Overview | Service | Command |
Returns all grants on the specified target entry, or all grants granted to the
specified grantee entry.
The authenticated admin must have an effective "viewGrants" (TBD) system right on the specified target/grantee.
At least one of <target> or <grantee> must be specified. If both <target> and
<grantee> are specified, only grants that are granted on the target to the grantee are returned.
Authorization token required | true |
Admin Authorization token required | true |
<GetGrantsRequest> ## GetGrantsRequest
<target
type="{target-type} (account|calresource|cos|dl|group|domain|server|alwaysoncluster|ucservice|xmppcomponent|zimlet|config|global)"
[by="{target-selector-by} (id|name)"]>{value}</target> ## EffectiveRightsTargetSelector
<grantee [type="{grantee-type} (usr|grp|egp|all|dom|edom|gst|key|pub|email)"]
[by="{grantee-selector-by} (id|name)"] [secret="{secret}"] [all="{all-flag} (0|1)"]>{key}</grantee> ## GranteeSelector
</GetGrantsRequest>
The following table describes elements and attributes you can define within a
<GetGrantsRequest>
element:
XPath | Required / Optional | Description | ||||||||||||||||||||
/target | Optional (0 or 1) | Type:{value} Target Description for element text content:The key used to identify the target. Meaning determined by {target-selector-by} |
||||||||||||||||||||
/target@type | Required (only 1) | Type:account|calresource|cos|dl|group|domain|server|alwaysoncluster|ucservice|xmppcomponent|zimlet|config|global Target type |
||||||||||||||||||||
/target@by | Optional (0 or 1) | Type:id|name Select the meaning of {target-selector-key} |
||||||||||||||||||||
/grantee | Optional (0 or 1) | Type:{key} Grantee Description for element text content:The key used to identify the grantee. Meaning determined by {grantee-selector-by} |
||||||||||||||||||||
/grantee@type | Optional (0 or 1) | Type:usr|grp|egp|all|dom|edom|gst|key|pub|email Grantee type
|
||||||||||||||||||||
/grantee@by | Optional (0 or 1) | Type:id|name Select the meaning of {grantee-selector-key} |
||||||||||||||||||||
/grantee@secret | Optional (0 or 1) | Type:String Password for guest grantee or the access key for key grantee For user right only |
||||||||||||||||||||
/grantee@all | Optional (0 or 1) | Type:0|1 For GetGrantsRequest, selects whether to include grants granted to groups the specified grantee belongs to. Default is 1 (true) |
<GetGrantsResponse> ## GetGrantsResponse
(<grant> ## GrantInfo
<target type="{type}" id="{id}" name="{name}" /> ## TypeIdName
<grantee [type="{grantee-type} (usr|grp|egp|all|dom|edom|gst|key|pub|email)"] id="{grantee-id}"
name="{grantee-name}" /> ## GranteeInfo
<right [deny="{deny-flag} (0|1)"] [canDelegate="{can-delegate-flag} (0|1)"]
[disinheritSubGroups="{disinheritSubGroups-flag} (0|1)"] [subDomain="{subdomain-flag} (0|1)"]>{value}</right> ## RightModifierInfo
</grant>)*
</GetGrantsResponse>
The following table describes elements and attributes you can define within a
<GetGrantsResponse>
element:
XPath | Required / Optional | Description |
/grant | Optional (0 or more) | Information about grants |
/grant/target | Required (only 1) | Information on target |
/grant/target@type | Required (only 1) | Type:String Type |
/grant/target@id | Required (only 1) | Type:String ID |
/grant/target@name | Required (only 1) | Type:String Name |
/grant/grantee | Required (only 1) | Information on grantee |
/grant/grantee@type | Optional (0 or 1) | Type:usr|grp|egp|all|dom|edom|gst|key|pub|email Grantee type |
/grant/grantee@id | Required (only 1) | Type:String Grantee ID |
/grant/grantee@name | Required (only 1) | Type:String Grantee name |
/grant/right | Required (only 1) | Type:{value} Information on right Description for element text content:Value is of the form : {right-name} | {inline-right} where {right-name} = a system defined right name {inline-right} = {op}.{target-type}.{attr-name} {op} = set | get {attr-name} = a valid attribute name on the specified target type |
/grant/right@deny | Optional (0 or 1) | Type:0|1 Deny flag - default is 0 (false) |
/grant/right@canDelegate | Optional (0 or 1) | Type:0|1 Flag whether can delegate - default is 0 (false) |
/grant/right@disinheritSubGroups | Optional (0 or 1) | Type:0|1 disinheritSubGroups flag - default is 0 (false) |
/grant/right@subDomain | Optional (0 or 1) | Type:0|1 subDomain flag - default is 0 (false) |