Authorization

List all roles

SecurityApiKeyAuth
Request
query Parameters
limit
integer [ 1 .. 1000 ]
Default: 100

Maximum number of objects to return per query. The value must be between 1 and 1000. Default is 100.

Example: limit=50
cursor
string [ 1 .. 4096 ] characters

Cursor to fetch the next or previous page of results. The value of this property must be extracted from the 'prev_cursor' or 'next_cursor' property of a PaginatedResponseMetadata which is contained in the response of list and search API endpoints.

sort
string or null

The field to sort results by. A property name with a prepended '-' signifies descending order.

Enum: "id" "-id" "name" "-name" "description" "-description"
Example: sort=id
Responses
200

OK

get/roles
Response samples
application/json
{
  • "items": [
    ],
  • "response_metadata": {
    }
}

Create custom role

SecurityApiKeyAuth
Request
Request Body schema: application/json
name
required
string

The Role name.

description
string

Role description.

required
Array of objects (PermissionObject) [ 1 .. 1000 ] items unique

The list of permissions granted by this role.

immutable
boolean
Default: false

If set to true, adding or removing permission is not allowed.

Array of objects (Tag)
Responses
200

Returns the newly created role.

post/roles
Request samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "permission_objects": [
    ],
  • "immutable": false,
  • "tags": [
    ]
}
Response samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "permission_objects": [
    ],
  • "immutable": false,
  • "tags": [
    ],
  • "id": "string",
  • "system_role": true
}

Returns role by ID.

SecurityApiKeyAuth
Request
path Parameters
roleId
required
string non-empty

The ID of the role.

Responses
200

OK

get/roles/{roleId}
Response samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "permission_objects": [
    ],
  • "immutable": false,
  • "tags": [
    ],
  • "id": "string",
  • "system_role": true
}

Delete role by ID.

SecurityApiKeyAuth
Request
path Parameters
roleId
required
string non-empty

The ID of the role.

Responses
204

No Content

delete/roles/{roleId}

Update a Role.

SecurityApiKeyAuth
Request
path Parameters
roleId
required
string non-empty

The ID of the role.

Request Body schema: application/json
name
string [ 1 .. 256 ] characters

The role name

description
string [ 1 .. 512 ] characters

The role description

Responses
200

OK

patch/roles/{roleId}
Request samples
application/json
{
  • "name": "string",
  • "description": "string"
}
Response samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "permission_objects": [
    ],
  • "immutable": false,
  • "tags": [
    ],
  • "id": "string",
  • "system_role": true
}

Search for roles.

SecurityApiKeyAuth
Request
query Parameters
limit
integer [ 1 .. 1000 ]
Default: 100

Maximum number of objects to return per query. The value must be between 1 and 1000. Default is 100.

Example: limit=50
cursor
string [ 1 .. 4096 ] characters

Cursor to fetch the next or previous page of results. The value of this property must be extracted from the 'prev_cursor' or 'next_cursor' property of a PaginatedResponseMetadata which is contained in the response of list and search API endpoints.

sort
string or null

The field to sort results by. A property name with a prepended '-' signifies descending order.

Enum: "id" "-id" "name" "-name" "description" "-description"
Example: sort=id
Request Body schema: application/json

A request body containing a filter expression. This enables searching for items matching arbitrarily complex conditions. The list of attributes which can be used in filter expressions is available in the x-filterable vendor extension.

Filter Expression Overview

Note: All keywords are case-insensitive

Comparison Operators

Operator Description Example
CONTAINS Substring or membership testing for string and list attributes respectively. field3 CONTAINS 'foobar', field4 CONTAINS TRUE
IN Tests if field is a member of a list literal. List can contain a maximum of 100 values field2 IN ['Goku', 'Vegeta']
GE Tests if a field is greater than or equal to a literal value field1 GE 1.2e-2
GT Tests if a field is greater than a literal value field1 GT 1.2e-2
LE Tests if a field is less than or equal to a literal value field1 LE 9000
LT Tests if a field is less than a literal value field1 LT 9.02
NE Tests if a field is not equal to a literal value field1 NE 42
EQ Tests if a field is equal to a literal value field1 EQ 42

Search Operator

The SEARCH operator filters for items which have any filterable attribute that contains the input string as a substring, comparison is done case-insensitively. This is not restricted to attributes with string values. Specifically SEARCH '12' would match an item with an attribute with an integer value of 123.

Logical Operators

Ordered by precedence.

Operator Description Example
NOT Logical NOT (Right associative) NOT field1 LE 9000
AND Logical AND (Left Associative) field1 GT 9000 AND field2 EQ 'Goku'
OR Logical OR (Left Associative) field1 GT 9000 OR field2 EQ 'Goku'

Grouping

Parenthesis () can be used to override operator precedence.

For example: NOT (field1 LT 1234 AND field2 CONTAINS 'foo')

Literal Values

Literal Description Examples
Nil Represents the absence of a value nil, Nil, nIl, NIL
Boolean true/false boolean true, false, True, False, TRUE, FALSE
Number Signed integer and floating point numbers. Also supports scientific notation. 0, 1, -1, 1.2, 0.35, 1.2e-2, -1.2e+2
String Single or double quoted "foo", "bar", "foo bar", 'foo', 'bar', 'foo bar'
Datetime Formatted according to RFC3339 2018-04-27T18:39:26.397237+00:00
List Comma-separated literals wrapped in square brackets [0], [0, 1], ['foo', "bar"]

Limitations

  • A maximum of 8 unique identifiers may be used inside a filter expression.
filter_expression
string [ 5 .. 2000 ] characters
Responses
200

OK

post/roles/search
Request samples
application/json

An example of a nested Object comparison testing that at least one repository has a version which is equal to 19.0.0.

{
  • "filter_expression": "repositories CONTAINS {version eq '19.0.0'}"
}
Response samples
application/json
{
  • "items": [
    ],
  • "response_metadata": {
    }
}

Add permissions to a role.

SecurityApiKeyAuth
Request
path Parameters
roleId
required
string non-empty

The ID of the role.

Request Body schema: application/json
required

Permissions to add to the role.

required
Array of objects (PermissionObject) [ 1 .. 1000 ] items unique

Array of permissions with object type and their permission.

Responses
200

The updated role.

post/roles/{roleId}/permissions
Request samples
application/json
{
  • "permission_objects": [
    ]
}
Response samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "permission_objects": [
    ],
  • "immutable": false,
  • "tags": [
    ],
  • "id": "string",
  • "system_role": true
}

Remove permissions from a role.

SecurityApiKeyAuth
Request
path Parameters
roleId
required
string non-empty

The ID of the role.

Request Body schema: application/json
required

Permissions to remove from the role.

required
Array of objects (PermissionObject) [ 1 .. 1000 ] items unique

Array of permissions with object type and their permission.

Responses
200

The updated role.

post/roles/{roleId}/permissions/delete
Request samples
application/json
{
  • "permission_objects": [
    ]
}
Response samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "permission_objects": [
    ],
  • "immutable": false,
  • "tags": [
    ],
  • "id": "string",
  • "system_role": true
}

Get tags for a Role.

SecurityApiKeyAuth
Request
path Parameters
roleId
required
string non-empty

The ID of the role.

Responses
200

Ok

get/roles/{roleId}/tags
Response samples
application/json
{
  • "tags": [
    ]
}

Create tags for a role.

SecurityApiKeyAuth
Request
path Parameters
roleId
required
string non-empty

The ID of the role.

Request Body schema: application/json
required

Tags information for Roles.

required
Array of objects (Tag) [ 1 .. 1000 ] items unique

Array of tags with key value pairs

Responses
201

Created

post/roles/{roleId}/tags
Request samples
application/json
{
  • "tags": [
    ]
}
Response samples
application/json
{
  • "tags": [
    ]
}

Delete tags for a Role.

SecurityApiKeyAuth
Request
path Parameters
roleId
required
string non-empty

The ID of the role.

Request Body schema: application/json

The parameters to delete tags

key
string [ 1 .. 4000 ] characters

Key of the tag

value
string [ 1 .. 4000 ] characters

Value of the tag

Array of objects (Tag) [ 1 .. 1000 ] items unique

List of tags to be deleted

Responses
204

No Content

post/roles/{roleId}/tags/delete
Request samples
application/json

Delete all tags for given object - No request body required

{ }

Returns permissions for given object.

SecurityApiKeyAuth
Request
path Parameters
objectType
required
string

The type of the DCT object.

Enum: "ALGORITHM" "ACCESS_GROUP" "ACCOUNT" "AUDIT_LOGS_SUMMARY_REPORT" "ROLE" "API_USAGE_REPORT" "BOOKMARK" "CDB" "CLASSIFIER" "DATA_CLASS" "DATABASE_TEMPLATE" "DISCOVERY_EXPRESSION" "DISCOVERY_POLICY" "DSOURCE" "ENGINE" "ENVIRONMENT" "MASKING_JOB" "MASKING_ENVIRONMENT" "MASKING_FILE_UPLOAD" "MASKING_JOB_SET" "REPORT_SCHEDULE" "RULE_SET" "SOURCE" "VAULT" "VCDB" "VDB" "VDB_GROUP" "CONNECTOR" "CONNECTIVITY_CHECK" "DSOURCE_USAGE_REPORT" "DSOURCE_CONSUMPTION_REPORT" "JOB" "PRODUCT_INFO" "SMTP_CONFIG" "MASKING_EXECUTION_METRICS_REPORT" "STORAGE_SUMMARY_REPORT" "STORAGE_SAVINGS_SUMMARY_REPORT" "VDB_INVENTORY_REPORT" "LDAP" "SAML" "PASSWORD_POLICY" "GLOBAL_PROPERTIES" "SYSTEM" "API_CLASSIFICATION" "VIRTUALIZATION_POLICY" "HYPERSCALE_INSTANCE" "HYPERSCALE_CONNECTOR" "HYPERSCALE_DATASET" "MASKING_PLUGIN" "REPLICATION_PROFILE" "NAMESPACE" "ENGINE_PERFORMANCE_ANALYTIC_REPORT" "DATA_RISK_REPORT" "ENGINE_GLOBAL_OBJECT_STATE_REPORT"
objectId
required
string non-empty

The ID of the DCT Object.

Responses
200

OK

get/auth/permissions/objects/{objectType}/{objectId}
Response samples
application/json
{
  • "accounts": [
    ]
}

Returns all of the possible permissions for all of the objects.

SecurityApiKeyAuth
Responses
200

OK

get/auth/object-permissions
Response samples
application/json
{
  • "object_permissions": [
    ]
}

List all access groups.

SecurityApiKeyAuth
Request
query Parameters
limit
integer [ 1 .. 1000 ]
Default: 100

Maximum number of objects to return per query. The value must be between 1 and 1000. Default is 100.

Example: limit=50
cursor
string [ 1 .. 4096 ] characters

Cursor to fetch the next or previous page of results. The value of this property must be extracted from the 'prev_cursor' or 'next_cursor' property of a PaginatedResponseMetadata which is contained in the response of list and search API endpoints.

sort
string or null

The field to sort results by. A property name with a prepended '-' signifies descending order.

Enum: "id" "-id" "name" "-name"
Example: sort=id
Responses
200

OK

get/access-groups
Response samples
application/json
{
  • "items": [
    ],
  • "response_metadata": {
    }
}

Create a new access group.

SecurityApiKeyAuth
Request
Request Body schema: application/json
required
name
required
string [ 1 .. 256 ] characters

The Access group name

single_account
boolean

Indicates that this Access group defines the permissions of a single account, and thus account and account tags cannot be modified. Instead create a new Access group to manage permissions of multiple accounts.

account_ids
Array of integers <int64>

List of accounts ids included individually (as opposed to added by tags) in the Access group.

Array of objects (Tag)

List of account tags. Accounts matching any of these tags will be automatically added to the Access group.

Array of objects (AccessGroupScope)

The Access group scopes.

Responses
201

Returns the newly created access group.

post/access-groups
Request samples
application/json
{
  • "name": "string",
  • "single_account": true,
  • "account_ids": [
    ],
  • "account_tags": [
    ],
  • "scopes": [
    ]
}
Response samples
application/json
{
  • "id": "string",
  • "name": "string",
  • "single_account": true,
  • "account_ids": [
    ],
  • "tagged_account_ids": [
    ],
  • "account_tags": [
    ],
  • "scopes": [
    ]
}

Search for access groups.

SecurityApiKeyAuth
Request
query Parameters
limit
integer [ 1 .. 1000 ]
Default: 100

Maximum number of objects to return per query. The value must be between 1 and 1000. Default is 100.

Example: limit=50
cursor
string [ 1 .. 4096 ] characters

Cursor to fetch the next or previous page of results. The value of this property must be extracted from the 'prev_cursor' or 'next_cursor' property of a PaginatedResponseMetadata which is contained in the response of list and search API endpoints.

sort
string or null

The field to sort results by. A property name with a prepended '-' signifies descending order.

Enum: "id" "-id" "name" "-name"
Example: sort=id
Request Body schema: application/json

A request body containing a filter expression. This enables searching for items matching arbitrarily complex conditions. The list of attributes which can be used in filter expressions is available in the x-filterable vendor extension.

Filter Expression Overview

Note: All keywords are case-insensitive

Comparison Operators

Operator Description Example
CONTAINS Substring or membership testing for string and list attributes respectively. field3 CONTAINS 'foobar', field4 CONTAINS TRUE
IN Tests if field is a member of a list literal. List can contain a maximum of 100 values field2 IN ['Goku', 'Vegeta']
GE Tests if a field is greater than or equal to a literal value field1 GE 1.2e-2
GT Tests if a field is greater than a literal value field1 GT 1.2e-2
LE Tests if a field is less than or equal to a literal value field1 LE 9000
LT Tests if a field is less than a literal value field1 LT 9.02
NE Tests if a field is not equal to a literal value field1 NE 42
EQ Tests if a field is equal to a literal value field1 EQ 42

Search Operator

The SEARCH operator filters for items which have any filterable attribute that contains the input string as a substring, comparison is done case-insensitively. This is not restricted to attributes with string values. Specifically SEARCH '12' would match an item with an attribute with an integer value of 123.

Logical Operators

Ordered by precedence.

Operator Description Example
NOT Logical NOT (Right associative) NOT field1 LE 9000
AND Logical AND (Left Associative) field1 GT 9000 AND field2 EQ 'Goku'
OR Logical OR (Left Associative) field1 GT 9000 OR field2 EQ 'Goku'

Grouping

Parenthesis () can be used to override operator precedence.

For example: NOT (field1 LT 1234 AND field2 CONTAINS 'foo')

Literal Values

Literal Description Examples
Nil Represents the absence of a value nil, Nil, nIl, NIL
Boolean true/false boolean true, false, True, False, TRUE, FALSE
Number Signed integer and floating point numbers. Also supports scientific notation. 0, 1, -1, 1.2, 0.35, 1.2e-2, -1.2e+2
String Single or double quoted "foo", "bar", "foo bar", 'foo', 'bar', 'foo bar'
Datetime Formatted according to RFC3339 2018-04-27T18:39:26.397237+00:00
List Comma-separated literals wrapped in square brackets [0], [0, 1], ['foo', "bar"]

Limitations

  • A maximum of 8 unique identifiers may be used inside a filter expression.
filter_expression
string [ 5 .. 2000 ] characters
Responses
200

OK

post/access-groups/search
Request samples
application/json

An example of a nested Object comparison testing that at least one repository has a version which is equal to 19.0.0.

{
  • "filter_expression": "repositories CONTAINS {version eq '19.0.0'}"
}
Response samples
application/json
{
  • "items": [
    ],
  • "response_metadata": {
    }
}

Returns an Access group by ID.

SecurityApiKeyAuth
Request
path Parameters
accessGroupId
required
string non-empty

The ID of the Access group.

Responses
200

OK

get/access-groups/{accessGroupId}
Response samples
application/json
{
  • "id": "string",
  • "name": "string",
  • "single_account": true,
  • "account_ids": [
    ],
  • "tagged_account_ids": [
    ],
  • "account_tags": [
    ],
  • "scopes": [
    ]
}

Delete an Access group.

SecurityApiKeyAuth
Request
path Parameters
accessGroupId
required
string non-empty

The ID of the Access group.

Responses
204

No Content

delete/access-groups/{accessGroupId}

Update an Access group.

SecurityApiKeyAuth
Request
path Parameters
accessGroupId
required
string non-empty

The ID of the Access group.

Request Body schema: application/json
name
string [ 1 .. 256 ] characters

The Access group name

Responses
200

OK

patch/access-groups/{accessGroupId}
Request samples
application/json
{
  • "name": "string"
}
Response samples
application/json
{
  • "id": "string",
  • "name": "string",
  • "single_account": true,
  • "account_ids": [
    ],
  • "tagged_account_ids": [
    ],
  • "account_tags": [
    ],
  • "scopes": [
    ]
}

Add account tags to an Access group

SecurityApiKeyAuth
Request
path Parameters
accessGroupId
required
string non-empty

The ID of the Access group.

Request Body schema: application/json
required

Account Tags to add to the Access group.

required
Array of objects (Tag) [ 1 .. 1000 ] items unique

Array of tags with key value pairs

Responses
200

The updated Access group.

post/access-groups/{accessGroupId}/tags
Request samples
application/json
{
  • "tags": [
    ]
}
Response samples
application/json
{
  • "id": "string",
  • "name": "string",
  • "single_account": true,
  • "account_ids": [
    ],
  • "tagged_account_ids": [
    ],
  • "account_tags": [
    ],
  • "scopes": [
    ]
}

Remove account tags from an access group.

SecurityApiKeyAuth
Request
path Parameters
accessGroupId
required
string non-empty

The ID of the Access group.

Request Body schema: application/json

The parameters to delete tags

key
string [ 1 .. 4000 ] characters

Key of the tag

value
string [ 1 .. 4000 ] characters

Value of the tag

Array of objects (Tag) [ 1 .. 1000 ] items unique

List of tags to be deleted

Responses
200

The updated Access group.

post/access-groups/{accessGroupId}/tags/delete
Request samples
application/json

Delete all tags for given object - No request body required

{ }
Response samples
application/json
{
  • "id": "string",
  • "name": "string",
  • "single_account": true,
  • "account_ids": [
    ],
  • "tagged_account_ids": [
    ],
  • "account_tags": [
    ],
  • "scopes": [
    ]
}

Add account ids to an Access group

SecurityApiKeyAuth
Request
path Parameters
accessGroupId
required
string non-empty

The ID of the Access group.

Request Body schema: application/json
required

Account ids to add to the Access group.

account_ids
required
Array of integers <int64> [ 1 .. 1000 ] items unique
Responses
200

The updated Access group.

post/access-groups/{accessGroupId}/account-ids
Request samples
application/json
{
  • "account_ids": [
    ]
}
Response samples
application/json
{
  • "id": "string",
  • "name": "string",
  • "single_account": true,
  • "account_ids": [
    ],
  • "tagged_account_ids": [
    ],
  • "account_tags": [
    ],
  • "scopes": [
    ]
}

Remove the account from the access group.

SecurityApiKeyAuth
Request
path Parameters
accessGroupId
required
string non-empty

The ID of the Access group.

accountId
required
integer <int64>

The ID of the account.

Responses
200

The updated Access group.

delete/access-groups/{accessGroupId}/account-ids/{accountId}
Response samples
application/json
{
  • "id": "string",
  • "name": "string",
  • "single_account": true,
  • "account_ids": [
    ],
  • "tagged_account_ids": [
    ],
  • "account_tags": [
    ],
  • "scopes": [
    ]
}

Add scopes to an Access group

SecurityApiKeyAuth
Request
path Parameters
accessGroupId
required
string non-empty

The ID of the Access group.

Request Body schema: application/json
required

Scopes to add to the Access group.

required
Array of objects (AccessGroupScope) [ 1 .. 1000 ] items
Responses
200

The updated Access group.

post/access-groups/{accessGroupId}/scopes
Request samples
application/json
{
  • "scopes": [
    ]
}
Response samples
application/json
{
  • "id": "string",
  • "name": "string",
  • "single_account": true,
  • "account_ids": [
    ],
  • "tagged_account_ids": [
    ],
  • "account_tags": [
    ],
  • "scopes": [
    ]
}

Get access group scope.

SecurityApiKeyAuth
Request
path Parameters
accessGroupId
required
string non-empty

The ID of the Access group.

scopeId
required
string non-empty

The ID of the Access group scope.

Responses
200

The access group scope.

get/access-groups/{accessGroupId}/scopes/{scopeId}
Response samples
application/json
{
  • "id": "string",
  • "name": "string",
  • "role_id": "string",
  • "scope_type": "SCOPED",
  • "object_tags": [
    ],
  • "objects": [
    ],
  • "always_allowed_permissions": [
    ]
}

Remove the scope from the Access group.

SecurityApiKeyAuth
Request
path Parameters
accessGroupId
required
string non-empty

The ID of the Access group.

scopeId
required
string non-empty

The ID of the Access group scope.

Responses
200

The updated Access group.

delete/access-groups/{accessGroupId}/scopes/{scopeId}
Response samples
application/json
{
  • "id": "string",
  • "name": "string",
  • "single_account": true,
  • "account_ids": [
    ],
  • "tagged_account_ids": [
    ],
  • "account_tags": [
    ],
  • "scopes": [
    ]
}

Update access group scope.

SecurityApiKeyAuth
Request
path Parameters
accessGroupId
required
string non-empty

The ID of the Access group.

scopeId
required
string non-empty

The ID of the Access group scope.

Request Body schema: application/json
required

Access group scope to update.

name
string [ 1 .. 256 ] characters

The Access group scope name.

scope_type
string

Specifies the type of the scope. Scope of type SIMPLE would grant access to all DCT objects. Scope of type SCOPED would grant access to all objects based on objects and object-tags and permissions defined in linked role. Scope of type ADVANCED would grant access to DCT objects based on objects and object-tags and the individual permissions.

Enum: "SIMPLE" "SCOPED" "ADVANCED"
Responses
200

The updated access group scope.

patch/access-groups/{accessGroupId}/scopes/{scopeId}
Request samples
application/json
{
  • "name": "string",
  • "scope_type": "SCOPED"
}
Response samples
application/json
{
  • "id": "string",
  • "name": "string",
  • "role_id": "string",
  • "scope_type": "SCOPED",
  • "object_tags": [
    ],
  • "objects": [
    ],
  • "always_allowed_permissions": [
    ]
}

Add object tags to the access group scope.

SecurityApiKeyAuth
Request
path Parameters
accessGroupId
required
string non-empty

The ID of the Access group.

scopeId
required
string non-empty

The ID of the Access group scope.

Request Body schema: application/json
required

Object tags for the access group scope.

required
Array of objects (ScopeTag) [ 1 .. 1000 ] items unique

Array of tags with key value pairs along with optional object_type and permissions

Responses
201

Created

post/access-groups/{accessGroupId}/scopes/{scopeId}/object-tags
Request samples
application/json
{
  • "tags": [
    ]
}
Response samples
application/json
{
  • "tags": [
    ]
}

Remove tags from the access group scope.

SecurityApiKeyAuth
Request
path Parameters
accessGroupId
required
string non-empty

The ID of the Access group.

scopeId
required
string non-empty

The ID of the Access group scope.

Request Body schema: application/json

The parameters to delete scope objects tags

Array of objects (ScopeTag) [ 1 .. 1000 ] items unique

List of scope tags to be deleted

Responses
201

Created

post/access-groups/{accessGroupId}/scopes/{scopeId}/object-tags/delete
Request samples
application/json

Delete all object tags for given scope - No request body required

{ }
Response samples
application/json
{
  • "tags": [
    ]
}

Add objects to the access group scope.

SecurityApiKeyAuth
Request
path Parameters
accessGroupId
required
string non-empty

The ID of the Access group.

scopeId
required
string non-empty

The ID of the Access group scope.

Request Body schema: application/json
required

Add objects to the access group scope.

required
Array of objects (ScopedObjectItem) [ 1 .. 1000 ] items unique

An array of scoped objects

Responses
201

Created

post/access-groups/{accessGroupId}/scopes/{scopeId}/objects
Request samples
application/json
{
  • "objects": [
    ]
}
Response samples
application/json
{
  • "objects": [
    ]
}

Remove objects from the access group scope.

SecurityApiKeyAuth
Request
path Parameters
accessGroupId
required
string non-empty

The ID of the Access group.

scopeId
required
string non-empty

The ID of the Access group scope.

Request Body schema: application/json

The parameters to delete scope objects

required
Array of objects (ScopedObjectItem) [ 1 .. 1000 ] items unique

List of scoped objects to be deleted

Responses
201

Created

post/access-groups/{accessGroupId}/scopes/{scopeId}/objects/delete
Request samples
application/json

Delete all objects for given scope - No request body required

{ }
Response samples
application/json
{
  • "objects": [
    ]
}

Add always allowed permissions for given object type.

SecurityApiKeyAuth
Request
path Parameters
accessGroupId
required
string non-empty

The ID of the Access group.

scopeId
required
string non-empty

The ID of the Access group scope.

Request Body schema: application/json
required

Add always allowed permissions for given object type.

required
Array of objects (AlwaysAllowedPermission) [ 1 .. 1000 ] items unique

An array of always allowed permissions

Responses
200

The access group scope.

post/access-groups/{accessGroupId}/scopes/{scopeId}/always_allowed_permissions
Request samples
application/json
{
  • "always_allowed_permissions": [
    ]
}
Response samples
application/json
{
  • "id": "string",
  • "name": "string",
  • "role_id": "string",
  • "scope_type": "SCOPED",
  • "object_tags": [
    ],
  • "objects": [
    ],
  • "always_allowed_permissions": [
    ]
}

Remove always allowed permissions for given object type.

SecurityApiKeyAuth
Request
path Parameters
accessGroupId
required
string non-empty

The ID of the Access group.

scopeId
required
string non-empty

The ID of the Access group scope.

Request Body schema: application/json
required

Remove always allowed permissions for given object type.

required
Array of objects (AlwaysAllowedPermission) [ 1 .. 1000 ] items unique

An array of always allowed permissions

Responses
200

The access group scope.

post/access-groups/{accessGroupId}/scopes/{scopeId}/always_allowed_permissions/delete
Request samples
application/json
{
  • "always_allowed_permissions": [
    ]
}
Response samples
application/json
{
  • "id": "string",
  • "name": "string",
  • "role_id": "string",
  • "scope_type": "SCOPED",
  • "object_tags": [
    ],
  • "objects": [
    ],
  • "always_allowed_permissions": [
    ]
}