Overview | Service | Command |
Grant a right on a target to an individual or group grantee.
Authorization token required | true |
Admin Authorization token required | true |
<GrantRightRequest> ## GrantRightRequest
<target
type="{target-type} (account|calresource|cos|dl|group|domain|server|alwaysoncluster|ucservice|xmppcomponent|zimlet|config|global)"
[by="{target-selector-by} (id|name)"]>{value}</target> ## EffectiveRightsTargetSelector
<grantee [type="{grantee-type} (usr|grp|egp|all|dom|edom|gst|key|pub|email)"]
[by="{grantee-selector-by} (id|name)"] [secret="{secret}"] [all="{all-flag} (0|1)"]>{key}</grantee> ## GranteeSelector
<right [deny="{deny-flag} (0|1)"] [canDelegate="{can-delegate-flag} (0|1)"]
[disinheritSubGroups="{disinheritSubGroups-flag} (0|1)"] [subDomain="{subdomain-flag} (0|1)"]>{value}</right> ## RightModifierInfo
</GrantRightRequest>
The following table describes elements and attributes you can define within a
<GrantRightRequest>
element:
XPath | Required / Optional | Description | ||||||||||||||||||||
/target | Required (only 1) | Type:{value} Target selector Description for element text content:The key used to identify the target. Meaning determined by {target-selector-by} |
||||||||||||||||||||
/target@type | Required (only 1) | Type:account|calresource|cos|dl|group|domain|server|alwaysoncluster|ucservice|xmppcomponent|zimlet|config|global Target type |
||||||||||||||||||||
/target@by | Optional (0 or 1) | Type:id|name Select the meaning of {target-selector-key} |
||||||||||||||||||||
/grantee | Required (only 1) | Type:{key} Grantee selector Description for element text content:The key used to identify the grantee. Meaning determined by {grantee-selector-by} |
||||||||||||||||||||
/grantee@type | Optional (0 or 1) | Type:usr|grp|egp|all|dom|edom|gst|key|pub|email Grantee type
|
||||||||||||||||||||
/grantee@by | Optional (0 or 1) | Type:id|name Select the meaning of {grantee-selector-key} |
||||||||||||||||||||
/grantee@secret | Optional (0 or 1) | Type:String Password for guest grantee or the access key for key grantee For user right only |
||||||||||||||||||||
/grantee@all | Optional (0 or 1) | Type:0|1 For GetGrantsRequest, selects whether to include grants granted to groups the specified grantee belongs to. Default is 1 (true) |
||||||||||||||||||||
/right | Required (only 1) | Type:{value} Right Description for element text content:Value is of the form : {right-name} | {inline-right} where {right-name} = a system defined right name {inline-right} = {op}.{target-type}.{attr-name} {op} = set | get {attr-name} = a valid attribute name on the specified target type |
||||||||||||||||||||
/right@deny | Optional (0 or 1) | Type:0|1 Deny flag - default is 0 (false) |
||||||||||||||||||||
/right@canDelegate | Optional (0 or 1) | Type:0|1 Flag whether can delegate - default is 0 (false) |
||||||||||||||||||||
/right@disinheritSubGroups | Optional (0 or 1) | Type:0|1 disinheritSubGroups flag - default is 0 (false) |
||||||||||||||||||||
/right@subDomain | Optional (0 or 1) | Type:0|1 subDomain flag - default is 0 (false) |
<GrantRightResponse /> ## GrantRightResponse