Overview | Service | Command |
Check if a principal has the specified right on target.
A successful return means the principal specified by the <grantee> is allowed for the specified right on
the target object.
If PERM_DENIED is thrown, it means the authed user does not have privilege to run this SOAP command (has to be an
admin because this command is in admin namespace).
Result of CheckRightRequest is in the allow="1|0" attribute in CheckRightResponse.
If a specific grant decisively lead to the result, details of it are specified in <via> in the
<CheckRightResponse>.
e.g. if a combo right C containing renameAccount is granted to group G on domain D, and admin A is in group G, then:
<CheckRightRequest> <target type="account"> by="name">user1@D</target> <grantee by="name">admin@D</grantee> <right>renameAccount</right> </CheckRightRequest>will return:
<CheckRightResponse allow="1"> <via> <target type=domain>D</target> <grantee type=grp>G</grantee> <right>C</right> </via> </CheckRightResponse>
<CheckRightRequest> <target type="account"> by="name">user1@D</target> <grantee by="name">admin@D</grantee> <right>configureQuota</right> <attrs> <a n="zimbraMailQuota">100000</a> <a n="zimbraQuotaWarnPercent">80</a> <attrs> </CheckRightRequest> <CheckRightResponse allow="0">
Authorization token required | true |
Admin Authorization token required | true |
<CheckRightRequest> ## CheckRightRequest
<target
type="{target-type} (account|calresource|cos|dl|group|domain|server|alwaysoncluster|ucservice|xmppcomponent|zimlet|config|global)"
[by="{target-selector-by} (id|name)"]>{value}</target> ## EffectiveRightsTargetSelector
<grantee [type="{grantee-type} (usr|grp|egp|all|dom|edom|gst|key|pub|email)"]
[by="{grantee-selector-by} (id|name)"] [secret="{secret}"] [all="{all-flag} (0|1)"]>{key}</grantee> ## GranteeSelector
<right>{value}</right> ## CheckedRight
(<a n="{key}" /> ## Attr)*
</CheckRightRequest>
The following table describes elements and attributes you can define within a
<CheckRightRequest>
element:
XPath | Required / Optional | Description | ||||||||||||||||||||
/target | Required (only 1) | Type:{value} Target Description for element text content:The key used to identify the target. Meaning determined by {target-selector-by} |
||||||||||||||||||||
/target@type | Required (only 1) | Type:account|calresource|cos|dl|group|domain|server|alwaysoncluster|ucservice|xmppcomponent|zimlet|config|global Target type |
||||||||||||||||||||
/target@by | Optional (0 or 1) | Type:id|name Select the meaning of {target-selector-key} |
||||||||||||||||||||
/grantee | Required (only 1) | Type:{key} Grantee - valid values for type are "usr" and "email" Description for element text content:The key used to identify the grantee. Meaning determined by {grantee-selector-by} |
||||||||||||||||||||
/grantee@type | Optional (0 or 1) | Type:usr|grp|egp|all|dom|edom|gst|key|pub|email Grantee type
|
||||||||||||||||||||
/grantee@by | Optional (0 or 1) | Type:id|name Select the meaning of {grantee-selector-key} |
||||||||||||||||||||
/grantee@secret | Optional (0 or 1) | Type:String Password for guest grantee or the access key for key grantee For user right only |
||||||||||||||||||||
/grantee@all | Optional (0 or 1) | Type:0|1 For GetGrantsRequest, selects whether to include grants granted to groups the specified grantee belongs to. Default is 1 (true) |
||||||||||||||||||||
/right | Required (only 1) | Type:{value} Checked Right Description for element text content:Name of right |
||||||||||||||||||||
/a | Optional (0 or more) | Attributes | ||||||||||||||||||||
/a@n | Required (only 1) | Type:String Key |
<CheckRightResponse allow="(0|1)"> ## CheckRightResponse
<via> ## RightViaInfo
<target type="{target-type}">{value}</target> ## TargetWithType
<grantee type="{target-type}">{value}</grantee> ## GranteeWithType
<right>{value}</right> ## CheckedRight
</via>
</CheckRightResponse>
The following table describes elements and attributes you can define within a
<CheckRightResponse>
element:
XPath | Required / Optional | Description |
@allow | Required (only 1) | Type:0|1 Result of the CheckRightRequest |
/via | Optional (0 or 1) | Via information for the grant that decisively lead to the result |
/via/target | Required (only 1) | Type:{value} Target Description for element text content:Value matching {target-type} if this is part of a response (otherwise blank) |
/via/target@type | Required (only 1) | Type:String Target type |
/via/grantee | Required (only 1) | Type:{value} Grantee Description for element text content:Target name |
/via/grantee@type | Required (only 1) | Type:String Target type |
/via/right | Required (only 1) | Type:{value} Checked right Description for element text content:Name of right |