RPC API documentation v45.0.0

Back to Documentation Version:  General How to use RPC Managers AttributesManagerAuditMessagesManagerAuthzResolverCabinetManagerConfigManagerConsentsManagerDatabaseManagerExtSourcesManagerFacilitiesManagerGroupsManagerIntegrationManagerInvitationsManagerMembersManagerNotificationManagerOwnersManagerRTMessagesManagerRegistrarManagerResourcesManagerSearcherSecurityTeamsManagerServicesManagerTasksManagerUsersManagerVosManager

AuthzResolver

Get all groups of managers (authorizedGroups) for complementaryObject and role.

Parameter nameData typeDescription
roleStringExpected Role to filter authorizedGroups by
complementaryObjectIdintProperty id of complementaryObject to get groups of managers for
complementaryObjectNameStringProperty beanName of complementaryObject, meaning object type (supported object types: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ).
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
List<Group>List of authorizedGroups for complementaryObject and role

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getAdminGroups

Example params

{ "role" : "text" , "complementaryObjectId" : 18 , "complementaryObjectName" : "text" }

Example response

[ { "id" : 1061 , "name" : "My group" , "shortName" : "My group" , "description" : "My testing group" , "parentGroupId" : null , "voId" : 201 , "uuid" : "31e1014b-e994-4cb2-b238-e32aeef87670" , "beanName" : "Group" } , {...} , {...} ]

Get all valid user administrators (for group-based rights, status must be VALID for both Vo and group) for complementary object and role.

Parameter nameData typeDescription
roleStringExpected Role to filter managers by
complementaryObjectIdintProperty id of complementaryObject to get managers for
complementaryObjectNameStringProperty beanName of complementaryObject, meaning object type (supported object types: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ).
onlyDirectAdminsbooleanWhen true, return only direct users of the complementary object for role with specific attributes
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
List<User>Administrators for complementary object and role

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getAdmins

Example params

{ "role" : "text" , "complementaryObjectId" : 7 , "complementaryObjectName" : "text" , "onlyDirectAdmins" : true }

Example response

[ { "firstName" : "Some" , "lastName" : "Body" , "middleName" : null , "titleBefore" : "Mgr." , "titleAfter" : null , "serviceUser" : false , "sponsoredUser" : false , "specificUser" : false , "majorSpecificType" : "NORMAL" , "id" : 34 , "uuid" : "5e5a02dd-f991-4706-a428-69c3ea6c5ce8" , "beanName" : "User" } , {...} , {...} ]

Return all loaded perun policies.

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
List<PerunPolicy>all loaded policies

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getAllPolicies

Example response

{ ... TODO ... }

Return all loaded roles management rules.

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
List<RoleManagementRules>all roles management rules

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getAllRolesManagementRules

Example response

{ ... TODO ... }

Get all Facilities where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Parameter nameData typeDescription
userintid of object User
rolesList<String>list of role names for which Facilities are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<Facility>List of Facilities

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getFacilitiesWhereUserIsInRoles

Example params

{ "user" : 57 , "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 24 , "name" : "host.facility.cz" , "description" : "is optional" , "beanName" : "Facility" } , {...} , {...} ]

Get all Facilities where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.

Parameter nameData typeDescription
rolesList<String>list of role names for which Facilities are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<Facility>List of Facilities

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getFacilitiesWhereUserIsInRoles

Example params

{ "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 24 , "name" : "host.facility.cz" , "description" : "is optional" , "beanName" : "Facility" } , {...} , {...} ]

Returns list of group's role names. Perun system uses role names in the upper case format. However, for now, they are converted to the lower case format because of the compatibility with external systems.

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
List<String>List of roles

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getGroupRoleNames

Example response

[ "groupadmin" , "self" , "voadmin" ]

Returns all roles as an AuthzRoles object for a given group.

Parameter nameData typeDescription
groupIdintId of a group
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
AuthzRolesObject which contains all roles with perunbeans

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getGroupRoles

Example params

{ "groupId" : 77 }

Example response

{"FACILITYADMIN":{"Facility":[3682,3826]},"GROUPADMIN":{"Group":[9082,12093],"Vo":[3794,201]}, "VOADMIN":{"Vo":[2561,1541,2061,1041,3601]}}

Get all Groups where the given user has set one of the given roles or the given user is a member of an authorized group with such roles. Method does not return subgroups of the fetched groups.

Parameter nameData typeDescription
userintid of object User
rolesList<String>list of role names for which Groups are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<Group>List of Groups

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getGroupsWhereUserIsInRoles

Example params

{ "user" : 74 , "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 1061 , "name" : "My group" , "shortName" : "My group" , "description" : "My testing group" , "parentGroupId" : null , "voId" : 201 , "uuid" : "31e1014b-e994-4cb2-b238-e32aeef87670" , "beanName" : "Group" } , {...} , {...} ]

Get all Groups where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles. Method does not return subgroups of the fetched groups.

Parameter nameData typeDescription
rolesList<String>list of role names for which Groups are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<Group>List of Groups

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getGroupsWhereUserIsInRoles

Example params

{ "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 1061 , "name" : "My group" , "shortName" : "My group" , "description" : "My testing group" , "parentGroupId" : null , "voId" : 201 , "uuid" : "31e1014b-e994-4cb2-b238-e32aeef87670" , "beanName" : "Group" } , {...} , {...} ]

Returns User which is associated with credentials used to log-in to Perun.

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
UserCurrently logged user

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getLoggedUser

Example response

{ "firstName" : "Some" , "lastName" : "Body" , "middleName" : null , "titleBefore" : "Mgr." , "titleAfter" : null , "serviceUser" : false , "sponsoredUser" : false , "specificUser" : false , "majorSpecificType" : "NORMAL" , "id" : 34 , "uuid" : "5e5a02dd-f991-4706-a428-69c3ea6c5ce8" , "beanName" : "User" }

Get all Members where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Parameter nameData typeDescription
userintid of object User
rolesList<String>list of role names for which Members are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<Member>List of Members

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getMembersWhereUserIsInRoles

Example params

{ "user" : 41 , "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 12 , "userId" : 34 , "voId" : 42 , "sourceGroupId" : null , "membershipType" : "DIRECT" , "status" : "VALID" , "sponsored" : false , "beanName" : "Member" } , {...} , {...} ]

Get all Members where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.

Parameter nameData typeDescription
rolesList<String>list of role names for which Members are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<Member>List of Members

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getMembersWhereUserIsInRoles

Example params

{ "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 12 , "userId" : 34 , "voId" : 42 , "sourceGroupId" : null , "membershipType" : "DIRECT" , "status" : "VALID" , "sponsored" : false , "beanName" : "Member" } , {...} , {...} ]

Returns PerunPrincipal object associated with current session. It contains necessary information, including user identification, authorization and metadata. Each call of this method refresh the session including authorization data.

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
PerunPrincipalPerunPrincipal object

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getPerunPrincipal

Example response

{ ... TODO ... }

Returns list of caller's role names. Perun system uses role names in the upper case format. However, for now, they are converted to the lower case format because of the compatibility with external systems.

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
List<String>List of roles

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getPrincipalRoleNames

Example response

[ "groupadmin" , "self" , "voadmin" ]

Get all Resources where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Parameter nameData typeDescription
userintid of object User
rolesList<String>list of role names for which Resources are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<Resource>List of Resources

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getResourcesWhereUserIsInRoles

Example params

{ "user" : 1 , "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 493 , "name" : "host1.host.cz" , "description" : "ROOT access to host1.host.cz" , "facilityId" : 24 , "voId" : 21 , "uuid" : "542d676f-99b2-4d1c-bc80-a46fd7f34e62" , "beanName" : "Resource" } , {...} , {...} ]

Get all Resources where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.

Parameter nameData typeDescription
rolesList<String>list of role names for which Resources are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<Resource>List of Resources

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getResourcesWhereUserIsInRoles

Example params

{ "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 493 , "name" : "host1.host.cz" , "description" : "ROOT access to host1.host.cz" , "facilityId" : 24 , "voId" : 21 , "uuid" : "542d676f-99b2-4d1c-bc80-a46fd7f34e62" , "beanName" : "Resource" } , {...} , {...} ]

Get all valid richUser administrators (for group-based rights, status must be VALID for both Vo and group) for complementary object and role with specified attributes.

Parameter nameData typeDescription
roleStringExpected Role to filter managers by
complementaryObjectIdintProperty id of complementaryObject to get managers for
complementaryObjectNameStringProperty beanName of complementaryObject, meaning object type (supported object types: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ).
specificAttributesList<String>list of specified attributes which are needed in object richUser
onlyDirectAdminsbooleanWhen true, return only direct users of the complementary object for role with specific attributes
allUserAttributesbooleanWhen true, do not specify attributes through list and return them all in objects richUser. Ignoring list of specific attributes
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
List<RichUser>Administrators for complementary object and role with specify attributes

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getRichAdmins

Example params

{ "role" : "text" , "complementaryObjectId" : 59 , "complementaryObjectName" : "text" , "specificAttributes" : [ "text" , "text" ] , "onlyDirectAdmins" : true , "allUserAttributes" : true }

Example response

[ { "firstName" : "Some" , "lastName" : "Body" , "middleName" : null , "titleBefore" : "Mgr." , "titleAfter" : null , "serviceUser" : false , "sponsoredUser" : false , "specificUser" : false , "majorSpecificType" : "NORMAL" , "id" : 34 , "uuid" : "5e5a02dd-f991-4706-a428-69c3ea6c5ce8" , "beanName" : "RichUser" , "userExtSources" : [ { "userId": 34 , "loa" : 0 , "extSource" : { "name" : "PERUNPEOPLE" , "type" : "cz.metacentrum.perun.core.impl.ExtSourceSql" , "attributes" : {} , "id" : 2 , "beanName" : "ExtSource" } , "login" : "my_login" , "persistent" : true , "id" : 312 , "lastAccess" : "2019-06-10 14:07:42.2767" , "beanName" : "UserExtSource" } , {...} , {...} ], "userAttributes" : [ { "value" : "my_login" , "type" : "java.lang.String" , "entity" : "user" , "namespace" : "urn:perun:user:attribute-def:def" , "friendlyName" : "login-namespace:perun" , "writable" : true , "baseFriendlyName" : "login-namespace" , "friendlyNameParameter" : "perun" , "unique" : false , "displayName" : "Login in namespace: perun" , "description" : "Logname in namespace 'perun'." , "id" : 1905 , "beanName" : "Attribute" } ] } , {...} , {...} ]

Returns map of role name and map of corresponding role complementary objects (perun beans) distinguished by type. together with list of authorized groups where user is member: Map< RoleName, Map< BeanName, Map< BeanID, List >>>

Parameter nameData typeDescription
userIdintId of a user
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
Map<String,Map>>> roles with map of complementary objects with associated authorized groups

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getRoleComplementaryObjectsWithAuthorizedGroups

Example params

{ "userId" : 90 }

Example response

{ ... TODO ... }

Get all SecurityTeams where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Parameter nameData typeDescription
userintid of object User
rolesList<String>list of role names for which SecurityTeams are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<SecurityTeam>List of SecurityTeams

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getSecurityTeamsWhereUserIsInRoles

Example params

{ "user" : 65 , "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 924 , "name" : "CSIRT" , "description" : "My CSIRT" } , {...} , {...} ]

Get all SecurityTeams where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.

Parameter nameData typeDescription
rolesList<String>list of role names for which SecurityTeams are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<SecurityTeam>List of SecurityTeams

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getSecurityTeamsWhereUserIsInRoles

Example params

{ "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 924 , "name" : "CSIRT" , "description" : "My CSIRT" } , {...} , {...} ]

Returns all roles assigned to user except for those obtained from membership in authorized groups as an AuthzRoles object. Returns also sponsorship and membership roles. Behaves differently for PERUNADMIN and other principals. For PERUNADMIN, PERUNOBSERVER and SELF on the user returns all roles of the given user. For other principals the roles are filtered only to those that the caller can read.

Parameter nameData typeDescription
userIdintId of a user
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
AuthzRolesObject which contains all roles with perunbeans

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getUserDirectRoles

Example params

{ "userId" : 39 }

Example response

{"FACILITYADMIN":{"Facility":[32]},"SELF":{"Member":[4353,12324],"User":[2552,2252]}, "SPONSOR":{"SponsoredUser":[54750]},"VOADMIN":{"Vo":[356]},"PERUNADMIN":{}}

Returns list of user's role names. Perun system uses role names in the upper case format. Does not include membership and sponsorship role. However, for now, they are converted to the lower case format because of the compatibility with external systems.

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
List<String>List of roles

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getUserRoleNames

Example response

[ "groupadmin" , "self" , "voadmin" ]

Returns all roles as an AuthzRoles object for a given user. Returns also sponsorship and membership roles. Behaves differently for PERUNADMIN and other principals. For PERUNADMIN, PERUNOBSERVER and SELF on the user returns all roles of the given user. For other principals the roles are filtered only to those that the caller can read.

Parameter nameData typeDescription
userIdintId of a user
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
AuthzRolesObject which contains all roles with perunbeans

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getUserRoles

Example params

{ "userId" : 20 }

Example response

{"FACILITYADMIN":{"Facility":[32]},"SELF":{"Member":[4353,12324],"User":[2552,2252]}, "SPONSOR":{"SponsoredUser":[54750]},"VOADMIN":{"Vo":[356]},"PERUNADMIN":{}}

Returns roles resulting from membership in authorized groups as an AuthzRoles object for a given user.

Parameter nameData typeDescription
userIdintId of a user
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
AuthzRolesObject which contains roles with perunbeans

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getUserRolesObtainedFromAuthorizedGroupMemberships

Example params

{ "userId" : 60 }

Example response

{"FACILITYADMIN":{"Facility":[32]},"SELF":{"Member":[4353,12324],"User":[2552,2252]}, "SPONSOR":{"SponsoredUser":[54750]},"VOADMIN":{"Vo":[356]},"PERUNADMIN":{}}

Get all Vos where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Parameter nameData typeDescription
userintid of object User
rolesList<String>list of role names for which Vos are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<Vo>List of Vos

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getVosWhereUserIsInRoles

Example params

{ "user" : 84 , "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ]

Get all Vos where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.

Parameter nameData typeDescription
rolesList<String>list of role names for which Vos are retrieved
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
sPrivilegeException when the principal is not authorized.
Return typeDescription
List<Vo>List of Vos

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getVosWhereUserIsInRoles

Example params

{ "roles" : [ "text" , "text" ] }

Example response

[ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ]

Returns 1 if User has Facility manager role (FACILITYADMIN) for specific Facility defined by ID.

Parameter nameData typeDescription
facilityintid of object Facility
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
int1 == true, 0 == false

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isFacilityAdmin

Example params

{ "facility" : 30 }

Example response

1

Returns 1 if User has Facility manager role (FACILITYADMIN).

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
int1 == true, 0 == false

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isFacilityAdmin

Example response

1

Returns 1 if User has Group manager role (GROUPADMIN) for specific Group defined by ID.

Parameter nameData typeDescription
groupintid of object Group
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
int1 == true, 0 == false

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isGroupAdmin

Example params

{ "group" : 23 }

Example response

1

Returns 1 if User has Group manager role (GROUPADMIN).

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
int1 == true, 0 == false

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isGroupAdmin

Example response

1

Checks the facilities and returns those in which group is the last admin

Parameter nameData typeDescription
groupintid of group
facilitiesint[]ids of facilities to check
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
List<Facility>facilities that the group is last admin in

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isGroupLastAdminInFacilities

Example params

{ "group" : 66 , "facilities" : [ 97 , 77 ] }

Example response

[ { "id" : 24 , "name" : "host.facility.cz" , "description" : "is optional" , "beanName" : "Facility" } , {...} , {...} ]

Checks the vos and returns those in which group is the last admin

Parameter nameData typeDescription
groupintid of group
vosint[]ids of vos to check
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
List<Vo>vos that the group is last admin in

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isGroupLastAdminInVos

Example params

{ "group" : 29 , "vos" : [ 29 , 23 ] }

Example response

[ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ]

Returns 1 if User has Perun admin role (perunadmin).

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
int1 == true, 0 == false

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isPerunAdmin

Example response

1

Checks the facilities and returns those in which user is the last admin

Parameter nameData typeDescription
userintid of user
facilitiesint[]ids of facilities to check
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
List<Facility>facilities that the user is last admin in

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isUserLastAdminInFacilities

Example params

{ "user" : 99 , "facilities" : [ 97 , 61 ] }

Example response

[ { "id" : 24 , "name" : "host.facility.cz" , "description" : "is optional" , "beanName" : "Facility" } , {...} , {...} ]

Checks the vos and returns those in which user is the last admin

Parameter nameData typeDescription
userintid of user
vosint[]ids of vos to check
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
List<Vo>vos that the user is last admin in

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isUserLastAdminInVos

Example params

{ "user" : 76 , "vos" : [ 19 , 63 ] }

Example response

[ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ]

Returns 1 if User has VO manager role (VOADMIN) for specific VO defined by ID.

Parameter nameData typeDescription
vointid of object VO
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
int1 == true, 0 == false

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isVoAdmin

Example params

{ "vo" : 66 }

Example response

1

Returns 1 if User has VO manager role (VOADMIN).

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
int1 == true, 0 == false

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isVoAdmin

Example response

1

Returns "OK" string. Helper method for GUI check if connection is alive.

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
String"OK"

Example URL

https://[hostname]/krb/rpc/json/authzResolver/keepAlive

Example response

"OK"

Load perun roles and policies from the configuration file perun-roles.yml. Roles are loaded to the database and policies are loaded to the PerunPoliciesContainer.

Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/loadAuthorizationComponents

Example response

null

Set role for user and complementaryObject. If some complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObject param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
userintid of User to set role for
complementaryObjectObjectObject to associate role and user with (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ).
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

Example params

{ "role" : "VOADMIN" , "user" : 69 , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

Example response

null

Set role for user and complementaryObjects. If some complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObjects param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
userintid of User to set role for
complementaryObjectsList<Object>Objects to associate role and user with (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ).
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

Example params

{ "role" : "VOADMIN" , "user" : 70 , "complementaryObjects" : [ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ] }

Example response

null

Set role for user. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
userintid of user to set role for
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

Example params

{ "role" : "VOADMIN" , "user" : 15 }

Example response

null

Set role for authorizedGroup and complementaryObject. If some complementaryObject is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObject param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
authorizedGroupintid of Group to set role for
complementaryObjectObjectObject to associate role and authorizedGroup with (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ).
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

Example params

{ "role" : "VOADMIN" , "authorizedGroup" : 23 , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

Example response

null

Set role for authorizedGroup and complementaryObjects. If some complementaryObject is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObjects param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
authorizedGroupintid of Group to set role for
complementaryObjectsList<Object>Objects to associate role and authorizedGroup with (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ).
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

Example params

{ "role" : "VOADMIN" , "authorizedGroup" : 88 , "complementaryObjects" : [ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ] }

Example response

null

Set role for authorizedGroup. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
authorizedGroupintid of Group to set role for
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

Example params

{ "role" : "VOADMIN" , "authorizedGroup" : 99 }

Example response

null

Set role for users and complementaryObject. If complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementary object. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
usersint[]ids of users for which is the role set
complementaryObjectObjectObject to associate role and users with (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ).
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

Example params

{ "role" : "VOADMIN" , "users" : [ 3 , 39 ] , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

Example response

null

Set role for users. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
usersint[]ids of users for which is the role set
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

Example params

{ "role" : "VOADMIN" , "users" : [ 73 , 60 ] }

Example response

null

Set role for authorizedGroups and complementaryObject. If complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementary object. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given groups ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
authorizedGroupsint[]ids of groups for which is the role set
complementaryObjectObjectObject to associate role and authorizedGroups with (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ).
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

Example params

{ "role" : "VOADMIN" , "authorizedGroups" : [ 86 , 44 ] , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

Example response

null

Set role for authorizedGroups. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
authorizedGroupsint[]ids of groups for which is the role set
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

Example params

{ "role" : "VOADMIN" , "authorizedGroups" : [ 45 , 49 ] }

Example response

null

Check if some valid user with specific role exists for given complementary object (for group-based rights, status must be VALID for both Vo and group).

Parameter nameData typeDescription
roleStringExpected Role to filter managers by
complementaryObjectIdintProperty id of complementaryObject to search managers for
complementaryObjectNameStringProperty beanName of complementaryObject, meaning object type (supported object types: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ).
onlyDirectAdminsbooleanWhen true, search only direct users of the complementary object for role
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
true,if some user with required role exists, false otherwise

Example URL

https://[hostname]/krb/rpc/json/authzResolver/someAdminExists

Example params

{ "role" : "text" , "complementaryObjectId" : 21 , "complementaryObjectName" : "text" , "onlyDirectAdmins" : true }

Example response

{ ... TODO ... }

Unset role for user and complementaryObject. If some complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObject param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
userintid of User to unset role for
complementaryObjectObjectObject to remove role for a user (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ).
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

Example params

{ "role" : "voadmin" , "user" : 91 , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

Example response

null

Unset role for user and complementaryObjects. If some complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObjects param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
userintid of User to unset role for
complementaryObjectsList<Object>Objects to remove role for a user (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ).
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

Example params

{ "role" : "voadmin" , "user" : 52 , "complementaryObjects" : [ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ] }

Example response

null

Unset role for user. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be unset for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
userintid of user to unset role for
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

Example params

{ "role" : "VOADMIN" , "user" : 28 }

Example response

null

Unset role for authorizedGroup and complementaryObject. If some complementaryObject is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObject param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
authorizedGroupintid of Group to unset role for
complementaryObjectObjectObject to remove role for an authorizedGroup (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ).
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

Example params

{ "role" : "voadmin" , "authorizedGroup" : 19 , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

Example response

null

Unset role for authorizedGroup and complementaryObjects. If some complementaryObject is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObjects param. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
authorizedGroupintid of Group to unset role for
complementaryObjectsList<Object>Objects to remove role for an authorizedGroup (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ).
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

Example params

{ "role" : "voadmin" , "authorizedGroup" : 95 , "complementaryObjects" : [ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ] }

Example response

null

Unset role for authorizedGroup. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be unset for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
authorizedGroupintid of Group to unset role for
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

Example params

{ "role" : "VOADMIN" , "authorizedGroup" : 25 }

Example response

null

Unset role for users and complementaryObject. If complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementary object. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be unset for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
usersint[]ids of users for which is the role set
complementaryObjectObjectObject to remove role for a users (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ).
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

Example params

{ "role" : "VOADMIN" , "users" : [ 9 , 12 ] , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

Example response

null

Unset role for users. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be unset for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
usersint[]ids of users for which is the role unset
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

Example params

{ "role" : "VOADMIN" , "users" : [ 42 , 1 ] }

Example response

null

Unset role for authorizedGroups and complementaryObject. If complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementary object. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be set for given groups ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
authorizedGroupsint[]ids of groups for which is the role set
complementaryObjectObjectObject to remove role for an authorizedGroups (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ).
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

Example params

{ "role" : "VOADMIN" , "authorizedGroups" : [ 47 , 69 ] , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }

Example response

null

Unset role for authorizedGroups. IMPORTANT: Refresh authz only if user in session is affected.

Parameter nameData typeDescription
roleStringRole which will be unset for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )
authorizedGroupsint[]ids of groups for which is the role unset
Thrown exceptionDescription
InternalErrorExceptionWhen unspecified error occur. See exception param message for explanation.
PrivilegeExceptionWhen caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values.
RpcExceptionWrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation.
Return typeDescription
void

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

Example params

{ "role" : "VOADMIN" , "authorizedGroups" : [ 39 , 71 ] }

Example response

null