Overview | Service | Command |
Returns effective ADMIN rights the authenticated admin has on the specified
target entry.
Effective rights are the rights the admin is actually allowed. It is the net result of applying ACL checking
rules given the target and grantee. Specifically denied rights will not be returned.
The result can help the admin console decide on what tabs to display after a target is selected. For example,
after user1 is selected, if the admin does not have right to setPassword, it should probably hide or gray out
the setPassword tab.
e.g.
<GetEffectiveRightsRequest> <target type="account" by="id">bba95d7d-0b13-401f-a343-03a8f5a96f7c"/> <grantee by="name">admin@test.com</grantee> </GetEffectiveRightsRequest> <GetEffectiveRightsResponse> <grantee name="admin@test.com</grantee" id=""/> <target type="account" name="user1@test.com" id="bba95d7d-0b13-401f-a343-03a8f5a96f7c"> <right n="setPassword"/> <right n="renameAccount"/> <right n="deleteAccount"/> <setAttrs> <a n="zimbraMailQuota" min="100000000"/> <a n="zimbraMailStatus"/> <a n="zimbraFeatureMailEnabled" values="TRUE,FALSE"/> ... </setAttrs> <getAttrs> <a n="..."/> <a n="..."/> ... </getAttrs> </target> </GetEffectiveRightsRequest>
Authorization token required | true |
Admin Authorization token required | true |
<GetEffectiveRightsRequest [expandAllAttrs="{expand-all-attrs}"]> ## GetEffectiveRightsRequest
<target
type="{target-type} (account|calresource|cos|dl|group|domain|server|alwaysoncluster|ucservice|xmppcomponent|zimlet|config|global)"
[by="{target-selector-by} (id|name)"]>{value}</target> ## EffectiveRightsTargetSelector
<grantee [type="{grantee-type} (usr|grp|egp|all|dom|edom|gst|key|pub|email)"]
[by="{grantee-selector-by} (id|name)"] [secret="{secret}"] [all="{all-flag} (0|1)"]>{key}</grantee> ## GranteeSelector
</GetEffectiveRightsRequest>
The following table describes elements and attributes you can define within a
<GetEffectiveRightsRequest>
element:
XPath | Required / Optional | Description | ||||||||||||||||||||
@expandAllAttrs | Optional (0 or 1) | Type:String Whether to include all attribute names in the <getAttrs>/<setAttrs> elements in the response if all attributes of the target are gettable/settable Valid values are:
|
||||||||||||||||||||
/target | Required (only 1) | Type:{value} Target Description for element text content:The key used to identify the target. Meaning determined by {target-selector-by} |
||||||||||||||||||||
/target@type | Required (only 1) | Type:account|calresource|cos|dl|group|domain|server|alwaysoncluster|ucservice|xmppcomponent|zimlet|config|global Target type |
||||||||||||||||||||
/target@by | Optional (0 or 1) | Type:id|name Select the meaning of {target-selector-key} |
||||||||||||||||||||
/grantee | Optional (0 or 1) | Type:{key} Grantee. If <grantee> is omitted, the account identified by the auth token is regarded as the grantee. Description for element text content:The key used to identify the grantee. Meaning determined by {grantee-selector-by} |
||||||||||||||||||||
/grantee@type | Optional (0 or 1) | Type:usr|grp|egp|all|dom|edom|gst|key|pub|email Grantee type
|
||||||||||||||||||||
/grantee@by | Optional (0 or 1) | Type:id|name Select the meaning of {grantee-selector-key} |
||||||||||||||||||||
/grantee@secret | Optional (0 or 1) | Type:String Password for guest grantee or the access key for key grantee For user right only |
||||||||||||||||||||
/grantee@all | Optional (0 or 1) | Type:0|1 For GetGrantsRequest, selects whether to include grants granted to groups the specified grantee belongs to. Default is 1 (true) |
<GetEffectiveRightsResponse> ## GetEffectiveRightsResponse
<grantee [type="{grantee-type} (usr|grp|egp|all|dom|edom|gst|key|pub|email)"] id="{grantee-id}"
name="{grantee-name}" /> ## GranteeInfo
<target
type="{target-type} (account|calresource|cos|dl|group|domain|server|alwaysoncluster|ucservice|xmppcomponent|zimlet|config|global)"
id="{target-id}" name="{target-name}"> ## EffectiveRightsTargetInfo
(<right [n="{right-name}"] /> ## RightWithName)*
<setAttrs [all="{all-attrs-accessible} (0|1)"]> ## EffectiveAttrsInfo
(<a n="{attribute-name}"> ## EffectiveAttrInfo
<constraint> ## ConstraintInfo
<min>{min} (String)</min>
<max>{max} (String)</max>
<values>
(<v>{values} (String)</v>)*
</values>
</constraint>
<default>
(<v>{values} (String)</v>)*
</default>
</a>)*
</setAttrs>
<getAttrs [all="{all-attrs-accessible} (0|1)"]> ... </getAttrs> ## See /target/setAttrs [ ## EffectiveAttrsInfo]
</target>
</GetEffectiveRightsResponse>
The following table describes elements and attributes you can define within a
<GetEffectiveRightsResponse>
element:
XPath | Required / Optional | Description |
/grantee | Required (only 1) | Information about grantee |
/grantee@type | Optional (0 or 1) | Type:usr|grp|egp|all|dom|edom|gst|key|pub|email Grantee type |
/grantee@id | Required (only 1) | Type:String Grantee ID |
/grantee@name | Required (only 1) | Type:String Grantee name |
/target | Required (only 1) | Information about target |
/target@type | Required (only 1) | Type:account|calresource|cos|dl|group|domain|server|alwaysoncluster|ucservice|xmppcomponent|zimlet|config|global Target type |
/target@id | Required (only 1) | Type:String ID |
/target@name | Required (only 1) | Type:String Name |
/target/right | Optional (0 or more) | Rights |
/target/right@n | Optional (0 or 1) | Type:String Right name |
/target/setAttrs | Required (only 1) | All attributes that can be set |
/target/setAttrs@all | Optional (0 or 1) | Type:0|1 Flags whether all attributes on the target entry are accessible. if set, no <a> elements will appear under the <setAttrs>/<getAttrs> |
/target/setAttrs/a | Optional (0 or more) | Attributes |
/target/setAttrs/a@n | Required (only 1) | Type:String Attribute name |
/target/setAttrs/a/constraint | Optional (0 or 1) | Constraint information |
/target/setAttrs/a/constraint/min | Optional (0 or 1) | Type:{min} (String) Minimum value |
/target/setAttrs/a/constraint/max | Optional (0 or 1) | Type:{max} (String) Maximum value |
/target/setAttrs/a/constraint/values | Required (only 1) | |
/target/setAttrs/a/constraint/values/v | Optional (0 or more) | Type:{values} (String) |
/target/setAttrs/a/default | Required (only 1) | |
/target/setAttrs/a/default/v | Optional (0 or more) | Type:{values} (String) |
/target/getAttrs | Required (only 1) | All attributes that can be got
See /target/setAttrs for more details. |