RPC API documentation v44.1.0

AuthzResolver

getAdminGroups ( String role, int complementaryObjectId, String complementaryObjectName )

Get all groups of managers (authorizedGroups) for complementaryObject and role.

Parameter name	Data type	Description
role	String	Expected Role to filter authorizedGroups by
complementaryObjectId	int	Property `id` of complementaryObject to get groups of managers for
complementaryObjectName	String	Property `beanName` of complementaryObject, meaning object type (supported object types: Group \| RichGroup \| Vo \| Resource \| Facility \| SecurityTeam ).

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
List<Group>	List of authorizedGroups for complementaryObject and role

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getAdminGroups

see URL structure

Example params

{ "role" : "text" , "complementaryObjectId" : 95 , "complementaryObjectName" : "text" }

see Passing params

Example response

[ { "id" : 1061 , "name" : "My group" , "shortName" : "My group" , "description" : "My testing group" , "parentGroupId" : null , "voId" : 201 , "uuid" : "31e1014b-e994-4cb2-b238-e32aeef87670" , "beanName" : "Group" } , {...} , {...} ]

getAdmins ( String role, int complementaryObjectId, String complementaryObjectName, boolean onlyDirectAdmins )

Get all valid user administrators (for group-based rights, status must be VALID for both Vo and group) for complementary object and role.

Parameter name	Data type	Description
role	String	Expected Role to filter managers by
complementaryObjectId	int	Property `id` of complementaryObject to get managers for
complementaryObjectName	String	Property `beanName` of complementaryObject, meaning object type (supported object types: Group \| RichGroup \| Vo \| Resource \| Facility \| SecurityTeam ).
onlyDirectAdmins	boolean	When true, return only direct users of the complementary object for role with specific attributes

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
List<User>	Administrators for complementary object and role

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getAdmins

see URL structure

Example params

{ "role" : "text" , "complementaryObjectId" : 36 , "complementaryObjectName" : "text" , "onlyDirectAdmins" : true }

see Passing params

Example response

[ { "firstName" : "Some" , "lastName" : "Body" , "middleName" : null , "titleBefore" : "Mgr." , "titleAfter" : null , "serviceUser" : false , "sponsoredUser" : false , "specificUser" : false , "majorSpecificType" : "NORMAL" , "id" : 34 , "uuid" : "5e5a02dd-f991-4706-a428-69c3ea6c5ce8" , "beanName" : "User" } , {...} , {...} ]

getAllPolicies ( )

Return all loaded perun policies.

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
List<PerunPolicy>	all loaded policies

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getAllPolicies

see URL structure

Example response

{ ... TODO ... }

getAllRolesManagementRules ( )

Return all loaded roles management rules.

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
List<RoleManagementRules>	all roles management rules

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getAllRolesManagementRules

see URL structure

Example response

{ ... TODO ... }

getFacilitiesWhereUserIsInRoles ( int user, List<String> roles )

Get all Facilities where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Parameter name	Data type	Description
user	int	`id` of object User
roles	List<String>	list of role names for which Facilities are retrieved

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.
s	PrivilegeException when the principal is not authorized.

Return type	Description
List<Facility>	List of Facilities

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getFacilitiesWhereUserIsInRoles

see URL structure

Example params

{ "user" : 63 , "roles" : [ "text" , "text" ] }

see Passing params

Example response

[ { "id" : 24 , "name" : "host.facility.cz" , "description" : "is optional" , "beanName" : "Facility" } , {...} , {...} ]

getFacilitiesWhereUserIsInRoles ( List<String> roles )

Get all Facilities where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.

Parameter name	Data type	Description
roles	List<String>	list of role names for which Facilities are retrieved

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.
s	PrivilegeException when the principal is not authorized.

Return type	Description
List<Facility>	List of Facilities

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getFacilitiesWhereUserIsInRoles

see URL structure

Example params

{ "roles" : [ "text" , "text" ] }

see Passing params

Example response

[ { "id" : 24 , "name" : "host.facility.cz" , "description" : "is optional" , "beanName" : "Facility" } , {...} , {...} ]

getGroupRoleNames ( )

Returns list of group's role names. Perun system uses role names in the upper case format. However, for now, they are converted to the lower case format because of the compatibility with external systems.

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
List<String>	List of roles

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getGroupRoleNames

see URL structure

Example response

[ "groupadmin" , "self" , "voadmin" ]

getGroupRoles ( int groupId )

Returns all roles as an AuthzRoles object for a given group.

Parameter name	Data type	Description
groupId	int	Id of a group

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
AuthzRoles	Object which contains all roles with perunbeans

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getGroupRoles

see URL structure

Example params

{ "groupId" : 28 }

see Passing params

Example response

{"FACILITYADMIN":{"Facility":[3682,3826]},"GROUPADMIN":{"Group":[9082,12093],"Vo":[3794,201]}, "VOADMIN":{"Vo":[2561,1541,2061,1041,3601]}}

getGroupsWhereUserIsInRoles ( int user, List<String> roles )

Get all Groups where the given user has set one of the given roles or the given user is a member of an authorized group with such roles. Method does not return subgroups of the fetched groups.

Parameter name	Data type	Description
user	int	`id` of object User
roles	List<String>	list of role names for which Groups are retrieved

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.
s	PrivilegeException when the principal is not authorized.

Return type	Description
List<Group>	List of Groups

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getGroupsWhereUserIsInRoles

see URL structure

Example params

{ "user" : 36 , "roles" : [ "text" , "text" ] }

see Passing params

Example response

[ { "id" : 1061 , "name" : "My group" , "shortName" : "My group" , "description" : "My testing group" , "parentGroupId" : null , "voId" : 201 , "uuid" : "31e1014b-e994-4cb2-b238-e32aeef87670" , "beanName" : "Group" } , {...} , {...} ]

getGroupsWhereUserIsInRoles ( List<String> roles )

Get all Groups where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles. Method does not return subgroups of the fetched groups.

Parameter name	Data type	Description
roles	List<String>	list of role names for which Groups are retrieved

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.
s	PrivilegeException when the principal is not authorized.

Return type	Description
List<Group>	List of Groups

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getGroupsWhereUserIsInRoles

see URL structure

Example params

{ "roles" : [ "text" , "text" ] }

see Passing params

Example response

[ { "id" : 1061 , "name" : "My group" , "shortName" : "My group" , "description" : "My testing group" , "parentGroupId" : null , "voId" : 201 , "uuid" : "31e1014b-e994-4cb2-b238-e32aeef87670" , "beanName" : "Group" } , {...} , {...} ]

getLoggedUser ( )

Returns User which is associated with credentials used to log-in to Perun.

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
User	Currently logged user

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getLoggedUser

see URL structure

Example response

{ "firstName" : "Some" , "lastName" : "Body" , "middleName" : null , "titleBefore" : "Mgr." , "titleAfter" : null , "serviceUser" : false , "sponsoredUser" : false , "specificUser" : false , "majorSpecificType" : "NORMAL" , "id" : 34 , "uuid" : "5e5a02dd-f991-4706-a428-69c3ea6c5ce8" , "beanName" : "User" }

getMembersWhereUserIsInRoles ( int user, List<String> roles )

Get all Members where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Parameter name	Data type	Description
user	int	`id` of object User
roles	List<String>	list of role names for which Members are retrieved

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.
s	PrivilegeException when the principal is not authorized.

Return type	Description
List<Member>	List of Members

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getMembersWhereUserIsInRoles

see URL structure

Example params

{ "user" : 59 , "roles" : [ "text" , "text" ] }

see Passing params

Example response

[ { "id" : 12 , "userId" : 34 , "voId" : 42 , "sourceGroupId" : null , "membershipType" : "DIRECT" , "status" : "VALID" , "sponsored" : false , "beanName" : "Member" } , {...} , {...} ]

getMembersWhereUserIsInRoles ( List<String> roles )

Get all Members where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.

Parameter name	Data type	Description
roles	List<String>	list of role names for which Members are retrieved

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.
s	PrivilegeException when the principal is not authorized.

Return type	Description
List<Member>	List of Members

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getMembersWhereUserIsInRoles

see URL structure

Example params

{ "roles" : [ "text" , "text" ] }

see Passing params

Example response

[ { "id" : 12 , "userId" : 34 , "voId" : 42 , "sourceGroupId" : null , "membershipType" : "DIRECT" , "status" : "VALID" , "sponsored" : false , "beanName" : "Member" } , {...} , {...} ]

getPerunPrincipal ( )

Returns PerunPrincipal object associated with current session. It contains necessary information, including user identification, authorization and metadata. Each call of this method refresh the session including authorization data.

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
PerunPrincipal	PerunPrincipal object

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getPerunPrincipal

see URL structure

Example response

{ ... TODO ... }

getPrincipalRoleNames ( )

Returns list of caller's role names. Perun system uses role names in the upper case format. However, for now, they are converted to the lower case format because of the compatibility with external systems.

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
List<String>	List of roles

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getPrincipalRoleNames

see URL structure

Example response

[ "groupadmin" , "self" , "voadmin" ]

getResourcesWhereUserIsInRoles ( int user, List<String> roles )

Get all Resources where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Parameter name	Data type	Description
user	int	`id` of object User
roles	List<String>	list of role names for which Resources are retrieved

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.
s	PrivilegeException when the principal is not authorized.

Return type	Description
List<Resource>	List of Resources

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getResourcesWhereUserIsInRoles

see URL structure

Example params

{ "user" : 55 , "roles" : [ "text" , "text" ] }

see Passing params

Example response

[ { "id" : 493 , "name" : "host1.host.cz" , "description" : "ROOT access to host1.host.cz" , "facilityId" : 24 , "voId" : 21 , "uuid" : "542d676f-99b2-4d1c-bc80-a46fd7f34e62" , "beanName" : "Resource" } , {...} , {...} ]

getResourcesWhereUserIsInRoles ( List<String> roles )

Get all Resources where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.

Parameter name	Data type	Description
roles	List<String>	list of role names for which Resources are retrieved

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.
s	PrivilegeException when the principal is not authorized.

Return type	Description
List<Resource>	List of Resources

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getResourcesWhereUserIsInRoles

see URL structure

Example params

{ "roles" : [ "text" , "text" ] }

see Passing params

Example response

[ { "id" : 493 , "name" : "host1.host.cz" , "description" : "ROOT access to host1.host.cz" , "facilityId" : 24 , "voId" : 21 , "uuid" : "542d676f-99b2-4d1c-bc80-a46fd7f34e62" , "beanName" : "Resource" } , {...} , {...} ]

getRichAdmins ( String role, int complementaryObjectId, String complementaryObjectName, List<String> specificAttributes, boolean onlyDirectAdmins, boolean allUserAttributes )

Get all valid richUser administrators (for group-based rights, status must be VALID for both Vo and group) for complementary object and role with specified attributes.

Parameter name	Data type	Description
role	String	Expected Role to filter managers by
complementaryObjectId	int	Property `id` of complementaryObject to get managers for
complementaryObjectName	String	Property `beanName` of complementaryObject, meaning object type (supported object types: Group \| RichGroup \| Vo \| Resource \| Facility \| SecurityTeam ).
specificAttributes	List<String>	list of specified attributes which are needed in object richUser
onlyDirectAdmins	boolean	When true, return only direct users of the complementary object for role with specific attributes
allUserAttributes	boolean	When true, do not specify attributes through list and return them all in objects richUser. Ignoring list of specific attributes

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
List<RichUser>	Administrators for complementary object and role with specify attributes

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getRichAdmins

see URL structure

Example params

{ "role" : "text" , "complementaryObjectId" : 30 , "complementaryObjectName" : "text" , "specificAttributes" : [ "text" , "text" ] , "onlyDirectAdmins" : true , "allUserAttributes" : true }

see Passing params

Example response

[ { "firstName" : "Some" , "lastName" : "Body" , "middleName" : null , "titleBefore" : "Mgr." , "titleAfter" : null , "serviceUser" : false , "sponsoredUser" : false , "specificUser" : false , "majorSpecificType" : "NORMAL" , "id" : 34 , "uuid" : "5e5a02dd-f991-4706-a428-69c3ea6c5ce8" , "beanName" : "RichUser" , "userExtSources" : [ { "userId": 34 , "loa" : 0 , "extSource" : { "name" : "PERUNPEOPLE" , "type" : "cz.metacentrum.perun.core.impl.ExtSourceSql" , "attributes" : {} , "id" : 2 , "beanName" : "ExtSource" } , "login" : "my_login" , "persistent" : true , "id" : 312 , "lastAccess" : "2019-06-10 14:07:42.2767" , "beanName" : "UserExtSource" } , {...} , {...} ], "userAttributes" : [ { "value" : "my_login" , "type" : "java.lang.String" , "entity" : "user" , "namespace" : "urn:perun:user:attribute-def:def" , "friendlyName" : "login-namespace:perun" , "writable" : true , "baseFriendlyName" : "login-namespace" , "friendlyNameParameter" : "perun" , "unique" : false , "displayName" : "Login in namespace: perun" , "description" : "Logname in namespace 'perun'." , "id" : 1905 , "beanName" : "Attribute" } ] } , {...} , {...} ]

getRoleComplementaryObjectsWithAuthorizedGroups ( int userId )

Returns map of role name and map of corresponding role complementary objects (perun beans) distinguished by type. together with list of authorized groups where user is member: Map< RoleName, Map< BeanName, Map< BeanID, List >>>

Parameter name	Data type	Description
userId	int	Id of a user

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
Map<String,	Map>>> roles with map of complementary objects with associated authorized groups

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getRoleComplementaryObjectsWithAuthorizedGroups

see URL structure

Example params

{ "userId" : 37 }

see Passing params

Example response

{ ... TODO ... }

getSecurityTeamsWhereUserIsInRoles ( int user, List<String> roles )

Get all SecurityTeams where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Parameter name	Data type	Description
user	int	`id` of object User
roles	List<String>	list of role names for which SecurityTeams are retrieved

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.
s	PrivilegeException when the principal is not authorized.

Return type	Description
List<SecurityTeam>	List of SecurityTeams

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getSecurityTeamsWhereUserIsInRoles

see URL structure

Example params

{ "user" : 28 , "roles" : [ "text" , "text" ] }

see Passing params

Example response

[ { "id" : 924 , "name" : "CSIRT" , "description" : "My CSIRT" } , {...} , {...} ]

getSecurityTeamsWhereUserIsInRoles ( List<String> roles )

Get all SecurityTeams where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.

Parameter name	Data type	Description
roles	List<String>	list of role names for which SecurityTeams are retrieved

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.
s	PrivilegeException when the principal is not authorized.

Return type	Description
List<SecurityTeam>	List of SecurityTeams

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getSecurityTeamsWhereUserIsInRoles

see URL structure

Example params

{ "roles" : [ "text" , "text" ] }

see Passing params

Example response

[ { "id" : 924 , "name" : "CSIRT" , "description" : "My CSIRT" } , {...} , {...} ]

getUserDirectRoles ( int userId )

Returns all roles assigned to user except for those obtained from membership in authorized groups as an AuthzRoles object. Returns also sponsorship and membership roles. Behaves differently for PERUNADMIN and other principals. For PERUNADMIN, PERUNOBSERVER and SELF on the user returns all roles of the given user. For other principals the roles are filtered only to those that the caller can read.

Parameter name	Data type	Description
userId	int	Id of a user

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
AuthzRoles	Object which contains all roles with perunbeans

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getUserDirectRoles

see URL structure

Example params

{ "userId" : 76 }

see Passing params

Example response

{"FACILITYADMIN":{"Facility":[32]},"SELF":{"Member":[4353,12324],"User":[2552,2252]}, "SPONSOR":{"SponsoredUser":[54750]},"VOADMIN":{"Vo":[356]},"PERUNADMIN":{}}

getUserRoleNames ( )

Returns list of user's role names. Perun system uses role names in the upper case format. Does not include membership and sponsorship role. However, for now, they are converted to the lower case format because of the compatibility with external systems.

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
List<String>	List of roles

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getUserRoleNames

see URL structure

Example response

[ "groupadmin" , "self" , "voadmin" ]

getUserRoles ( int userId )

Returns all roles as an AuthzRoles object for a given user. Returns also sponsorship and membership roles. Behaves differently for PERUNADMIN and other principals. For PERUNADMIN, PERUNOBSERVER and SELF on the user returns all roles of the given user. For other principals the roles are filtered only to those that the caller can read.

Parameter name	Data type	Description
userId	int	Id of a user

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
AuthzRoles	Object which contains all roles with perunbeans

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getUserRoles

see URL structure

Example params

{ "userId" : 62 }

see Passing params

Example response

{"FACILITYADMIN":{"Facility":[32]},"SELF":{"Member":[4353,12324],"User":[2552,2252]}, "SPONSOR":{"SponsoredUser":[54750]},"VOADMIN":{"Vo":[356]},"PERUNADMIN":{}}

getUserRolesObtainedFromAuthorizedGroupMemberships ( int userId )

Returns roles resulting from membership in authorized groups as an AuthzRoles object for a given user.

Parameter name	Data type	Description
userId	int	Id of a user

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
AuthzRoles	Object which contains roles with perunbeans

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getUserRolesObtainedFromAuthorizedGroupMemberships

see URL structure

Example params

{ "userId" : 65 }

see Passing params

Example response

{"FACILITYADMIN":{"Facility":[32]},"SELF":{"Member":[4353,12324],"User":[2552,2252]}, "SPONSOR":{"SponsoredUser":[54750]},"VOADMIN":{"Vo":[356]},"PERUNADMIN":{}}

getVosWhereUserIsInRoles ( int user, List<String> roles )

Get all Vos where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Parameter name	Data type	Description
user	int	`id` of object User
roles	List<String>	list of role names for which Vos are retrieved

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.
s	PrivilegeException when the principal is not authorized.

Return type	Description
List<Vo>	List of Vos

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getVosWhereUserIsInRoles

see URL structure

Example params

{ "user" : 41 , "roles" : [ "text" , "text" ] }

see Passing params

Example response

[ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ]

getVosWhereUserIsInRoles ( List<String> roles )

Get all Vos where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.

Parameter name	Data type	Description
roles	List<String>	list of role names for which Vos are retrieved

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.
s	PrivilegeException when the principal is not authorized.

Return type	Description
List<Vo>	List of Vos

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getVosWhereUserIsInRoles

see URL structure

Example params

{ "roles" : [ "text" , "text" ] }

see Passing params

Example response

[ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ]

isFacilityAdmin ( int facility )

Returns 1 if User has Facility manager role (FACILITYADMIN) for specific Facility defined by ID.

Parameter name	Data type	Description
facility	int	`id` of object Facility

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
int	1 == `true`, 0 == `false`

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isFacilityAdmin

see URL structure

Example params

{ "facility" : 65 }

see Passing params

Example response

isFacilityAdmin ( )

Returns 1 if User has Facility manager role (FACILITYADMIN).

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
int	1 == `true`, 0 == `false`

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isFacilityAdmin

see URL structure

Example response

isGroupAdmin ( int group )

Returns 1 if User has Group manager role (GROUPADMIN) for specific Group defined by ID.

Parameter name	Data type	Description
group	int	`id` of object Group

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
int	1 == `true`, 0 == `false`

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isGroupAdmin

see URL structure

Example params

{ "group" : 86 }

see Passing params

Example response

isGroupAdmin ( )

Returns 1 if User has Group manager role (GROUPADMIN).

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
int	1 == `true`, 0 == `false`

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isGroupAdmin

see URL structure

Example response

isGroupLastAdminInFacilities ( int group, int[] facilities )

Checks the facilities and returns those in which group is the last admin

Parameter name	Data type	Description
group	int	`id` of group
facilities	int[]	ids of facilities to check

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
List<Facility>	facilities that the group is last admin in

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isGroupLastAdminInFacilities

see URL structure

Example params

{ "group" : 43 , "facilities" : [ 32 , 75 ] }

see Passing params

Example response

[ { "id" : 24 , "name" : "host.facility.cz" , "description" : "is optional" , "beanName" : "Facility" } , {...} , {...} ]

isGroupLastAdminInVos ( int group, int[] vos )

Checks the vos and returns those in which group is the last admin

Parameter name	Data type	Description
group	int	`id` of group
vos	int[]	ids of vos to check

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
List<Vo>	vos that the group is last admin in

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isGroupLastAdminInVos

see URL structure

Example params

{ "group" : 69 , "vos" : [ 8 , 92 ] }

see Passing params

Example response

[ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ]

isPerunAdmin ( )

Returns 1 if User has Perun admin role (perunadmin).

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
int	1 == `true`, 0 == `false`

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isPerunAdmin

see URL structure

Example response

isUserLastAdminInFacilities ( int user, int[] facilities )

Checks the facilities and returns those in which user is the last admin

Parameter name	Data type	Description
user	int	`id` of user
facilities	int[]	ids of facilities to check

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
List<Facility>	facilities that the user is last admin in

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isUserLastAdminInFacilities

see URL structure

Example params

{ "user" : 22 , "facilities" : [ 2 , 48 ] }

see Passing params

Example response

[ { "id" : 24 , "name" : "host.facility.cz" , "description" : "is optional" , "beanName" : "Facility" } , {...} , {...} ]

isUserLastAdminInVos ( int user, int[] vos )

Checks the vos and returns those in which user is the last admin

Parameter name	Data type	Description
user	int	`id` of user
vos	int[]	ids of vos to check

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
List<Vo>	vos that the user is last admin in

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isUserLastAdminInVos

see URL structure

Example params

{ "user" : 55 , "vos" : [ 46 , 93 ] }

see Passing params

Example response

[ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ]

isVoAdmin ( int vo )

Returns 1 if User has VO manager role (VOADMIN) for specific VO defined by ID.

Parameter name	Data type	Description
vo	int	`id` of object VO

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
int	1 == `true`, 0 == `false`

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isVoAdmin

see URL structure

Example params

{ "vo" : 48 }

see Passing params

Example response

isVoAdmin ( )

Returns 1 if User has VO manager role (VOADMIN).

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
int	1 == `true`, 0 == `false`

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isVoAdmin

see URL structure

Example response

keepAlive ( )

Returns "OK" string. Helper method for GUI check if connection is alive.

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
String	"OK"

Example URL

https://[hostname]/krb/rpc/json/authzResolver/keepAlive

see URL structure

Example response

"OK"

loadAuthorizationComponents ( )

Load perun roles and policies from the configuration file perun-roles.yml. Roles are loaded to the database and policies are loaded to the PerunPoliciesContainer.

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/loadAuthorizationComponents

see URL structure

Example response

null

setRole ( String role, int user, Object complementaryObject )

Set role for user and complementaryObject. If some complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObject param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter name	Data type	Description
role	String	Role which will be set for given users ( FACILITYADMIN \| GROUPADMIN \| PERUNADMIN \| RESOURCEADMIN \| RESOURCESELFSERVICE \| SPONSOR \| TOPGROUPCREATOR \| VOADMIN \| VOOBSERVER \| PERUNOBSERVER \| SECURITYADMIN \| CABINETADMIN \| AUDITCONSUMERADMIN )
user	int	`id` of User to set role for
complementaryObject	Object	Object to associate role and user with (supported objects: Group \| RichGroup \| Vo \| Resource \| Facility \| SecurityTeam ).

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

see URL structure

Example params

{ "role" : "VOADMIN" , "user" : 97 , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

see Passing params

Example response

null

setRole ( String role, int user, List<Object> complementaryObjects )

Set role for user and complementaryObjects. If some complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObjects param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter name	Data type	Description
role	String	Role which will be set for given users ( FACILITYADMIN \| GROUPADMIN \| PERUNADMIN \| RESOURCEADMIN \| RESOURCESELFSERVICE \| SPONSOR \| TOPGROUPCREATOR \| VOADMIN \| VOOBSERVER \| PERUNOBSERVER \| SECURITYADMIN \| CABINETADMIN \| AUDITCONSUMERADMIN )
user	int	`id` of User to set role for
complementaryObjects	List<Object>	Objects to associate role and user with (supported objects: Group \| RichGroup \| Vo \| Resource \| Facility \| SecurityTeam ).

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

see URL structure

Example params

{ "role" : "VOADMIN" , "user" : 26 , "complementaryObjects" : [ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ] }

see Passing params

Example response

null

setRole ( String role, int user )

Set role for user. IMPORTANT: Refresh authz only if user in session is affected.

Parameter name	Data type	Description
role	String	Role which will be set for given users ( FACILITYADMIN \| GROUPADMIN \| PERUNADMIN \| RESOURCEADMIN \| RESOURCESELFSERVICE \| SPONSOR \| TOPGROUPCREATOR \| VOADMIN \| VOOBSERVER \| PERUNOBSERVER \| SECURITYADMIN \| CABINETADMIN \| AUDITCONSUMERADMIN )
user	int	`id` of user to set role for

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

see URL structure

Example params

{ "role" : "VOADMIN" , "user" : 2 }

see Passing params

Example response

null

setRole ( String role, int authorizedGroup, Object complementaryObject )

Set role for authorizedGroup and complementaryObject. If some complementaryObject is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObject param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter name	Data type	Description
role	String	Role which will be set for given users ( FACILITYADMIN \| GROUPADMIN \| PERUNADMIN \| RESOURCEADMIN \| RESOURCESELFSERVICE \| SPONSOR \| TOPGROUPCREATOR \| VOADMIN \| VOOBSERVER \| PERUNOBSERVER \| SECURITYADMIN \| CABINETADMIN \| AUDITCONSUMERADMIN )
authorizedGroup	int	`id` of Group to set role for
complementaryObject	Object	Object to associate role and authorizedGroup with (supported objects: Group \| RichGroup \| Vo \| Resource \| Facility \| SecurityTeam ).

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

see URL structure

Example params

{ "role" : "VOADMIN" , "authorizedGroup" : 76 , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

see Passing params

Example response

null

setRole ( String role, int authorizedGroup, List<Object> complementaryObjects )

Set role for authorizedGroup and complementaryObjects. If some complementaryObject is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObjects param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter name	Data type	Description
role	String	Role which will be set for given users ( FACILITYADMIN \| GROUPADMIN \| PERUNADMIN \| RESOURCEADMIN \| RESOURCESELFSERVICE \| SPONSOR \| TOPGROUPCREATOR \| VOADMIN \| VOOBSERVER \| PERUNOBSERVER \| SECURITYADMIN \| CABINETADMIN \| AUDITCONSUMERADMIN )
authorizedGroup	int	`id` of Group to set role for
complementaryObjects	List<Object>	Objects to associate role and authorizedGroup with (supported objects: Group \| RichGroup \| Vo \| Resource \| Facility \| SecurityTeam ).

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

see URL structure

Example params

{ "role" : "VOADMIN" , "authorizedGroup" : 91 , "complementaryObjects" : [ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ] }

see Passing params

Example response

null

setRole ( String role, int authorizedGroup )

Set role for authorizedGroup. IMPORTANT: Refresh authz only if user in session is affected.

Parameter name	Data type	Description
role	String	Role which will be set for given users ( FACILITYADMIN \| GROUPADMIN \| PERUNADMIN \| RESOURCEADMIN \| RESOURCESELFSERVICE \| SPONSOR \| TOPGROUPCREATOR \| VOADMIN \| VOOBSERVER \| PERUNOBSERVER \| SECURITYADMIN \| CABINETADMIN \| AUDITCONSUMERADMIN )
authorizedGroup	int	`id` of Group to set role for

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

see URL structure

Example params

{ "role" : "VOADMIN" , "authorizedGroup" : 59 }

see Passing params

Example response

null

setRole ( String role, int[] users, Object complementaryObject )

Set role for users and complementaryObject. If complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementary object. IMPORTANT: Refresh authz only if user in session is affected.

Parameter name	Data type	Description
role	String	Role which will be set for given users ( FACILITYADMIN \| GROUPADMIN \| PERUNADMIN \| RESOURCEADMIN \| RESOURCESELFSERVICE \| SPONSOR \| TOPGROUPCREATOR \| VOADMIN \| VOOBSERVER \| PERUNOBSERVER \| SECURITYADMIN \| CABINETADMIN \| AUDITCONSUMERADMIN )
users	int[]	`ids` of users for which is the role set
complementaryObject	Object	Object to associate role and users with (supported objects: Group \| RichGroup \| Vo \| Resource \| Facility \| SecurityTeam ).

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

see URL structure

Example params

{ "role" : "VOADMIN" , "users" : [ 62 , 72 ] , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

see Passing params

Example response

null

setRole ( String role, int[] users )

Set role for users. IMPORTANT: Refresh authz only if user in session is affected.

Parameter name	Data type	Description
role	String	Role which will be set for given users ( FACILITYADMIN \| GROUPADMIN \| PERUNADMIN \| RESOURCEADMIN \| RESOURCESELFSERVICE \| SPONSOR \| TOPGROUPCREATOR \| VOADMIN \| VOOBSERVER \| PERUNOBSERVER \| SECURITYADMIN \| CABINETADMIN \| AUDITCONSUMERADMIN )
users	int[]	`ids` of users for which is the role set

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

see URL structure

Example params

{ "role" : "VOADMIN" , "users" : [ 28 , 40 ] }

see Passing params

Example response

null

setRole ( String role, int[] authorizedGroups, Object complementaryObject )

Set role for authorizedGroups and complementaryObject. If complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementary object. IMPORTANT: Refresh authz only if user in session is affected.

Parameter name	Data type	Description
role	String	Role which will be set for given groups ( FACILITYADMIN \| GROUPADMIN \| PERUNADMIN \| RESOURCEADMIN \| RESOURCESELFSERVICE \| SPONSOR \| TOPGROUPCREATOR \| VOADMIN \| VOOBSERVER \| PERUNOBSERVER \| SECURITYADMIN \| CABINETADMIN \| AUDITCONSUMERADMIN )
authorizedGroups	int[]	`ids` of groups for which is the role set
complementaryObject	Object	Object to associate role and authorizedGroups with (supported objects: Group \| RichGroup \| Vo \| Resource \| Facility \| SecurityTeam ).

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

see URL structure

Example params

{ "role" : "VOADMIN" , "authorizedGroups" : [ 80 , 16 ] , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

see Passing params

Example response

null

setRole ( String role, int[] authorizedGroups )

Set role for authorizedGroups. IMPORTANT: Refresh authz only if user in session is affected.

Parameter name	Data type	Description
role	String	Role which will be set for given users ( FACILITYADMIN \| GROUPADMIN \| PERUNADMIN \| RESOURCEADMIN \| RESOURCESELFSERVICE \| SPONSOR \| TOPGROUPCREATOR \| VOADMIN \| VOOBSERVER \| PERUNOBSERVER \| SECURITYADMIN \| CABINETADMIN \| AUDITCONSUMERADMIN )
authorizedGroups	int[]	`ids` of groups for which is the role set

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

see URL structure

Example params

{ "role" : "VOADMIN" , "authorizedGroups" : [ 54 , 32 ] }

see Passing params

Example response

null

someAdminExists ( String role, int complementaryObjectId, String complementaryObjectName, boolean onlyDirectAdmins )

Check if some valid user with specific role exists for given complementary object (for group-based rights, status must be VALID for both Vo and group).

Parameter name	Data type	Description
role	String	Expected Role to filter managers by
complementaryObjectId	int	Property `id` of complementaryObject to search managers for
complementaryObjectName	String	Property `beanName` of complementaryObject, meaning object type (supported object types: Group \| RichGroup \| Vo \| Resource \| Facility \| SecurityTeam ).
onlyDirectAdmins	boolean	When true, search only direct users of the complementary object for role

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
true,	if some user with required role exists, false otherwise

Example URL

https://[hostname]/krb/rpc/json/authzResolver/someAdminExists

see URL structure

Example params

{ "role" : "text" , "complementaryObjectId" : 6 , "complementaryObjectName" : "text" , "onlyDirectAdmins" : true }

see Passing params

Example response

{ ... TODO ... }

unsetRole ( String role, int user, Object complementaryObject )

Unset role for user and complementaryObject. If some complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObject param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter name	Data type	Description
role	String	Role which will be set for given users ( FACILITYADMIN \| GROUPADMIN \| PERUNADMIN \| RESOURCEADMIN \| RESOURCESELFSERVICE \| SPONSOR \| TOPGROUPCREATOR \| VOADMIN \| VOOBSERVER \| PERUNOBSERVER \| SECURITYADMIN \| CABINETADMIN \| AUDITCONSUMERADMIN )
user	int	`id` of User to unset role for
complementaryObject	Object	Object to remove role for a user (supported objects: Group \| RichGroup \| Vo \| Resource \| Facility \| SecurityTeam ).

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

see URL structure

Example params

{ "role" : "voadmin" , "user" : 6 , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

see Passing params

Example response

null

unsetRole ( String role, int user, List<Object> complementaryObjects )

Unset role for user and complementaryObjects. If some complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObjects param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter name	Data type	Description
role	String	Role which will be set for given users ( FACILITYADMIN \| GROUPADMIN \| PERUNADMIN \| RESOURCEADMIN \| RESOURCESELFSERVICE \| SPONSOR \| TOPGROUPCREATOR \| VOADMIN \| VOOBSERVER \| PERUNOBSERVER \| SECURITYADMIN \| CABINETADMIN \| AUDITCONSUMERADMIN )
user	int	`id` of User to unset role for
complementaryObjects	List<Object>	Objects to remove role for a user (supported objects: Group \| RichGroup \| Vo \| Resource \| Facility \| SecurityTeam ).

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

see URL structure

Example params

{ "role" : "voadmin" , "user" : 56 , "complementaryObjects" : [ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ] }

see Passing params

Example response

null

unsetRole ( String role, int user )

Unset role for user. IMPORTANT: Refresh authz only if user in session is affected.

Parameter name	Data type	Description
role	String	Role which will be unset for given users ( FACILITYADMIN \| GROUPADMIN \| PERUNADMIN \| RESOURCEADMIN \| RESOURCESELFSERVICE \| SPONSOR \| TOPGROUPCREATOR \| VOADMIN \| VOOBSERVER \| PERUNOBSERVER \| SECURITYADMIN \| CABINETADMIN \| AUDITCONSUMERADMIN )
user	int	`id` of user to unset role for

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

see URL structure

Example params

{ "role" : "VOADMIN" , "user" : 2 }

see Passing params

Example response

null

unsetRole ( String role, int authorizedGroup, Object complementaryObject )

Unset role for authorizedGroup and complementaryObject. If some complementaryObject is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObject param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter name	Data type	Description
role	String	Role which will be set for given users ( FACILITYADMIN \| GROUPADMIN \| PERUNADMIN \| RESOURCEADMIN \| RESOURCESELFSERVICE \| SPONSOR \| TOPGROUPCREATOR \| VOADMIN \| VOOBSERVER \| PERUNOBSERVER \| SECURITYADMIN \| CABINETADMIN \| AUDITCONSUMERADMIN )
authorizedGroup	int	`id` of Group to unset role for
complementaryObject	Object	Object to remove role for an authorizedGroup (supported objects: Group \| RichGroup \| Vo \| Resource \| Facility \| SecurityTeam ).

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

see URL structure

Example params

{ "role" : "voadmin" , "authorizedGroup" : 65 , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

see Passing params

Example response

null

unsetRole ( String role, int authorizedGroup, List<Object> complementaryObjects )

Unset role for authorizedGroup and complementaryObjects. If some complementaryObject is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObjects param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter name	Data type	Description
role	String	Role which will be set for given users ( FACILITYADMIN \| GROUPADMIN \| PERUNADMIN \| RESOURCEADMIN \| RESOURCESELFSERVICE \| SPONSOR \| TOPGROUPCREATOR \| VOADMIN \| VOOBSERVER \| PERUNOBSERVER \| SECURITYADMIN \| CABINETADMIN \| AUDITCONSUMERADMIN )
authorizedGroup	int	`id` of Group to unset role for
complementaryObjects	List<Object>	Objects to remove role for an authorizedGroup (supported objects: Group \| RichGroup \| Vo \| Resource \| Facility \| SecurityTeam ).

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

see URL structure

Example params

{ "role" : "voadmin" , "authorizedGroup" : 79 , "complementaryObjects" : [ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ] }

see Passing params

Example response

null

unsetRole ( String role, int authorizedGroup )

Unset role for authorizedGroup. IMPORTANT: Refresh authz only if user in session is affected.

Parameter name	Data type	Description
role	String	Role which will be unset for given users ( FACILITYADMIN \| GROUPADMIN \| PERUNADMIN \| RESOURCEADMIN \| RESOURCESELFSERVICE \| SPONSOR \| TOPGROUPCREATOR \| VOADMIN \| VOOBSERVER \| PERUNOBSERVER \| SECURITYADMIN \| CABINETADMIN \| AUDITCONSUMERADMIN )
authorizedGroup	int	`id` of Group to unset role for

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

see URL structure

Example params

{ "role" : "VOADMIN" , "authorizedGroup" : 95 }

see Passing params

Example response

null

unsetRole ( String role, int[] users, Object complementaryObject )

Unset role for users and complementaryObject. If complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementary object. IMPORTANT: Refresh authz only if user in session is affected.

Parameter name	Data type	Description
role	String	Role which will be unset for given users ( FACILITYADMIN \| GROUPADMIN \| PERUNADMIN \| RESOURCEADMIN \| RESOURCESELFSERVICE \| SPONSOR \| TOPGROUPCREATOR \| VOADMIN \| VOOBSERVER \| PERUNOBSERVER \| SECURITYADMIN \| CABINETADMIN \| AUDITCONSUMERADMIN )
users	int[]	`ids` of users for which is the role set
complementaryObject	Object	Object to remove role for a users (supported objects: Group \| RichGroup \| Vo \| Resource \| Facility \| SecurityTeam ).

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

see URL structure

Example params

{ "role" : "VOADMIN" , "users" : [ 48 , 16 ] , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

see Passing params

Example response

null

unsetRole ( String role, int[] users )

Unset role for users. IMPORTANT: Refresh authz only if user in session is affected.

Parameter name	Data type	Description
role	String	Role which will be unset for given users ( FACILITYADMIN \| GROUPADMIN \| PERUNADMIN \| RESOURCEADMIN \| RESOURCESELFSERVICE \| SPONSOR \| TOPGROUPCREATOR \| VOADMIN \| VOOBSERVER \| PERUNOBSERVER \| SECURITYADMIN \| CABINETADMIN \| AUDITCONSUMERADMIN )
users	int[]	`ids` of users for which is the role unset

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

see URL structure

Example params

{ "role" : "VOADMIN" , "users" : [ 6 , 20 ] }

see Passing params

Example response

null

unsetRole ( String role, int[] authorizedGroups, Object complementaryObject )

Unset role for authorizedGroups and complementaryObject. If complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementary object. IMPORTANT: Refresh authz only if user in session is affected.

Parameter name	Data type	Description
role	String	Role which will be set for given groups ( FACILITYADMIN \| GROUPADMIN \| PERUNADMIN \| RESOURCEADMIN \| RESOURCESELFSERVICE \| SPONSOR \| TOPGROUPCREATOR \| VOADMIN \| VOOBSERVER \| PERUNOBSERVER \| SECURITYADMIN \| CABINETADMIN \| AUDITCONSUMERADMIN )
authorizedGroups	int[]	`ids` of groups for which is the role set
complementaryObject	Object	Object to remove role for an authorizedGroups (supported objects: Group \| RichGroup \| Vo \| Resource \| Facility \| SecurityTeam ).

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

see URL structure

Example params

{ "role" : "VOADMIN" , "authorizedGroups" : [ 81 , 41 ] , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

see Passing params

Example response

null

unsetRole ( String role, int[] authorizedGroups )

Unset role for authorizedGroups. IMPORTANT: Refresh authz only if user in session is affected.

Parameter name	Data type	Description
role	String	Role which will be unset for given users ( FACILITYADMIN \| GROUPADMIN \| PERUNADMIN \| RESOURCEADMIN \| RESOURCESELFSERVICE \| SPONSOR \| TOPGROUPCREATOR \| VOADMIN \| VOOBSERVER \| PERUNOBSERVER \| SECURITYADMIN \| CABINETADMIN \| AUDITCONSUMERADMIN )
authorizedGroups	int[]	`ids` of groups for which is the role unset

Thrown exception	Description
InternalErrorException	When unspecified error occur. See exception param `message` for explanation.
PrivilegeException	When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcException	Wrong usage of API (wrong url, missing param etc.). See exception params `message` and `type` for explanation.

Return type	Description
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

see URL structure

Example params

{ "role" : "VOADMIN" , "authorizedGroups" : [ 78 , 19 ] }

see Passing params

Example response

null