Get all groups of managers (authorizedGroups) for complementaryObject and role.
Parameter name | Data type | Description |
---|---|---|
role | String | Expected Role to filter authorizedGroups by |
complementaryObjectId | int | Property id of complementaryObject to get groups of managers for |
complementaryObjectName | String | Property beanName of complementaryObject, meaning object type (supported object types: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ). |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
List<Group> | List of authorizedGroups for complementaryObject and role |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getAdminGroups
Example params
{ "role" : "text" , "complementaryObjectId" : 18 , "complementaryObjectName" : "text" }
Example response
[ { "id" : 1061 , "name" : "My group" , "shortName" : "My group" , "description" : "My testing group" , "parentGroupId" : null , "voId" : 201 , "uuid" : "31e1014b-e994-4cb2-b238-e32aeef87670" , "beanName" : "Group" } , {...} , {...} ]
Get all valid user administrators (for group-based rights, status must be VALID for both Vo and group) for complementary object and role.
Parameter name | Data type | Description |
---|---|---|
role | String | Expected Role to filter managers by |
complementaryObjectId | int | Property id of complementaryObject to get managers for |
complementaryObjectName | String | Property beanName of complementaryObject, meaning object type (supported object types: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ). |
onlyDirectAdmins | boolean | When true, return only direct users of the complementary object for role with specific attributes |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
List<User> | Administrators for complementary object and role |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getAdmins
Example params
{ "role" : "text" , "complementaryObjectId" : 7 , "complementaryObjectName" : "text" , "onlyDirectAdmins" : true }
Example response
[ { "firstName" : "Some" , "lastName" : "Body" , "middleName" : null , "titleBefore" : "Mgr." , "titleAfter" : null , "serviceUser" : false , "sponsoredUser" : false , "specificUser" : false , "majorSpecificType" : "NORMAL" , "id" : 34 , "uuid" : "5e5a02dd-f991-4706-a428-69c3ea6c5ce8" , "beanName" : "User" } , {...} , {...} ]
Return all loaded perun policies.
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
List<PerunPolicy> | all loaded policies |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getAllPolicies
Example response
{ ... TODO ... }
Return all loaded roles management rules.
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
List<RoleManagementRules> | all roles management rules |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getAllRolesManagementRules
Example response
{ ... TODO ... }
Get all Facilities where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.
Parameter name | Data type | Description |
---|---|---|
user | int | id of object User |
roles | List<String> | list of role names for which Facilities are retrieved |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
s | PrivilegeException when the principal is not authorized. |
Return type | Description |
---|---|
List<Facility> | List of Facilities |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getFacilitiesWhereUserIsInRoles
Example params
{ "user" : 57 , "roles" : [ "text" , "text" ] }
Example response
[ { "id" : 24 , "name" : "host.facility.cz" , "description" : "is optional" , "beanName" : "Facility" } , {...} , {...} ]
Get all Facilities where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.
Parameter name | Data type | Description |
---|---|---|
roles | List<String> | list of role names for which Facilities are retrieved |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
s | PrivilegeException when the principal is not authorized. |
Return type | Description |
---|---|
List<Facility> | List of Facilities |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getFacilitiesWhereUserIsInRoles
Example params
{ "roles" : [ "text" , "text" ] }
Example response
[ { "id" : 24 , "name" : "host.facility.cz" , "description" : "is optional" , "beanName" : "Facility" } , {...} , {...} ]
Returns list of group's role names. Perun system uses role names in the upper case format. However, for now, they are converted to the lower case format because of the compatibility with external systems.
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
List<String> | List of roles |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getGroupRoleNames
Example response
[ "groupadmin" , "self" , "voadmin" ]
Returns all roles as an AuthzRoles object for a given group.
Parameter name | Data type | Description |
---|---|---|
groupId | int | Id of a group |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
AuthzRoles | Object which contains all roles with perunbeans |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getGroupRoles
Example params
{ "groupId" : 77 }
Example response
{"FACILITYADMIN":{"Facility":[3682,3826]},"GROUPADMIN":{"Group":[9082,12093],"Vo":[3794,201]}, "VOADMIN":{"Vo":[2561,1541,2061,1041,3601]}}
Get all Groups where the given user has set one of the given roles or the given user is a member of an authorized group with such roles. Method does not return subgroups of the fetched groups.
Parameter name | Data type | Description |
---|---|---|
user | int | id of object User |
roles | List<String> | list of role names for which Groups are retrieved |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
s | PrivilegeException when the principal is not authorized. |
Return type | Description |
---|---|
List<Group> | List of Groups |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getGroupsWhereUserIsInRoles
Example params
{ "user" : 74 , "roles" : [ "text" , "text" ] }
Example response
[ { "id" : 1061 , "name" : "My group" , "shortName" : "My group" , "description" : "My testing group" , "parentGroupId" : null , "voId" : 201 , "uuid" : "31e1014b-e994-4cb2-b238-e32aeef87670" , "beanName" : "Group" } , {...} , {...} ]
Get all Groups where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles. Method does not return subgroups of the fetched groups.
Parameter name | Data type | Description |
---|---|---|
roles | List<String> | list of role names for which Groups are retrieved |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
s | PrivilegeException when the principal is not authorized. |
Return type | Description |
---|---|
List<Group> | List of Groups |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getGroupsWhereUserIsInRoles
Example params
{ "roles" : [ "text" , "text" ] }
Example response
[ { "id" : 1061 , "name" : "My group" , "shortName" : "My group" , "description" : "My testing group" , "parentGroupId" : null , "voId" : 201 , "uuid" : "31e1014b-e994-4cb2-b238-e32aeef87670" , "beanName" : "Group" } , {...} , {...} ]
Returns User which is associated with credentials used to log-in to Perun.
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
User | Currently logged user |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getLoggedUser
Example response
{ "firstName" : "Some" , "lastName" : "Body" , "middleName" : null , "titleBefore" : "Mgr." , "titleAfter" : null , "serviceUser" : false , "sponsoredUser" : false , "specificUser" : false , "majorSpecificType" : "NORMAL" , "id" : 34 , "uuid" : "5e5a02dd-f991-4706-a428-69c3ea6c5ce8" , "beanName" : "User" }
Get all Members where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.
Parameter name | Data type | Description |
---|---|---|
user | int | id of object User |
roles | List<String> | list of role names for which Members are retrieved |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
s | PrivilegeException when the principal is not authorized. |
Return type | Description |
---|---|
List<Member> | List of Members |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getMembersWhereUserIsInRoles
Example params
{ "user" : 41 , "roles" : [ "text" , "text" ] }
Example response
[ { "id" : 12 , "userId" : 34 , "voId" : 42 , "sourceGroupId" : null , "membershipType" : "DIRECT" , "status" : "VALID" , "sponsored" : false , "beanName" : "Member" } , {...} , {...} ]
Get all Members where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.
Parameter name | Data type | Description |
---|---|---|
roles | List<String> | list of role names for which Members are retrieved |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
s | PrivilegeException when the principal is not authorized. |
Return type | Description |
---|---|
List<Member> | List of Members |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getMembersWhereUserIsInRoles
Example params
{ "roles" : [ "text" , "text" ] }
Example response
[ { "id" : 12 , "userId" : 34 , "voId" : 42 , "sourceGroupId" : null , "membershipType" : "DIRECT" , "status" : "VALID" , "sponsored" : false , "beanName" : "Member" } , {...} , {...} ]
Returns PerunPrincipal object associated with current session. It contains necessary information, including user identification, authorization and metadata. Each call of this method refresh the session including authorization data.
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
PerunPrincipal | PerunPrincipal object |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getPerunPrincipal
Example response
{ ... TODO ... }
Returns list of caller's role names. Perun system uses role names in the upper case format. However, for now, they are converted to the lower case format because of the compatibility with external systems.
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
List<String> | List of roles |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getPrincipalRoleNames
Example response
[ "groupadmin" , "self" , "voadmin" ]
Get all Resources where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.
Parameter name | Data type | Description |
---|---|---|
user | int | id of object User |
roles | List<String> | list of role names for which Resources are retrieved |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
s | PrivilegeException when the principal is not authorized. |
Return type | Description |
---|---|
List<Resource> | List of Resources |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getResourcesWhereUserIsInRoles
Example params
{ "user" : 1 , "roles" : [ "text" , "text" ] }
Example response
[ { "id" : 493 , "name" : "host1.host.cz" , "description" : "ROOT access to host1.host.cz" , "facilityId" : 24 , "voId" : 21 , "uuid" : "542d676f-99b2-4d1c-bc80-a46fd7f34e62" , "beanName" : "Resource" } , {...} , {...} ]
Get all Resources where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.
Parameter name | Data type | Description |
---|---|---|
roles | List<String> | list of role names for which Resources are retrieved |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
s | PrivilegeException when the principal is not authorized. |
Return type | Description |
---|---|
List<Resource> | List of Resources |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getResourcesWhereUserIsInRoles
Example params
{ "roles" : [ "text" , "text" ] }
Example response
[ { "id" : 493 , "name" : "host1.host.cz" , "description" : "ROOT access to host1.host.cz" , "facilityId" : 24 , "voId" : 21 , "uuid" : "542d676f-99b2-4d1c-bc80-a46fd7f34e62" , "beanName" : "Resource" } , {...} , {...} ]
Get all valid richUser administrators (for group-based rights, status must be VALID for both Vo and group) for complementary object and role with specified attributes.
Parameter name | Data type | Description |
---|---|---|
role | String | Expected Role to filter managers by |
complementaryObjectId | int | Property id of complementaryObject to get managers for |
complementaryObjectName | String | Property beanName of complementaryObject, meaning object type (supported object types: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ). |
specificAttributes | List<String> | list of specified attributes which are needed in object richUser |
onlyDirectAdmins | boolean | When true, return only direct users of the complementary object for role with specific attributes |
allUserAttributes | boolean | When true, do not specify attributes through list and return them all in objects richUser. Ignoring list of specific attributes |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
List<RichUser> | Administrators for complementary object and role with specify attributes |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getRichAdmins
Example params
{ "role" : "text" , "complementaryObjectId" : 59 , "complementaryObjectName" : "text" , "specificAttributes" : [ "text" , "text" ] , "onlyDirectAdmins" : true , "allUserAttributes" : true }
Example response
[ { "firstName" : "Some" , "lastName" : "Body" , "middleName" : null , "titleBefore" : "Mgr." , "titleAfter" : null , "serviceUser" : false , "sponsoredUser" : false , "specificUser" : false , "majorSpecificType" : "NORMAL" , "id" : 34 , "uuid" : "5e5a02dd-f991-4706-a428-69c3ea6c5ce8" , "beanName" : "RichUser" , "userExtSources" : [ { "userId": 34 , "loa" : 0 , "extSource" : { "name" : "PERUNPEOPLE" , "type" : "cz.metacentrum.perun.core.impl.ExtSourceSql" , "attributes" : {} , "id" : 2 , "beanName" : "ExtSource" } , "login" : "my_login" , "persistent" : true , "id" : 312 , "lastAccess" : "2019-06-10 14:07:42.2767" , "beanName" : "UserExtSource" } , {...} , {...} ], "userAttributes" : [ { "value" : "my_login" , "type" : "java.lang.String" , "entity" : "user" , "namespace" : "urn:perun:user:attribute-def:def" , "friendlyName" : "login-namespace:perun" , "writable" : true , "baseFriendlyName" : "login-namespace" , "friendlyNameParameter" : "perun" , "unique" : false , "displayName" : "Login in namespace: perun" , "description" : "Logname in namespace 'perun'." , "id" : 1905 , "beanName" : "Attribute" } ] } , {...} , {...} ]
Returns map of role name and map of corresponding role complementary objects (perun beans) distinguished by type. together with list of authorized groups where user is member: Map< RoleName, Map< BeanName, Map< BeanID, List Example URL Example params Example responseParameter name Data type Description userId int Id of a user Thrown exception Description InternalErrorException When unspecified error occur. See exception param message
for explanation.PrivilegeException When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. RpcException Wrong usage of API (wrong url, missing param etc.). See exception params message
and type
for explanation.Return type Description Map<String, Map https://[hostname]/krb/rpc/json/authzResolver/getRoleComplementaryObjectsWithAuthorizedGroups
{ "userId" : 90 }
{ ... TODO ... }
Get all SecurityTeams where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.
Parameter name | Data type | Description |
---|---|---|
user | int | id of object User |
roles | List<String> | list of role names for which SecurityTeams are retrieved |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
s | PrivilegeException when the principal is not authorized. |
Return type | Description |
---|---|
List<SecurityTeam> | List of SecurityTeams |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getSecurityTeamsWhereUserIsInRoles
Example params
{ "user" : 65 , "roles" : [ "text" , "text" ] }
Example response
[ { "id" : 924 , "name" : "CSIRT" , "description" : "My CSIRT" } , {...} , {...} ]
Get all SecurityTeams where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.
Parameter name | Data type | Description |
---|---|---|
roles | List<String> | list of role names for which SecurityTeams are retrieved |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
s | PrivilegeException when the principal is not authorized. |
Return type | Description |
---|---|
List<SecurityTeam> | List of SecurityTeams |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getSecurityTeamsWhereUserIsInRoles
Example params
{ "roles" : [ "text" , "text" ] }
Example response
[ { "id" : 924 , "name" : "CSIRT" , "description" : "My CSIRT" } , {...} , {...} ]
Returns all roles assigned to user except for those obtained from membership in authorized groups as an AuthzRoles object. Returns also sponsorship and membership roles. Behaves differently for PERUNADMIN and other principals. For PERUNADMIN, PERUNOBSERVER and SELF on the user returns all roles of the given user. For other principals the roles are filtered only to those that the caller can read.
Parameter name | Data type | Description |
---|---|---|
userId | int | Id of a user |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
AuthzRoles | Object which contains all roles with perunbeans |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getUserDirectRoles
Example params
{ "userId" : 39 }
Example response
{"FACILITYADMIN":{"Facility":[32]},"SELF":{"Member":[4353,12324],"User":[2552,2252]}, "SPONSOR":{"SponsoredUser":[54750]},"VOADMIN":{"Vo":[356]},"PERUNADMIN":{}}
Returns list of user's role names. Perun system uses role names in the upper case format. Does not include membership and sponsorship role. However, for now, they are converted to the lower case format because of the compatibility with external systems.
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
List<String> | List of roles |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getUserRoleNames
Example response
[ "groupadmin" , "self" , "voadmin" ]
Returns all roles as an AuthzRoles object for a given user. Returns also sponsorship and membership roles. Behaves differently for PERUNADMIN and other principals. For PERUNADMIN, PERUNOBSERVER and SELF on the user returns all roles of the given user. For other principals the roles are filtered only to those that the caller can read.
Parameter name | Data type | Description |
---|---|---|
userId | int | Id of a user |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
AuthzRoles | Object which contains all roles with perunbeans |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getUserRoles
Example params
{ "userId" : 20 }
Example response
{"FACILITYADMIN":{"Facility":[32]},"SELF":{"Member":[4353,12324],"User":[2552,2252]}, "SPONSOR":{"SponsoredUser":[54750]},"VOADMIN":{"Vo":[356]},"PERUNADMIN":{}}
Returns roles resulting from membership in authorized groups as an AuthzRoles object for a given user.
Parameter name | Data type | Description |
---|---|---|
userId | int | Id of a user |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
AuthzRoles | Object which contains roles with perunbeans |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getUserRolesObtainedFromAuthorizedGroupMemberships
Example params
{ "userId" : 60 }
Example response
{"FACILITYADMIN":{"Facility":[32]},"SELF":{"Member":[4353,12324],"User":[2552,2252]}, "SPONSOR":{"SponsoredUser":[54750]},"VOADMIN":{"Vo":[356]},"PERUNADMIN":{}}
Get all Vos where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.
Parameter name | Data type | Description |
---|---|---|
user | int | id of object User |
roles | List<String> | list of role names for which Vos are retrieved |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
s | PrivilegeException when the principal is not authorized. |
Return type | Description |
---|---|
List<Vo> | List of Vos |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getVosWhereUserIsInRoles
Example params
{ "user" : 84 , "roles" : [ "text" , "text" ] }
Example response
[ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ]
Get all Vos where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.
Parameter name | Data type | Description |
---|---|---|
roles | List<String> | list of role names for which Vos are retrieved |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
s | PrivilegeException when the principal is not authorized. |
Return type | Description |
---|---|
List<Vo> | List of Vos |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/getVosWhereUserIsInRoles
Example params
{ "roles" : [ "text" , "text" ] }
Example response
[ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ]
Returns 1 if User has Facility manager role (FACILITYADMIN) for specific Facility defined by ID.
Parameter name | Data type | Description |
---|---|---|
facility | int | id of object Facility |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
int | 1 == true , 0 == false |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/isFacilityAdmin
Example params
{ "facility" : 30 }
Example response
1
Returns 1 if User has Facility manager role (FACILITYADMIN).
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
int | 1 == true , 0 == false |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/isFacilityAdmin
Example response
1
Returns 1 if User has Group manager role (GROUPADMIN) for specific Group defined by ID.
Parameter name | Data type | Description |
---|---|---|
group | int | id of object Group |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
int | 1 == true , 0 == false |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/isGroupAdmin
Example params
{ "group" : 23 }
Example response
1
Returns 1 if User has Group manager role (GROUPADMIN).
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
int | 1 == true , 0 == false |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/isGroupAdmin
Example response
1
Checks the facilities and returns those in which group is the last admin
Parameter name | Data type | Description |
---|---|---|
group | int | id of group |
facilities | int[] | ids of facilities to check |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
List<Facility> | facilities that the group is last admin in |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/isGroupLastAdminInFacilities
Example params
{ "group" : 66 , "facilities" : [ 97 , 77 ] }
Example response
[ { "id" : 24 , "name" : "host.facility.cz" , "description" : "is optional" , "beanName" : "Facility" } , {...} , {...} ]
Checks the vos and returns those in which group is the last admin
Parameter name | Data type | Description |
---|---|---|
group | int | id of group |
vos | int[] | ids of vos to check |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
List<Vo> | vos that the group is last admin in |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/isGroupLastAdminInVos
Example params
{ "group" : 29 , "vos" : [ 29 , 23 ] }
Example response
[ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ]
Returns 1 if User has Perun admin role (perunadmin).
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
int | 1 == true , 0 == false |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/isPerunAdmin
Example response
1
Checks the facilities and returns those in which user is the last admin
Parameter name | Data type | Description |
---|---|---|
user | int | id of user |
facilities | int[] | ids of facilities to check |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
List<Facility> | facilities that the user is last admin in |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/isUserLastAdminInFacilities
Example params
{ "user" : 99 , "facilities" : [ 97 , 61 ] }
Example response
[ { "id" : 24 , "name" : "host.facility.cz" , "description" : "is optional" , "beanName" : "Facility" } , {...} , {...} ]
Checks the vos and returns those in which user is the last admin
Parameter name | Data type | Description |
---|---|---|
user | int | id of user |
vos | int[] | ids of vos to check |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
List<Vo> | vos that the user is last admin in |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/isUserLastAdminInVos
Example params
{ "user" : 76 , "vos" : [ 19 , 63 ] }
Example response
[ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ]
Returns 1 if User has VO manager role (VOADMIN) for specific VO defined by ID.
Parameter name | Data type | Description |
---|---|---|
vo | int | id of object VO |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
int | 1 == true , 0 == false |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/isVoAdmin
Example params
{ "vo" : 66 }
Example response
1
Returns 1 if User has VO manager role (VOADMIN).
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
int | 1 == true , 0 == false |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/isVoAdmin
Example response
1
Returns "OK" string. Helper method for GUI check if connection is alive.
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
String | "OK" |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/keepAlive
Example response
"OK"
Load perun roles and policies from the configuration file perun-roles.yml. Roles are loaded to the database and policies are loaded to the PerunPoliciesContainer.
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
void |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/loadAuthorizationComponents
Example response
null
Set role for user and complementaryObject. If some complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObject
param. IMPORTANT: Refresh authz only if user in session is affected.
Parameter name | Data type | Description |
---|---|---|
role | String | Role which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) |
user | int | id of User to set role for |
complementaryObject | Object | Object to associate role and user with (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ). |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
void |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/setRole
Example params
{ "role" : "VOADMIN" , "user" : 69 , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }
Example response
null
Set role for user and complementaryObjects. If some complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObjects
param. IMPORTANT: Refresh authz only if user in session is affected.
Parameter name | Data type | Description |
---|---|---|
role | String | Role which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) |
user | int | id of User to set role for |
complementaryObjects | List<Object> | Objects to associate role and user with (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ). |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
void |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/setRole
Example params
{ "role" : "VOADMIN" , "user" : 70 , "complementaryObjects" : [ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ] }
Example response
null
Set role for user. IMPORTANT: Refresh authz only if user in session is affected.
Parameter name | Data type | Description |
---|---|---|
role | String | Role which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) |
user | int | id of user to set role for |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
void |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/setRole
Example params
{ "role" : "VOADMIN" , "user" : 15 }
Example response
null
Set role for authorizedGroup and complementaryObject. If some complementaryObject is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObject
param. IMPORTANT: Refresh authz only if user in session is affected.
Parameter name | Data type | Description |
---|---|---|
role | String | Role which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) |
authorizedGroup | int | id of Group to set role for |
complementaryObject | Object | Object to associate role and authorizedGroup with (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ). |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
void |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/setRole
Example params
{ "role" : "VOADMIN" , "authorizedGroup" : 23 , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }
Example response
null
Set role for authorizedGroup and complementaryObjects. If some complementaryObject is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObjects
param. IMPORTANT: Refresh authz only if user in session is affected.
Parameter name | Data type | Description |
---|---|---|
role | String | Role which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) |
authorizedGroup | int | id of Group to set role for |
complementaryObjects | List<Object> | Objects to associate role and authorizedGroup with (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ). |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
void |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/setRole
Example params
{ "role" : "VOADMIN" , "authorizedGroup" : 88 , "complementaryObjects" : [ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ] }
Example response
null
Set role for authorizedGroup. IMPORTANT: Refresh authz only if user in session is affected.
Parameter name | Data type | Description |
---|---|---|
role | String | Role which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) |
authorizedGroup | int | id of Group to set role for |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
void |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/setRole
Example params
{ "role" : "VOADMIN" , "authorizedGroup" : 99 }
Example response
null
Set role for users and complementaryObject. If complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementary object. IMPORTANT: Refresh authz only if user in session is affected.
Parameter name | Data type | Description |
---|---|---|
role | String | Role which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) |
users | int[] | ids of users for which is the role set |
complementaryObject | Object | Object to associate role and users with (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ). |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
void |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/setRole
Example params
{ "role" : "VOADMIN" , "users" : [ 3 , 39 ] , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }
Example response
null
Set role for users. IMPORTANT: Refresh authz only if user in session is affected.
Parameter name | Data type | Description |
---|---|---|
role | String | Role which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) |
users | int[] | ids of users for which is the role set |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
void |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/setRole
Example params
{ "role" : "VOADMIN" , "users" : [ 73 , 60 ] }
Example response
null
Set role for authorizedGroups and complementaryObject. If complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementary object. IMPORTANT: Refresh authz only if user in session is affected.
Parameter name | Data type | Description |
---|---|---|
role | String | Role which will be set for given groups ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) |
authorizedGroups | int[] | ids of groups for which is the role set |
complementaryObject | Object | Object to associate role and authorizedGroups with (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ). |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
void |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/setRole
Example params
{ "role" : "VOADMIN" , "authorizedGroups" : [ 86 , 44 ] , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }
Example response
null
Set role for authorizedGroups. IMPORTANT: Refresh authz only if user in session is affected.
Parameter name | Data type | Description |
---|---|---|
role | String | Role which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) |
authorizedGroups | int[] | ids of groups for which is the role set |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
void |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/setRole
Example params
{ "role" : "VOADMIN" , "authorizedGroups" : [ 45 , 49 ] }
Example response
null
Check if some valid user with specific role exists for given complementary object (for group-based rights, status must be VALID for both Vo and group).
Parameter name | Data type | Description |
---|---|---|
role | String | Expected Role to filter managers by |
complementaryObjectId | int | Property id of complementaryObject to search managers for |
complementaryObjectName | String | Property beanName of complementaryObject, meaning object type (supported object types: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ). |
onlyDirectAdmins | boolean | When true, search only direct users of the complementary object for role |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
true, | if some user with required role exists, false otherwise |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/someAdminExists
Example params
{ "role" : "text" , "complementaryObjectId" : 21 , "complementaryObjectName" : "text" , "onlyDirectAdmins" : true }
Example response
{ ... TODO ... }
Unset role for user and complementaryObject. If some complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObject
param. IMPORTANT: Refresh authz only if user in session is affected.
Parameter name | Data type | Description |
---|---|---|
role | String | Role which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) |
user | int | id of User to unset role for |
complementaryObject | Object | Object to remove role for a user (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ). |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
void |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/unsetRole
Example params
{ "role" : "voadmin" , "user" : 91 , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }
Example response
null
Unset role for user and complementaryObjects. If some complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObjects
param. IMPORTANT: Refresh authz only if user in session is affected.
Parameter name | Data type | Description |
---|---|---|
role | String | Role which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) |
user | int | id of User to unset role for |
complementaryObjects | List<Object> | Objects to remove role for a user (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ). |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
void |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/unsetRole
Example params
{ "role" : "voadmin" , "user" : 52 , "complementaryObjects" : [ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ] }
Example response
null
Unset role for user. IMPORTANT: Refresh authz only if user in session is affected.
Parameter name | Data type | Description |
---|---|---|
role | String | Role which will be unset for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) |
user | int | id of user to unset role for |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
void |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/unsetRole
Example params
{ "role" : "VOADMIN" , "user" : 28 }
Example response
null
Unset role for authorizedGroup and complementaryObject. If some complementaryObject is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObject
param. IMPORTANT: Refresh authz only if user in session is affected.
Parameter name | Data type | Description |
---|---|---|
role | String | Role which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) |
authorizedGroup | int | id of Group to unset role for |
complementaryObject | Object | Object to remove role for an authorizedGroup (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ). |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
void |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/unsetRole
Example params
{ "role" : "voadmin" , "authorizedGroup" : 19 , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }
Example response
null
Unset role for authorizedGroup and complementaryObjects. If some complementaryObject is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObjects
param. IMPORTANT: Refresh authz only if user in session is affected.
Parameter name | Data type | Description |
---|---|---|
role | String | Role which will be set for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) |
authorizedGroup | int | id of Group to unset role for |
complementaryObjects | List<Object> | Objects to remove role for an authorizedGroup (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ). |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
void |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/unsetRole
Example params
{ "role" : "voadmin" , "authorizedGroup" : 95 , "complementaryObjects" : [ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ] }
Example response
null
Unset role for authorizedGroup. IMPORTANT: Refresh authz only if user in session is affected.
Parameter name | Data type | Description |
---|---|---|
role | String | Role which will be unset for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) |
authorizedGroup | int | id of Group to unset role for |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
void |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/unsetRole
Example params
{ "role" : "VOADMIN" , "authorizedGroup" : 25 }
Example response
null
Unset role for users and complementaryObject. If complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementary object. IMPORTANT: Refresh authz only if user in session is affected.
Parameter name | Data type | Description |
---|---|---|
role | String | Role which will be unset for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) |
users | int[] | ids of users for which is the role set |
complementaryObject | Object | Object to remove role for a users (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ). |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
void |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/unsetRole
Example params
{ "role" : "VOADMIN" , "users" : [ 9 , 12 ] , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }
Example response
null
Unset role for users. IMPORTANT: Refresh authz only if user in session is affected.
Parameter name | Data type | Description |
---|---|---|
role | String | Role which will be unset for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) |
users | int[] | ids of users for which is the role unset |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
void |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/unsetRole
Example params
{ "role" : "VOADMIN" , "users" : [ 42 , 1 ] }
Example response
null
Unset role for authorizedGroups and complementaryObject. If complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementary object. IMPORTANT: Refresh authz only if user in session is affected.
Parameter name | Data type | Description |
---|---|---|
role | String | Role which will be set for given groups ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) |
authorizedGroups | int[] | ids of groups for which is the role set |
complementaryObject | Object | Object to remove role for an authorizedGroups (supported objects: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ). |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
void |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/unsetRole
Example params
{ "role" : "VOADMIN" , "authorizedGroups" : [ 47 , 69 ] , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } }
Example response
null
Unset role for authorizedGroups. IMPORTANT: Refresh authz only if user in session is affected.
Parameter name | Data type | Description |
---|---|---|
role | String | Role which will be unset for given users ( FACILITYADMIN | GROUPADMIN | PERUNADMIN | RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) |
authorizedGroups | int[] | ids of groups for which is the role unset |
Thrown exception | Description |
---|---|
InternalErrorException | When unspecified error occur. See exception param message for explanation. |
PrivilegeException | When caller is not allowed to call this method. Result may vary based on caller identity and provided parameter values. |
RpcException | Wrong usage of API (wrong url, missing param etc.). See exception params message and type for explanation. |
Return type | Description |
---|---|
void |
Example URL
https://[hostname]/krb/rpc/json/authzResolver/unsetRole
Example params
{ "role" : "VOADMIN" , "authorizedGroups" : [ 39 , 71 ] }
Example response
null