RPC API documentation v17.2.0

Back to Documentation Version:  General How to use RPC Managers AttributesManagerAuditMessagesManagerAuthzResolverCabinetManagerConfigManagerConsentsManagerDatabaseManagerExtSourcesManagerFacilitiesManagerGroupsManagerIntegrationManagerMembersManagerNotificationManagerOwnersManagerRTMessagesManagerRegistrarManagerResourcesManagerSearcherSecurityTeamsManagerServicesManagerTasksManagerUsersManagerVosManager

AuthzResolver

Get all groups of managers (authorizedGroups) for complementaryObject and role.

Parameter nameData typeDescription
roleStringExpected Role to filter authorizedGroups by
complementaryObjectIdintProperty id of complementaryObject to get groups of managers for
complementaryObjectNameStringProperty beanName of complementaryObject, meaning object type (Vo | Group | Facility | ... )
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
List<Group>List of authorizedGroups for complementaryObject and role

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getAdminGroups

Example params

{ "role" : "text" , "complementaryObjectId" : 85 , "complementaryObjectName" : "text" }

Example response

[ { "id" : 1061 , "name" : "My group" , "shortName" : "My group" , "description" : "My testing group" , "parentGroupId" : null , "voId" : 201 , "uuid" : "31e1014b-e994-4cb2-b238-e32aeef87670" , "beanName" : "Group" } , {...} , {...} ]

Return all loaded perun policies.

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
List<PerunPolicy>all loaded policies

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getAllPolicies

Example response

{ ... TODO ... }

Return all loaded roles management rules.

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
List<RoleManagementRules>all roles management rules

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getAllRolesManagementRules

Example response

{ ... TODO ... }

Get all Facilities where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Parameter nameData typeDescription
userintid of object User
rolesList<String>list of role names for which Facilities are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<Facility>List of Facilities

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getFacilitiesWhereUserIsInRoles

Example params

{ "user" : 47 , "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 24 , "name" : "host.facility.cz" , "description" : "is optional" , "beanName" : "Facility" } , {...} , {...} ]

Get all Facilities where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.

Parameter nameData typeDescription
rolesList<String>list of role names for which Facilities are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<Facility>List of Facilities

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getFacilitiesWhereUserIsInRoles

Example params

{ "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 24 , "name" : "host.facility.cz" , "description" : "is optional" , "beanName" : "Facility" } , {...} , {...} ]

Returns list of group's role names. Perun system uses role names in the upper case format. However, for now, they are converted to the lower case format because of the compatibility with external systems.

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
List<String>List of roles

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getGroupRoleNames

Example response

[ "groupadmin" , "self" , "voadmin" ]

Returns all roles as an AuthzRoles object for a given group.

Parameter nameData typeDescription
groupIdintId of a group
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
AuthzRolesObject which contains all roles with perunbeans

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getGroupRoles

Example params

{ "groupId" : 53 }

Example response

{"FACILITYADMIN":{"Facility":[3682,3826]},"GROUPADMIN":{"Group":[9082,12093],"Vo":[3794,201]},"VOADMIN":{"Vo":[2561,1541,2061,1041,3601]}}

Get all Groups where the given user has set one of the given roles or the given user is a member of an authorized group with such roles. Method does not return subgroups of the fetched groups.

Parameter nameData typeDescription
userintid of object User
rolesList<String>list of role names for which Groups are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<Group>List of Groups

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getGroupsWhereUserIsInRoles

Example params

{ "user" : 12 , "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 1061 , "name" : "My group" , "shortName" : "My group" , "description" : "My testing group" , "parentGroupId" : null , "voId" : 201 , "uuid" : "31e1014b-e994-4cb2-b238-e32aeef87670" , "beanName" : "Group" } , {...} , {...} ]

Get all Groups where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles. Method does not return subgroups of the fetched groups.

Parameter nameData typeDescription
rolesList<String>list of role names for which Groups are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<Group>List of Groups

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getGroupsWhereUserIsInRoles

Example params

{ "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 1061 , "name" : "My group" , "shortName" : "My group" , "description" : "My testing group" , "parentGroupId" : null , "voId" : 201 , "uuid" : "31e1014b-e994-4cb2-b238-e32aeef87670" , "beanName" : "Group" } , {...} , {...} ]

Returns User which is associated with credentials used to log-in to Perun.

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
UserCurrently logged user

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getLoggedUser

Example response

{ "firstName" : "Some" , "lastName" : "Body" , "middleName" : null , "titleBefore" : "Mgr." , "titleAfter" : null , "serviceUser" : false , "sponsoredUser" : false , "specificUser" : false , "majorSpecificType" : "NORMAL" , "id" : 34 , "uuid" : "5e5a02dd-f991-4706-a428-69c3ea6c5ce8" , "beanName" : "User" }

Get all Members where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Parameter nameData typeDescription
userintid of object User
rolesList<String>list of role names for which Members are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<Member>List of Members

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getMembersWhereUserIsInRoles

Example params

{ "user" : 43 , "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 12 , "userId" : 34 , "voId" : 42 , "sourceGroupId" : null , "membershipType" : "DIRECT" , "status" : "VALID" , "sponsored" : false , "beanName" : "Member" } , {...} , {...} ]

Get all Members where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.

Parameter nameData typeDescription
rolesList<String>list of role names for which Members are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<Member>List of Members

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getMembersWhereUserIsInRoles

Example params

{ "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 12 , "userId" : 34 , "voId" : 42 , "sourceGroupId" : null , "membershipType" : "DIRECT" , "status" : "VALID" , "sponsored" : false , "beanName" : "Member" } , {...} , {...} ]

Returns PerunPrincipal object associated with current session. It contains necessary information, including user identification, authorization and metadata. Each call of this method refresh the session including authorization data.

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
PerunPrincipalPerunPrincipal object

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getPerunPrincipal

Example response

{ ... TODO ... }

Returns list of caller's role names. Perun system uses role names in the upper case format. However, for now, they are converted to the lower case format because of the compatibility with external systems.

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
List<String>List of roles

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getPrincipalRoleNames

Example response

[ "groupadmin" , "self" , "voadmin" ]

Get all Resources where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Parameter nameData typeDescription
userintid of object User
rolesList<String>list of role names for which Resources are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<Resource>List of Resources

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getResourcesWhereUserIsInRoles

Example params

{ "user" : 50 , "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 493 , "name" : "host1.host.cz" , "description" : "ROOT access to host1.host.cz" , "facilityId" : 24 , "voId" : 21 , "uuid" : "542d676f-99b2-4d1c-bc80-a46fd7f34e62" , "beanName" : "Resource" } , {...} , {...} ]

Get all Resources where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.

Parameter nameData typeDescription
rolesList<String>list of role names for which Resources are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<Resource>List of Resources

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getResourcesWhereUserIsInRoles

Example params

{ "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 493 , "name" : "host1.host.cz" , "description" : "ROOT access to host1.host.cz" , "facilityId" : 24 , "voId" : 21 , "uuid" : "542d676f-99b2-4d1c-bc80-a46fd7f34e62" , "beanName" : "Resource" } , {...} , {...} ]

Get all valid richUser administrators (for group-based rights, status must be VALID for both Vo and group) for complementary object and role with specified attributes.

Parameter nameData typeDescription
roleStringExpected Role to filter managers by
complementaryObjectIdintProperty id of complementaryObject to get managers for
complementaryObjectNameStringProperty beanName of complementaryObject, meaning object type (Vo | Group | Facility | ... )
specificAttributesList<String>list of specified attributes which are needed in object richUser
onlyDirectAdminsbooleanWhen true, return only direct users of the complementary object for role with specific attributes
allUserAttributesbooleanWhen true, do not specify attributes through list and return them all in objects richUser. Ignoring list of specific attributes
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
List<RichUser>Administrators for complementary object and role with specify attributes

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getRichAdmins

Example params

{ "role" : "text" , "complementaryObjectId" : 21 , "complementaryObjectName" : "text" , "specificAttributes" : [ "text" , "text" ] , "onlyDirectAdmins" : true , "allUserAttributes" : true }

Example response

[ { "firstName" : "Some" , "lastName" : "Body" , "middleName" : null , "titleBefore" : "Mgr." , "titleAfter" : null , "serviceUser" : false , "sponsoredUser" : false , "specificUser" : false , "majorSpecificType" : "NORMAL" , "id" : 34 , "uuid" : "5e5a02dd-f991-4706-a428-69c3ea6c5ce8" , "beanName" : "RichUser" , "userExtSources" : [ { "userId": 34 , "loa" : 0 , "extSource" : { "name" : "PERUNPEOPLE" , "type" : "cz.metacentrum.perun.core.impl.ExtSourceSql" , "attributes" : {} , "id" : 2 , "beanName" : "ExtSource" } , "login" : "my_login" , "persistent" : true , "id" : 312 , "lastAccess" : "2019-06-10 14:07:42.2767" , "beanName" : "UserExtSource" } , {...} , {...} ], "userAttributes" : [ { "value" : "my_login" , "type" : "java.lang.String" , "entity" : "user" , "namespace" : "urn:perun:user:attribute-def:def" , "friendlyName" : "login-namespace:perun" , "writable" : true , "baseFriendlyName" : "login-namespace" , "friendlyNameParameter" : "perun" , "unique" : false , "displayName" : "Login in namespace: perun" , "description" : "Logname in namespace 'perun'." , "id" : 1905 , "beanName" : "Attribute" } ] } , {...} , {...} ]

Get all SecurityTeams where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Parameter nameData typeDescription
userintid of object User
rolesList<String>list of role names for which SecurityTeams are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<SecurityTeam>List of SecurityTeams

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getSecurityTeamsWhereUserIsInRoles

Example params

{ "user" : 79 , "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 924 , "name" : "CSIRT" , "description" : "My CSIRT" } , {...} , {...} ]

Get all SecurityTeams where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.

Parameter nameData typeDescription
rolesList<String>list of role names for which SecurityTeams are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<SecurityTeam>List of SecurityTeams

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getSecurityTeamsWhereUserIsInRoles

Example params

{ "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 924 , "name" : "CSIRT" , "description" : "My CSIRT" } , {...} , {...} ]

Returns list of user's role names. Perun system uses role names in the upper case format. Does not include membership and sponsorship role. However, for now, they are converted to the lower case format because of the compatibility with external systems.

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
List<String>List of roles

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getUserRoleNames

Example response

[ "groupadmin" , "self" , "voadmin" ]

Returns all roles as an AuthzRoles object for a given user. Returns also sponsorship and membership roles.

Parameter nameData typeDescription
userIdintId of a user
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
AuthzRolesObject which contains all roles with perunbeans

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getUserRoles

Example params

{ "userId" : 36 }

Example response

{"FACILITYADMIN":{"Facility":[32]},"SELF":{"Member":[4353,12324],"User":[2552,2252]},"SPONSOR":{"SponsoredUser":[54750]},"VOADMIN":{"Vo":[356]},"PERUNADMIN":{}}

Get all Vos where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Parameter nameData typeDescription
userintid of object User
rolesList<String>list of role names for which Vos are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<Vo>List of Vos

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getVosWhereUserIsInRoles

Example params

{ "user" : 46 , "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ]

Get all Vos where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.

Parameter nameData typeDescription
rolesList<String>list of role names for which Vos are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<Vo>List of Vos

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getVosWhereUserIsInRoles

Example params

{ "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ]

Returns 1 if User has Facility manager role (FACILITYADMIN) for specific Facility defined by ID.

Parameter nameData typeDescription
facilityintid of object Facility
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
int1 == true, 0 == false

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isFacilityAdmin

Example params

{ "facility" : 65 }

Example response

1

Returns 1 if User has Facility manager role (FACILITYADMIN).

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
int1 == true, 0 == false

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isFacilityAdmin

Example response

1

Returns 1 if User has Group manager role (GROUPADMIN) for specific Group defined by ID.

Parameter nameData typeDescription
groupintid of object Group
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
int1 == true, 0 == false

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isGroupAdmin

Example params

{ "group" : 52 }

Example response

1

Returns 1 if User has Group manager role (GROUPADMIN).

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
int1 == true, 0 == false

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isGroupAdmin

Example response

1

Returns 1 if User has Perun admin role (perunadmin).

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
int1 == true, 0 == false

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isPerunAdmin

Example response

1

Returns 1 if User has VO manager role (VOADMIN) for specific VO defined by ID.

Parameter nameData typeDescription
vointid of object VO
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
int1 == true, 0 == false

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isVoAdmin

Example params

{ "vo" : 56 }

Example response

1

Returns 1 if User has VO manager role (VOADMIN).

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
int1 == true, 0 == false

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isVoAdmin

Example response

1

Returns "OK" string. Helper method for GUI check if connection is alive.

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
String"OK"

Example URL

https://[hostname]/krb/rpc/json/authzResolver/keepAlive

Example response

"OK"

Load perun roles and policies from the configuration file perun-roles.yml. Roles are loaded to the database and policies are loaded to the PerunPoliciesContainer.

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/loadAuthorizationComponents

Example response

null

Set role for user and complementaryObject. If some complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObject param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
userintid of User to set role for
complementaryObjectObjectObject (e.g.: vo | group | facility ) to associate role and user with.
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

Example params

{ "role" : "VOADMIN" , "user" : 54 , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

Example response

null

Set role for user and complementaryObjects. If some complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObjects param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
userintid of User to set role for
complementaryObjectsList<Object>Objects (e.g.: vo | group | facility ) to associate role and user with
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

Example params

{ "role" : "VOADMIN" , "user" : 21 , "complementaryObjects" : [ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ] }

Example response

null

Set role for user. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
userintid of user to set role for
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

Example params

{ "role" : "VOADMIN" , "user" : 32 }

Example response

null

Set role for authorizedGroup and complementaryObject. If some complementaryObject is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObject param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
authorizedGroupintid of Group to set role for
complementaryObjectObjectObject (e.g.: vo | group | facility ) to associate role and authorizedGroup with
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

Example params

{ "role" : "VOADMIN" , "authorizedGroup" : 5 , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

Example response

null

Set role for authorizedGroup and complementaryObjects. If some complementaryObject is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObjects param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
authorizedGroupintid of Group to set role for
complementaryObjectsList<Object>Objects (e.g.: vo | group | facility ) to associate role and authorizedGroup with
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

Example params

{ "role" : "VOADMIN" , "authorizedGroup" : 51 , "complementaryObjects" : [ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ] }

Example response

null

Set role for authorizedGroup. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
authorizedGroupintid of Group to set role for
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

Example params

{ "role" : "VOADMIN" , "authorizedGroup" : 48 }

Example response

null

Set role for users and complementaryObject. If complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementary object. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
usersint[]ids of users for which is the role set
complementaryObjectObjectObject (e.g.: vo | group | facility ) to associate role and users with
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

Example params

{ "role" : "VOADMIN" , "users" : [ 40 , 40 ] , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

Example response

null

Set role for users. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
usersint[]ids of users for which is the role set
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

Example params

{ "role" : "VOADMIN" , "users" : [ 23 , 57 ] }

Example response

null

Set role for authorizedGroups and complementaryObject. If complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementary object. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given groups ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
authorizedGroupsint[]ids of groups for which is the role set
complementaryObjectObjectObject (e.g.: vo | group | facility ) to associate role and authorizedGroups with
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

Example params

{ "role" : "VOADMIN" , "authorizedGroups" : [ 75 , 74 ] , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

Example response

null

Set role for authorizedGroups. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
authorizedGroupsint[]ids of groups for which is the role set
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

Example params

{ "role" : "VOADMIN" , "authorizedGroups" : [ 57 , 61 ] }

Example response

null

Unset role for user and complementaryObject. If some complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObject param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
userintid of User to unset role for
complementaryObjectObjectObject (e.g.: vo | group | facility ) to remove role for a user
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

Example params

{ "role" : "voadmin" , "user" : 34 , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

Example response

null

Unset role for user and complementaryObjects. If some complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObjects param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
userintid of User to unset role for
complementaryObjectsList<Object>Objects (e.g.: vo | group | facility ) to remove role for a user
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

Example params

{ "role" : "voadmin" , "user" : 93 , "complementaryObjects" : [ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ] }

Example response

null

Unset role for user. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be unset for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
userintid of user to unset role for
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

Example params

{ "role" : "VOADMIN" , "user" : 43 }

Example response

null

Unset role for authorizedGroup and complementaryObject. If some complementaryObject is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObject param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
authorizedGroupintid of Group to unset role for
complementaryObjectObjectObject (e.g.: vo | group | facility ) to remove role for an authorizedGroup
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

Example params

{ "role" : "voadmin" , "authorizedGroup" : 26 , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

Example response

null

Unset role for authorizedGroup and complementaryObjects. If some complementaryObject is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObjects param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
authorizedGroupintid of Group to unset role for
complementaryObjectsList<Object>Objects (e.g.: vo | group | facility ) to remove role for an authorizedGroup
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

Example params

{ "role" : "voadmin" , "authorizedGroup" : 55 , "complementaryObjects" : [ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ] }

Example response

null

Unset role for authorizedGroup. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be unset for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
authorizedGroupintid of Group to unset role for
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

Example params

{ "role" : "VOADMIN" , "authorizedGroup" : 76 }

Example response

null

Unset role for users and complementaryObject. If complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementary object. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be unset for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
usersint[]ids of users for which is the role set
complementaryObjectObjectObject (e.g.: vo | group | facility ) to associate role and users with
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

Example params

{ "role" : "VOADMIN" , "users" : [ 44 , 68 ] , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

Example response

null

Unset role for users. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be unset for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
usersint[]ids of users for which is the role unset
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

Example params

{ "role" : "VOADMIN" , "users" : [ 68 , 6 ] }

Example response

null

Unset role for authorizedGroups and complementaryObject. If complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementary object. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given groups ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
authorizedGroupsint[]ids of groups for which is the role set
complementaryObjectObjectObject (e.g.: vo | group | facility ) to associate role and authorizedGroups with
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

Example params

{ "role" : "VOADMIN" , "authorizedGroups" : [ 67 , 94 ] , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

Example response

null

Unset role for authorizedGroups. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be unset for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
authorizedGroupsint[]ids of groups for which is the role unset
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

Example params

{ "role" : "VOADMIN" , "authorizedGroups" : [ 40 , 19 ] }

Example response

null