RPC API documentation v34.4.0

Get all groups of managers (authorizedGroups) for complementaryObject and role. (supported object types: Group | RichGroup | Vo | Resource | Facility | SecurityTeam ).

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getAdminGroups

• see URL structure

Example params

{ "role" : "text" , "complementaryObjectId" : 68 , "complementaryObjectName" : "text" }

• see Passing params

Example response

[ { "id" : 1061 , "name" : "My group" , "shortName" : "My group" , "description" : "My testing group" , "parentGroupId" : null , "voId" : 201 , "uuid" : "31e1014b-e994-4cb2-b238-e32aeef87670" , "beanName" : "Group" } , {...} , {...} ]

• see Return values
• see HTTP return codes

Get all valid user administrators (for group-based rights, status must be VALID for both Vo and group) for

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getAdmins

• see URL structure

Example params

{ "role" : "text" , "complementaryObjectId" : 36 , "complementaryObjectName" : "text" , "onlyDirectAdmins" : true }

• see Passing params

Example response

[ { "firstName" : "Some" , "lastName" : "Body" , "middleName" : null , "titleBefore" : "Mgr." , "titleAfter" : null , "serviceUser" : false , "sponsoredUser" : false , "specificUser" : false , "majorSpecificType" : "NORMAL" , "id" : 34 , "uuid" : "5e5a02dd-f991-4706-a428-69c3ea6c5ce8" , "beanName" : "User" } , {...} , {...} ]

• see Return values
• see HTTP return codes

Return all loaded perun policies.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getAllPolicies

• see URL structure

Example response

{ ... TODO ... }

• see Return values
• see HTTP return codes

Return all loaded roles management rules.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getAllRolesManagementRules

• see URL structure

Example response

{ ... TODO ... }

• see Return values
• see HTTP return codes

Get all Facilities where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getFacilitiesWhereUserIsInRoles

• see URL structure

Example params

{ "user" : 52 , "roles" : [ "text" , "text" ] }

• see Passing params

Example response

[ { "id" : 24 , "name" : "host.facility.cz" , "description" : "is optional" , "beanName" : "Facility" } , {...} , {...} ]

• see Return values
• see HTTP return codes

Get all Facilities where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getFacilitiesWhereUserIsInRoles

• see URL structure

Example params

{ "roles" : [ "text" , "text" ] }

• see Passing params

Example response

[ { "id" : 24 , "name" : "host.facility.cz" , "description" : "is optional" , "beanName" : "Facility" } , {...} , {...} ]

• see Return values
• see HTTP return codes

Get all Groups where the given user has set one of the given roles or the given user is a member of an authorized group with such roles. Method does not return subgroups of the fetched groups.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getGroupsWhereUserIsInRoles

• see URL structure

Example params

{ "user" : 83 , "roles" : [ "text" , "text" ] }

• see Passing params

Example response

[ { "id" : 1061 , "name" : "My group" , "shortName" : "My group" , "description" : "My testing group" , "parentGroupId" : null , "voId" : 201 , "uuid" : "31e1014b-e994-4cb2-b238-e32aeef87670" , "beanName" : "Group" } , {...} , {...} ]

• see Return values
• see HTTP return codes

Get all Groups where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles. Method does not return subgroups of the fetched groups.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getGroupsWhereUserIsInRoles

• see URL structure

Example params

{ "roles" : [ "text" , "text" ] }

• see Passing params

Example response

[ { "id" : 1061 , "name" : "My group" , "shortName" : "My group" , "description" : "My testing group" , "parentGroupId" : null , "voId" : 201 , "uuid" : "31e1014b-e994-4cb2-b238-e32aeef87670" , "beanName" : "Group" } , {...} , {...} ]

• see Return values
• see HTTP return codes

Returns User which is associated with credentials used to log-in to Perun.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getLoggedUser

• see URL structure

Example response

{ "firstName" : "Some" , "lastName" : "Body" , "middleName" : null , "titleBefore" : "Mgr." , "titleAfter" : null , "serviceUser" : false , "sponsoredUser" : false , "specificUser" : false , "majorSpecificType" : "NORMAL" , "id" : 34 , "uuid" : "5e5a02dd-f991-4706-a428-69c3ea6c5ce8" , "beanName" : "User" }

• see Return values
• see HTTP return codes

Get all Members where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getMembersWhereUserIsInRoles

• see URL structure

Example params

{ "user" : 88 , "roles" : [ "text" , "text" ] }

• see Passing params

Example response

[ { "id" : 12 , "userId" : 34 , "voId" : 42 , "sourceGroupId" : null , "membershipType" : "DIRECT" , "status" : "VALID" , "sponsored" : false , "beanName" : "Member" } , {...} , {...} ]

• see Return values
• see HTTP return codes

Get all Members where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getMembersWhereUserIsInRoles

• see URL structure

Example params

{ "roles" : [ "text" , "text" ] }

• see Passing params

Example response

[ { "id" : 12 , "userId" : 34 , "voId" : 42 , "sourceGroupId" : null , "membershipType" : "DIRECT" , "status" : "VALID" , "sponsored" : false , "beanName" : "Member" } , {...} , {...} ]

• see Return values
• see HTTP return codes

Returns PerunPrincipal object associated with current session. It contains necessary information, including user identification, authorization and metadata. Each call of this method refresh the session including authorization data.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getPerunPrincipal

• see URL structure

Example response

{ ... TODO ... }

• see Return values
• see HTTP return codes

Returns list of caller's role names. Perun system uses role names in the upper case format. However, for now, they are converted to the lower case format because of the compatibility with external systems.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getPrincipalRoleNames

• see URL structure

Example response

[ "groupadmin" , "self" , "voadmin" ]

• see Return values
• see HTTP return codes

Get all Resources where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getResourcesWhereUserIsInRoles

• see URL structure

Example params

{ "user" : 22 , "roles" : [ "text" , "text" ] }

• see Passing params

Example response

[ { "id" : 493 , "name" : "host1.host.cz" , "description" : "ROOT access to host1.host.cz" , "facilityId" : 24 , "voId" : 21 , "uuid" : "542d676f-99b2-4d1c-bc80-a46fd7f34e62" , "beanName" : "Resource" } , {...} , {...} ]

• see Return values
• see HTTP return codes

Get all Resources where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getResourcesWhereUserIsInRoles

• see URL structure

Example params

{ "roles" : [ "text" , "text" ] }

• see Passing params

Example response

[ { "id" : 493 , "name" : "host1.host.cz" , "description" : "ROOT access to host1.host.cz" , "facilityId" : 24 , "voId" : 21 , "uuid" : "542d676f-99b2-4d1c-bc80-a46fd7f34e62" , "beanName" : "Resource" } , {...} , {...} ]

• see Return values
• see HTTP return codes

Get all SecurityTeams where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getSecurityTeamsWhereUserIsInRoles

• see URL structure

Example params

{ "user" : 21 , "roles" : [ "text" , "text" ] }

• see Passing params

Example response

[ { "id" : 924 , "name" : "CSIRT" , "description" : "My CSIRT" } , {...} , {...} ]

• see Return values
• see HTTP return codes

Get all SecurityTeams where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getSecurityTeamsWhereUserIsInRoles

• see URL structure

Example params

{ "roles" : [ "text" , "text" ] }

• see Passing params

Example response

[ { "id" : 924 , "name" : "CSIRT" , "description" : "My CSIRT" } , {...} , {...} ]

• see Return values
• see HTTP return codes

Get all Vos where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getVosWhereUserIsInRoles

• see URL structure

Example params

{ "user" : 64 , "roles" : [ "text" , "text" ] }

• see Passing params

Example response

[ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ]

• see Return values
• see HTTP return codes

Get all Vos where the given principal has set one of the given roles or the given principal is a member of an authorized group with such roles.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/getVosWhereUserIsInRoles

• see URL structure

Example params

{ "roles" : [ "text" , "text" ] }

• see Passing params

Example response

[ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" : "Vo" } , {...} , {...} ]

• see Return values
• see HTTP return codes

Returns 1 if User has Facility manager role (FACILITYADMIN) for specific Facility defined by ID.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isFacilityAdmin

• see URL structure

Example params

{ "facility" : 38 }

• see Passing params

Example response

1

• see Return values
• see HTTP return codes

Returns 1 if User has Facility manager role (FACILITYADMIN).

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isFacilityAdmin

• see URL structure

Example response

1

• see Return values
• see HTTP return codes

Returns 1 if User has Group manager role (GROUPADMIN) for specific Group defined by ID.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isGroupAdmin

• see URL structure

Example params

{ "group" : 6 }

• see Passing params

Example response

1

• see Return values
• see HTTP return codes

Returns 1 if User has Group manager role (GROUPADMIN).

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isGroupAdmin

• see URL structure

Example response

1

• see Return values
• see HTTP return codes

Returns 1 if User has Perun admin role (perunadmin).

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isPerunAdmin

• see URL structure

Example response

1

• see Return values
• see HTTP return codes

Returns 1 if User has VO manager role (VOADMIN) for specific VO defined by ID.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isVoAdmin

• see URL structure

Example params

{ "vo" : 45 }

• see Passing params

Example response

1

• see Return values
• see HTTP return codes

Returns 1 if User has VO manager role (VOADMIN).

Example URL

https://[hostname]/krb/rpc/json/authzResolver/isVoAdmin

• see URL structure

Example response

1

• see Return values
• see HTTP return codes

Returns "OK" string. Helper method for GUI check if connection is alive.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/keepAlive

• see URL structure

Example response

"OK"

• see Return values
• see HTTP return codes

Load perun roles and policies from the configuration file perun-roles.yml. Roles are loaded to the database and policies are loaded to the PerunPoliciesContainer.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/loadAuthorizationComponents

• see URL structure

Example response

null

• see Return values
• see HTTP return codes

Refreshes MFA-related data for principal.

Example URL

https://[hostname]/krb/rpc/json/authzResolver/refreshMfa

• see URL structure

Example response

null

• see Return values
• see HTTP return codes

Set role for user and complementaryObject. If some complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObject param. IMPORTANT: Refresh authz only if user in session is affected. RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) Vo | Resource | Facility | SecurityTeam ). : "Vo" }

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

• see URL structure

Example params

{ "role" : "VOADMIN" , "user" : 2 , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" }

• see Passing params

Example response

null

• see Return values
• see HTTP return codes

Set role for user and complementaryObjects. If some complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObjects param. IMPORTANT: Refresh authz only if user in session is affected. RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) RichGroup | Vo | Resource | Facility | SecurityTeam ). "beanName" : "Vo" } , {...} , {...} ]

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

• see URL structure

Example params

{ "role" : "VOADMIN" , "user" : 11 , "complementaryObjects" : [ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , }

• see Passing params

Example response

null

• see Return values
• see HTTP return codes

Set role for user. IMPORTANT: Refresh authz only if user in session is affected. RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

• see URL structure

Example params

{ "role" : "VOADMIN" , "user" : 99 }

• see Passing params

Example response

null

• see Return values
• see HTTP return codes

Set role for authorizedGroup and complementaryObject. If some complementaryObject is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObject param. IMPORTANT: Refresh authz only if user in session is affected. RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) RichGroup | Vo | Resource | Facility | SecurityTeam ). : "Vo" }

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

• see URL structure

Example params

{ "role" : "VOADMIN" , "authorizedGroup" : 29 , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" }

• see Passing params

Example response

null

• see Return values
• see HTTP return codes

Set role for authorizedGroup and complementaryObjects. If some complementaryObject is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObjects param. IMPORTANT: Refresh authz only if user in session is affected. RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) Group | RichGroup | Vo | Resource | Facility | SecurityTeam ). "beanName" : "Vo" } , {...} , {...} ]

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

• see URL structure

Example params

{ "role" : "VOADMIN" , "authorizedGroup" : 47 , "complementaryObjects" : [ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , }

• see Passing params

Example response

null

• see Return values
• see HTTP return codes

Set role for authorizedGroup. IMPORTANT: Refresh authz only if user in session is affected. RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

• see URL structure

Example params

{ "role" : "VOADMIN" , "authorizedGroup" : 31 }

• see Passing params

Example response

null

• see Return values
• see HTTP return codes

Set role for users and complementaryObject. If complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementary object. IMPORTANT: Refresh authz only if user in session is affected. RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) | Vo | Resource | Facility | SecurityTeam ). : "Vo" }

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

• see URL structure

Example params

{ "role" : "VOADMIN" , "users" : [ 55 , 20 ] , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" }

• see Passing params

Example response

null

• see Return values
• see HTTP return codes

Set role for users. IMPORTANT: Refresh authz only if user in session is affected. RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

• see URL structure

Example params

{ "role" : "VOADMIN" , "users" : [ 64 , 3 ] }

• see Passing params

Example response

null

• see Return values
• see HTTP return codes

Set role for authorizedGroups and complementaryObject. If complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementary object. IMPORTANT: Refresh authz only if user in session is affected. RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) RichGroup | Vo | Resource | Facility | SecurityTeam ). : "Vo" }

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

• see URL structure

Example params

{ "role" : "VOADMIN" , "authorizedGroups" : [ 12 , 13 ] , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" }

• see Passing params

Example response

null

• see Return values
• see HTTP return codes

Set role for authorizedGroups. IMPORTANT: Refresh authz only if user in session is affected. RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )

Example URL

https://[hostname]/krb/rpc/json/authzResolver/setRole

• see URL structure

Example params

{ "role" : "VOADMIN" , "authorizedGroups" : [ 31 , 75 ] }

• see Passing params

Example response

null

• see Return values
• see HTTP return codes

Check if some valid user with specific role exists for given complementary object (for group-based rights, status must be VALID for both Vo and group).

Example URL

https://[hostname]/krb/rpc/json/authzResolver/someAdminExists

• see URL structure

Example params

{ "role" : "text" , "complementaryObjectId" : 92 , "complementaryObjectName" : "text" , "onlyDirectAdmins" : true }

• see Passing params

Example response

{ ... TODO ... }

• see Return values
• see HTTP return codes

Unset role for user and complementaryObject. If some complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObject param. IMPORTANT: Refresh authz only if user in session is affected. RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) Resource | Facility | SecurityTeam ). : "Vo" }

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

• see URL structure

Example params

{ "role" : "voadmin" , "user" : 73 , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" }

• see Passing params

Example response

null

• see Return values
• see HTTP return codes

Unset role for user and complementaryObjects. If some complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObjects param. IMPORTANT: Refresh authz only if user in session is affected. RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) | Vo | Resource | Facility | SecurityTeam ). "beanName" : "Vo" } , {...} , {...} ]

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

• see URL structure

Example params

{ "role" : "voadmin" , "user" : 68 , "complementaryObjects" : [ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , }

• see Passing params

Example response

null

• see Return values
• see HTTP return codes

Unset role for user. IMPORTANT: Refresh authz only if user in session is affected. RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

• see URL structure

Example params

{ "role" : "VOADMIN" , "user" : 69 }

• see Passing params

Example response

null

• see Return values
• see HTTP return codes

Unset role for authorizedGroup and complementaryObject. If some complementaryObject is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObject param. IMPORTANT: Refresh authz only if user in session is affected. RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) RichGroup | Vo | Resource | Facility | SecurityTeam ). : "Vo" }

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

• see URL structure

Example params

{ "role" : "voadmin" , "authorizedGroup" : 54 , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" }

• see Passing params

Example response

null

• see Return values
• see HTTP return codes

Unset role for authorizedGroup and complementaryObjects. If some complementaryObject is wrong for the role, throw an exception. For role "perunadmin" ignore complementaryObjects param. IMPORTANT: Refresh authz only if user in session is affected. RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) | RichGroup | Vo | Resource | Facility | SecurityTeam ). "beanName" : "Vo" } , {...} , {...} ]

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

• see URL structure

Example params

{ "role" : "voadmin" , "authorizedGroup" : 64 , "complementaryObjects" : [ { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , }

• see Passing params

Example response

null

• see Return values
• see HTTP return codes

Unset role for authorizedGroup. IMPORTANT: Refresh authz only if user in session is affected. RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

• see URL structure

Example params

{ "role" : "VOADMIN" , "authorizedGroup" : 86 }

• see Passing params

Example response

null

• see Return values
• see HTTP return codes

Unset role for users and complementaryObject. If complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementary object. IMPORTANT: Refresh authz only if user in session is affected. RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) Resource | Facility | SecurityTeam ). : "Vo" }

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

• see URL structure

Example params

{ "role" : "VOADMIN" , "users" : [ 75 , 39 ] , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" }

• see Passing params

Example response

null

• see Return values
• see HTTP return codes

Unset role for users. IMPORTANT: Refresh authz only if user in session is affected. RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

• see URL structure

Example params

{ "role" : "VOADMIN" , "users" : [ 40 , 17 ] }

• see Passing params

Example response

null

• see Return values
• see HTTP return codes

Unset role for authorizedGroups and complementaryObject. If complementary object is wrong for the role, throw an exception. For role "perunadmin" ignore complementary object. IMPORTANT: Refresh authz only if user in session is affected. RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN ) RichGroup | Vo | Resource | Facility | SecurityTeam ). : "Vo" }

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

• see URL structure

Example params

{ "role" : "VOADMIN" , "authorizedGroups" : [ 88 , 46 ] , "complementaryObject" : { "id" : 123 , "name" : "My testing VO" , "shortName" : "test_vo" , "beanName" }

• see Passing params

Example response

null

• see Return values
• see HTTP return codes

Unset role for authorizedGroups. IMPORTANT: Refresh authz only if user in session is affected. RESOURCEADMIN | RESOURCESELFSERVICE | SPONSOR | TOPGROUPCREATOR | VOADMIN | VOOBSERVER | PERUNOBSERVER | SECURITYADMIN | CABINETADMIN | AUDITCONSUMERADMIN )

Example URL

https://[hostname]/krb/rpc/json/authzResolver/unsetRole

• see URL structure

Example params

{ "role" : "VOADMIN" , "authorizedGroups" : [ 81 , 16 ] }

• see Passing params

Example response

null

• see Return values
• see HTTP return codes