId": "QOTPQVagZQv7Mkt"
});
{
"iq__127hgef9FgcHkKxmwe6vTaW99UA": {
"display_title": "Item 2",
"permissions": [
{
"profileName": "special-access",
"subjectSource": "fabric",
"subjectType": "ntp",
"subjectId": "QOTPQVagZQv7Mkt",
"subjectName": "Special Event NTP Instance"
}
],
"profiles": {
"all-access": {
"assets": {
"default_permission": "full-access"
},
"offerings": {
"default_permission": "full-access"
}
},
"no-access": {
"assets": {
"default_permission": "no-access"
},
"end": "2022-03-09T19:57:42.407Z",
"offerings": {
"default_permission": "no-access"
},
"start": "2021-03-09T19:57:42.407Z"
},
"special-access": {
"assets": {
"custom_permissions": {
"asset-id-1": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"asset-id-2": {
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"asset-id-3": {
"permission": "no-access"
}
},
"default_permission": "no-access"
},
"end": "2022-03-09T19:57:42.407Z",
"offerings": {
"custom_permissions": {
"offering-id-1": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"offering-id-2": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access"
},
"offering-id-3": {
"permission": "no-access"
}
},
"default_permission": "no-access"
},
"start": "2021-03-09T19:57:42.407Z"
}
}
}
}
async SubjectPermissions({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"policyWriteToken": "tqw__HSQQdnKZTMbqVWkQLrCyxWkPah6faERJGoaynX7JNbPgijJJXGdPu9Rybs2auxfMamN3DKuBg3aX5NUaE9T",
"subjectId": "QOTPQVagZQv7Mkt"
});
{
"iq__127hgef9FgcHkKxmwe6vTaW99UA": {
"display_title": "Item 2",
"permissions": [
{
"profileName": "special-access",
"subjectSource": "fabric",
"subjectType": "ntp",
"subjectId": "QOTPQVagZQv7Mkt",
"subjectName": "Special Event NTP Instance"
}
],
"profiles": {
"all-access": {
"assets": {
"default_permission": "full-access"
},
"offerings": {
"default_permission": "full-access"
}
},
"no-access": {
"assets": {
"default_permission": "no-access"
},
"end": "2022-03-09T19:57:42.407Z",
"offerings": {
"default_permission": "no-access"
},
"start": "2021-03-09T19:57:42.407Z"
},
"special-access": {
"assets": {
"custom_permissions": {
"asset-id-1": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"asset-id-2": {
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"asset-id-3": {
"permission": "no-access"
}
},
"default_permission": "no-access"
},
"end": "2022-03-09T19:57:42.407Z",
"offerings": {
"custom_permissions": {
"offering-id-1": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access",
"start": "2021-03-09T19:57:42.407Z"
},
"offering-id-2": {
"end": "2022-03-09T19:57:42.407Z",
"permission": "full-access"
},
"offering-id-3": {
"permission": "no-access"
}
},
"default_permission": "no-access"
},
"start": "2021-03-09T19:57:42.407Z"
}
}
}
}
async SubjectPermissions({
"policyId": "iq__BKUZ8G6FagVjK74NANSq3rwskEp",
"subjectId": "QOTPQVagZQv7Mkt"
});
{}
- Source: