Management API Endpoints
This section provides details about the Management API endpoints that allow you to manipulate resource endpoints such as policies, roles, permissions and assignments. In addition there are endpoints available for querying resources.
See detailed descriptions for exact payloads.
Policy Definition Endpoints
The following table lists the Policy resources available, and associated operations available for Policy resources.
Operation |
Resource URL (example only) |
|---|---|
GET /management/policies |
|
POST /management/policies |
|
GET /management/policies/{policyId} |
|
PUT /management/policies/{policyId} |
|
DELETE /management/policies/{policyId} |
|
GET /management/policies/{policyId}/policies |
|
POST /management/policies/{policyId}/policies |
|
GET /management/policies/{policyId}/roles |
|
POST /management/policies/{policyId}/roles |
|
GET /management/roles/{roleId} |
|
PUT /management/roles/{roleId} |
|
DELETE /management/roles/{roleId} |
|
GET /management/policies/{policyId}/permissions |
|
POST /management/policies/{policyId}/permissions |
|
GET /management/permissions/{permissionId} |
|
PUT /management/permissions/{permissionId} |
|
DELETE /management/permissions/{permissionId} |
User Assignment Endpoints
A user is assigned to a role in the context of a policy. The assignment can be based on the user’s subject identifier, identity role, or any other identity claims evaluated for that user.
Note
Subject Identifier (subjectId), ClaimType and ClaimValue are all case-sensitive as specified in the JWT spec
The following table lists the Role Assignment resources available to manage these assignments.
Operation |
Resource URL (example only) |
|---|---|
GET /management/policies/{policyId}/subject-assignments/{roleId} |
|
POST /management/policies/{policyId}/subject-assignments/{roleId} |
|
PUT /management/subject-assignments/{assignmentId} |
|
DELETE /management/subject-assignments/{assignmentId} |
|
DELETE management/subjects/{subjectId}/subject-assignments |
|
GET /management/policies/{policyId}/identityrole-assignments/{roleId} |
|
POST /management/policies/{policyId}/identityrole-assignments/{roleId} |
|
PUT /management/identityrole-assignments/{assignmentId} |
|
DELETE /management/identityrole-assignments/{assignmentId} |
|
GET /management/policies/{policyId}/expression-assignments/{roleId} |
|
POST /management/policies/{policyId}/expression-assignments/{roleId} |
|
UPDATE /management/expression-assignments/{assignmentId} |
|
DELETE /management/expression-assignments/{assignmentId} |
User Assignment Query Endpoints
These endpoints allow you to query the policies assigned to users. This can be done by the subject identifier, identity role, or expression.
The following table lists the available endpoints.
Operation |
Endpoint URL (example only) |
|---|---|
GET /management/subjects/{subjectId}/policy-assignments |
|
GET /management/subjects/{subjectId}/policies/{policyId}/role-assignments |
|
GET /management/identityroles/{identityRoleName}/policy-assignments |
|
GET /management/identityroles/{identityRoleName}/policies/{policyId}/role-assignments |
|
GET /management/expression-assignments/{assignmentId}/policy-assignments |
|
GET /management/expression-assignments/{assignmentId}/policies/{policyId}/role-assignments |
Role and Permission Assignment Query Endpoints
For a role get every policy with a permission that has assigned the role. For a permission get every policy with a role that has assigned the permission.
The following table lists the available endpoints.
Operation |
Endpoint URL (example only) |
|---|---|
GET /management/roles/{roleId}/policy-assignments |
|
GET /management/roles/{roleId}/policies/{policyId}/permission-assignments |
|
GET /management/permissions/{permissionId}/policy-assignments |
|
GET /management/permissions/{permissionId}/policies/{policyId}/role-assignments |
Claim to permission assignments Endpoints
For a permission in a policy assign claims of different types to permission directly.
The following table lists the available endpoints.
Operation |
Endpoint URL (example only) |
|---|---|
GET /management/policies/{policyId}/claim-permission-assignments/{permissionId} |
|
POST /management/policies/{policyId}/claim-permission-assignments/{permissionId} |
|
GET /management/claim-permission-assignments/{claimPermissionAssignmentId} |
|
PUT /management/claim-permission-assignments/{claimPermissionAssignmentId} |
|
DELETE /management/claim-permission-assignments/{claimPermissionAssignmentId} |
|
Gets aggregated claim to permission assignments for a policy |
GET /management/policies/{policyId}/aggregated-claim-permission-assignments/{permissionId} |
Aggregated Role and Permission Assignment Query Endpoints
For a permission in a policy what are the roles available from the hierarchy and which ones are assigned. For a role in a policy what are the permissions available from the hierarchy and which ones are assigned.
The following table lists the available endpoints.
Operation |
Endpoint URL (example only) |
|---|---|
GET /management/policies/{policyId}/role-assignments/{permissionId} |
|
GET /management/policies/{policyId}/role-assignments/{permissionId} |
|
POST /management/policies/{policyId}/role-assignments/{permissionId}/{roleId} |
|
DELETE /management/permission-assignments/{assignmentId} |
Tenant Endpoints
Operation |
Endpoint URL (example only) |
|---|---|
GET /management/tenants |
|
POST /management/tenants |
|
GET /management/tenants/{tenantId} |
|
PUT /management/tenants/{tenantId} |
|
DELETE /management/tenants/{tenantId} |
|
POST /management/tenants/{tenantId}/tenants |
|
GET /management/tenants/{tenantId}/policy-assignments |
|
GET /management/tenants/{tenantId}/policies/{policyId}/roles |
|
GET /management/tenants/{tenantId}/policies/{policyId}/role-assignments |
|
GET /management/tenants/{tenantId}/policies/{policyId}/roles/{roleId}/subject-assignments |
|
GET /management/tenants/{tenantId}/policies/{policyId}/roles/{roleId}/identityrole-assignments |
|
GET /management/tenants/{tenantId}/policies/{policyId}/roles/{roleId}/expression-assignments |
|
GET /management/tenants/{tenantId}/policies/{policyId}/permission-assignments |
User and Role Search Endpoints
Operation |
Endpoint URL (example only) |
|---|---|
GET /management/search/users?filter={searchTerm} |
|
GET /management/search/roles?filter={searchTerm} |
Endpoint Details
Get policies
List all policies
Request
GET /management/policies?filter={some name}&tenant={tenant identifier}
Optional Request Parameters
filter: Filters the results based on the value passed. The value is compared to the name.
tenant: Scopes the results based on the tenant identifier passed. All hypermedia included in the results will preserve the tenant scoping.
Response
Data returned:
{
"data": {
"totalCount": 9,
"totalPages": 1,
"currentPage" : 1,
"tenant": null,
"items": [
{
"data": {
"policyId": "161",
"name": "policy 0",
"description": "policy description"
},
"links": [
{
"rel": "self",
"href": "http://localhost:65471/management/policies/161"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/policies/161"
},
{
"rel": "policies",
"href": "http://localhost:65471/management/policies/161/policies"
},
{
"rel": "add-policy",
"href": "http://localhost:65471/management/policies/161/policies"
},
{
"rel": "roles",
"href": "http://localhost:65471/management/policies/161/roles"
},
{
"rel": "permissions",
"href": "http://localhost:65471/management/policies/161/permissions"
},
{
"rel": "add-role",
"href": "http://localhost:65471/management/policies/161/roles"
},
{
"rel": "add-permission",
"href": "http://localhost:65471/management/policies/161/permissions"
}
]
},
{
"data": {
"policyId": "162",
"name": "policy 1",
"description": "policy description"
},
"links": [
{
"rel": "self",
"href": "http://localhost:65471/management/policies/162"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/policies/162"
},
{
"rel": "policies",
"href": "http://localhost:65471/management/policies/162/policies"
},
{
"rel": "add-policy",
"href": "http://localhost:65471/management/policies/162/policies"
},
{
"rel": "roles",
"href": "http://localhost:65471/management/policies/162/roles"
},
{
"rel": "permissions",
"href": "http://localhost:65471/management/policies/162/permissions"
},
{
"rel": "add-role",
"href": "http://localhost:65471/management/policies/162/roles"
},
{
"rel": "add-permission",
"href": "http://localhost:65471/management/policies/162/permissions"
}
]
},
{
"data": {
"policyId": "163",
"name": "policy 2",
"description": "policy description"
},
"links": [
{
"rel": "self",
"href": "http://localhost:65471/management/policies/163"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/policies/163"
},
{
"rel": "policies",
"href": "http://localhost:65471/management/policies/163/policies"
},
{
"rel": "add-policy",
"href": "http://localhost:65471/management/policies/163/policies"
},
{
"rel": "roles",
"href": "http://localhost:65471/management/policies/163/roles"
},
{
"rel": "permissions",
"href": "http://localhost:65471/management/policies/163/permissions"
},
{
"rel": "add-role",
"href": "http://localhost:65471/management/policies/163/roles"
},
{
"rel": "add-permission",
"href": "http://localhost:65471/management/policies/163/permissions"
}
]
},
{
"data": {
"policyId": "164",
"name": "policy 3",
"description": "policy description"
},
"links": [
{
"rel": "self",
"href": "http://localhost:65471/management/policies/164"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/policies/164"
},
{
"rel": "policies",
"href": "http://localhost:65471/management/policies/164/policies"
},
{
"rel": "add-policy",
"href": "http://localhost:65471/management/policies/164/policies"
},
{
"rel": "roles",
"href": "http://localhost:65471/management/policies/164/roles"
},
{
"rel": "permissions",
"href": "http://localhost:65471/management/policies/164/permissions"
},
{
"rel": "add-role",
"href": "http://localhost:65471/management/policies/164/roles"
},
{
"rel": "add-permission",
"href": "http://localhost:65471/management/policies/164/permissions"
}
]
},
{
"data": {
"policyId": "165",
"name": "policy 4",
"description": "policy description"
},
"links": [
{
"rel": "self",
"href": "http://localhost:65471/management/policies/165"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/policies/165"
},
{
"rel": "policies",
"href": "http://localhost:65471/management/policies/165/policies"
},
{
"rel": "add-policy",
"href": "http://localhost:65471/management/policies/165/policies"
},
{
"rel": "roles",
"href": "http://localhost:65471/management/policies/165/roles"
},
{
"rel": "permissions",
"href": "http://localhost:65471/management/policies/165/permissions"
},
{
"rel": "add-role",
"href": "http://localhost:65471/management/policies/165/roles"
},
{
"rel": "add-permission",
"href": "http://localhost:65471/management/policies/165/permissions"
}
]
},
{
"data": {
"policyId": "166",
"name": "policy 5",
"description": "policy description"
},
"links": [
{
"rel": "self",
"href": "http://localhost:65471/management/policies/166"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/policies/166"
},
{
"rel": "policies",
"href": "http://localhost:65471/management/policies/166/policies"
},
{
"rel": "add-policy",
"href": "http://localhost:65471/management/policies/166/policies"
},
{
"rel": "roles",
"href": "http://localhost:65471/management/policies/166/roles"
},
{
"rel": "permissions",
"href": "http://localhost:65471/management/policies/166/permissions"
},
{
"rel": "add-role",
"href": "http://localhost:65471/management/policies/166/roles"
},
{
"rel": "add-permission",
"href": "http://localhost:65471/management/policies/166/permissions"
}
]
},
{
"data": {
"policyId": "167",
"name": "policy 6",
"description": "policy description"
},
"links": [
{
"rel": "self",
"href": "http://localhost:65471/management/policies/167"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/policies/167"
},
{
"rel": "policies",
"href": "http://localhost:65471/management/policies/167/policies"
},
{
"rel": "add-policy",
"href": "http://localhost:65471/management/policies/167/policies"
},
{
"rel": "roles",
"href": "http://localhost:65471/management/policies/167/roles"
},
{
"rel": "permissions",
"href": "http://localhost:65471/management/policies/167/permissions"
},
{
"rel": "add-role",
"href": "http://localhost:65471/management/policies/167/roles"
},
{
"rel": "add-permission",
"href": "http://localhost:65471/management/policies/167/permissions"
}
]
},
{
"data": {
"policyId": "168",
"name": "policy 7",
"description": "policy description"
},
"links": [
{
"rel": "self",
"href": "http://localhost:65471/management/policies/168"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/policies/168"
},
{
"rel": "policies",
"href": "http://localhost:65471/management/policies/168/policies"
},
{
"rel": "add-policy",
"href": "http://localhost:65471/management/policies/168/policies"
},
{
"rel": "roles",
"href": "http://localhost:65471/management/policies/168/roles"
},
{
"rel": "permissions",
"href": "http://localhost:65471/management/policies/168/permissions"
},
{
"rel": "add-role",
"href": "http://localhost:65471/management/policies/168/roles"
},
{
"rel": "add-permission",
"href": "http://localhost:65471/management/policies/168/permissions"
}
]
},
{
"data": {
"policyId": "169",
"name": "policy 8",
"description": "policy description"
},
"links": [
{
"rel": "self",
"href": "http://localhost:65471/management/policies/169"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/policies/169"
},
{
"rel": "policies",
"href": "http://localhost:65471/management/policies/169/policies"
},
{
"rel": "add-policy",
"href": "http://localhost:65471/management/policies/169/policies"
},
{
"rel": "roles",
"href": "http://localhost:65471/management/policies/169/roles"
},
{
"rel": "permissions",
"href": "http://localhost:65471/management/policies/169/permissions"
},
{
"rel": "add-role",
"href": "http://localhost:65471/management/policies/169/roles"
},
{
"rel": "add-permission",
"href": "http://localhost:65471/management/policies/169/permissions"
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "http://localhost:65471/management/policies?count=20&page=1",
"name": "current"
},
{
"rel": "page",
"href": "http://localhost:65471/management/policies?count=20&page=1",
"name": "first"
},
{
"rel": "page",
"href": "http://localhost:65471/management/policies?count=20&page=1",
"name": "last"
},
{
"rel": "add-policy",
"href": "http://localhost:65471/management/policies"
}
]
}
Add policy
Create a new policy
Request
POST /management/policies
Data posted:
{
"Name": "policy 0",
"Description": "policy description"
}
Get policy
Get policy details by policy id
Request
GET /management/policies/{policyId}
Response
Data returned:
{
"data": {
"policyId": "171",
"path": "/policy 0",
"name": "policy 0",
"description": "policy description"
},
"links": [
{
"rel": "self",
"href": "http://localhost:65471/management/policies/171"
},
{
"rel": "update-self",
"href": "http://localhost:65471/management/policies/171"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/policies/171"
},
{
"rel": "policies",
"href": "http://localhost:65471/management/policies/171/policies"
},
{
"rel": "roles",
"href": "http://localhost:65471/management/policies/171/roles"
},
{
"rel": "permissions",
"href": "http://localhost:65471/management/policies/171/permissions"
},
{
"rel": "add-policy",
"href": "http://localhost:65471/management/policies/171/policies"
},
{
"rel": "add-role",
"href": "http://localhost:65471/management/policies/171/roles"
},
{
"rel": "add-permission",
"href": "http://localhost:65471/management/policies/171/permissions"
}
]
}
Update Policy
Update Policy details by policy id
Request
PUT /management/policies/{policyId}
Data posted:
{
"Name": "test policy",
"Description": "new Description"
}
Delete policy
Request
DELETE /management/policies/{policyId}
Get child policies
List all child policies for a given policy by id
Request
GET /management/policies/{policyId}/policies?filter={some name}
Optional Request Parameters
filter: Filters the results based on the value passed. The value is compared to the name.
Response
Data returned:
{
"data": {
"totalCount": 0,
"totalPages": 1,
"items": []
},
"links": [
{
"rel": "page",
"href": "http://localhost:65471/management/policies/171/policies?count=20&page=1",
"name": "current"
},
{
"rel": "page",
"href": "http://localhost:65471/management/policies/171/policies?count=20&page=1",
"name": "first"
},
{
"rel": "page",
"href": "http://localhost:65471/management/policies/171/policies?count=20&page=1",
"name": "last"
},
{
"rel": "add-policy",
"href": "http://localhost:65471/management/policies/171/policies"
},
{
"rel": "parent",
"href": "http://localhost:65471/management/policies/171"
}
]
}
Add child policy
Add a new child policy for a policy by id
Request
POST /management/policies/{policyId}/policies
Data posted:
{
"Name": "child name",
"Description": "child description"
}
Get policy roles
List all roles for a policy by its id
Request
GET /management/policies/{policyId}/roles?filter={some name}
Optional Request Parameters
filter: Filters the results based on the value passed. The value is compared to the name.
Response
Data returned:
{
"data": {
"totalCount": 1,
"totalPages": 1,
"items": [
{
"data": {
"roleId": "15",
"tenant": null,
"name": "test role",
"description": "role description",
"inherited": false
},
"links": [
{
"rel": "self",
"href": "http://localhost:65471/management/roles/15"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/roles/15"
},
{
"rel": "subject-assignments",
"href": "http://localhost:65471/management/policies/170/subject-assignments/15"
},
{
"rel": "identityrole-assignments",
"href": "http://localhost:65471/management/policies/170/identityrole-assignments/15"
},
{
"rel": "expression-assignments",
"href": "http://localhost:65471/management/policies/170/expression-assignments/15"
},
{
"rel": "add-subject",
"href": "http://localhost:65471/management/policies/170/subject-assignments/15"
},
{
"rel": "add-identityrole",
"href": "http://localhost:65471/management/policies/170/identityrole-assignments/15"
},
{
"rel": "add-expression",
"href": "http://localhost:65471/management/policies/170/expression-assignments/15"
},
{
"rel": "policy-assignments",
"href": "http://localhost:65471/management/roles/15/policy-assignments"
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "http://localhost:65471/management/policies/170/roles?count=20&page=1",
"name": "current"
},
{
"rel": "page",
"href": "http://localhost:65471/management/policies/170/roles?count=20&page=1",
"name": "first"
},
{
"rel": "page",
"href": "http://localhost:65471/management/policies/170/roles?count=20&page=1",
"name": "last"
},
{
"rel": "policy",
"href": "http://localhost:65471/management/policies/170"
},
{
"rel": "add-role",
"href": "http://localhost:65471/management/policies/170/roles"
}
]
}
Create policy role
Request
POST /management/policies/{policyId}/roles
Data posted:
{
"Name": "test role",
"Description": "role description"
}
Get role
Get role details by role id
Request
GET /management/roles/{roleId}
Response
Data returned:
{
"data": {
"roleId": "16",
"tenant": null,
"name": "test role",
"description": "role description",
"includeInPolicyResults": true
},
"links": [
{
"rel": "self",
"href": "http://localhost:65471/management/roles/16"
},
{
"rel": "update-self",
"href": "http://localhost:65471/management/roles/16"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/roles/16"
},
{
"rel": "policy-assignments",
"href": "http://localhost:65471/management/roles/16/policy-assignments"
},
{
"rel": "policy",
"href": "http://localhost:65471/management/policies/180"
}
]
}
Update Role
Request
PUT /management/roles/{roleId}
Data posted:
{
"Name": "test role",
"Description": "New description"
}
Delete role
Delete a role by Id
Request
DELETE /management/roles/{roleId}
Get policy permissions
Get a list of permissions for a policy based on its Id
Request
GET /management/policies/{policyId}/permissions?filter={some name}
Optional Request Parameters
filter: Filters the results based on the value passed. The value is compared to the name.
Response
Data returned:
{
"data": {
"totalCount": 1,
"totalPages": 1,
"items": [
{
"data": {
"permissionId": "17",
"name": "test permission",
"description": "permission description",
"inherited": false
},
"links": [
{
"rel": "self",
"href": "http://localhost:65471/management/permissions/17"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/permissions/17"
},
{
"rel": "role-assignments",
"href": "http://localhost:65471/management/policies/170/role-assignments/17"
},
{
"rel": "policy-assignments",
"href": "http://localhost:65471/management/permissions/17/policy-assignments"
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "http://localhost:65471/management/policies/170/permissions?count=20&page=1",
"name": "current"
},
{
"rel": "page",
"href": "http://localhost:65471/management/policies/170/permissions?count=20&page=1",
"name": "first"
},
{
"rel": "page",
"href": "http://localhost:65471/management/policies/170/permissions?count=20&page=1",
"name": "last"
},
{
"rel": "policy",
"href": "http://localhost:65471/management/policies/170"
},
{
"rel": "add-permission",
"href": "http://localhost:65471/management/policies/170/permissions"
}
]
}
Create policy permission
Create a permission for a policy based on its id
Request
POST /management/policies/{policyId}/permissions
Data posted:
{
"Name": "test permission",
"Description": "permission description"
}
Get permission
Get permission details by permission id
Request
GET /management/permissions/{permissionId}
Response
Data returned:
{
"data": {
"permissionId": "18",
"name": "test permission",
"description": "permission description"
},
"links": [
{
"rel": "self",
"href": "http://localhost:65471/management/permissions/18"
},
{
"rel": "update-self",
"href": "http://localhost:65471/management/permissions/18"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/permissions/18"
},
{
"rel": "policy",
"href": "http://localhost:65471/management/policies/180"
},
{
"rel": "policy-assignments",
"href": "http://localhost:65471/management/permissions/18/policy-assignments"
}
]
}
Update Permission
Update a permission based on its id
Request
PUT /management/permissions/{permissionId}
Data posted:
{
"Name": "test permission",
"Description": "New description"
}
Delete permission
Delete a permission based on its id
Request
DELETE /management/permissions/{permissionId}
Get subject assignments
Get Subject assignment details for a role in a policy
Request
GET /management/policies/{policyId}/subject-assignments/{roleId}?filter={some value}
Optional Request Parameters
filter: Filters the results based on the value passed. The value is compared to the subject id.
Response
Data returned:
{
"data": {
"totalCount": 2,
"totalPages": 1,
"items": [
{
"data": {
"subjectAssignmentId": "22",
"tenant": null,
"subjectId": "123",
"description": "Alice",
"allowed": true,
"inherited": false
},
"links": [
{
"rel": "update-self",
"href": "http://localhost:65471/management/subject-assignments/22"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/subject-assignments/22"
},
{
"rel": "policy-assignments",
"href": "http://localhost:65471/management/subjects/123/policy-assignments"
}
]
},
{
"data": {
"subjectAssignmentId": "23",
"tenant": null,
"subjectId": "456",
"description": "Bob",
"allowed": false,
"inherited": false
},
"links": [
{
"rel": "update-self",
"href": "http://localhost:65471/management/subject-assignments/23"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/subject-assignments/23"
},
{
"rel": "policy-assignments",
"href": "http://localhost:65471/management/subjects/456/policy-assignments"
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "http://localhost:65471/management/policies/180/subject-assignments/16?count=20&page=1",
"name": "current"
},
{
"rel": "page",
"href": "http://localhost:65471/management/policies/180/subject-assignments/16?count=20&page=1",
"name": "first"
},
{
"rel": "page",
"href": "http://localhost:65471/management/policies/180/subject-assignments/16?count=20&page=1",
"name": "last"
},
{
"rel": "policy",
"href": "http://localhost:65471/management/policies/180"
},
{
"rel": "role",
"href": "http://localhost:65471/management/roles/16"
},
{
"rel": "add-subject",
"href": "http://localhost:65471/management/policies/180/subject-assignments/16"
}
]
}
Assign Subject
Create a new subject assignment to a role in a policy
Request
POST /management/policies/{policyId}/subject-assignments/{roleId}
Data posted:
{
"SubjectId": "123",
"Description": "Alice",
"Allowed": true
}
Update Subject Assignment
Updates a subject assignment based on subject assignment id
Request
PUT /management/subject-assignments/{assignmentId}
Data posted:
{
"SubjectId": "123",
"Description": "Alice",
"Allowed": true
}
Delete subject assignment
Delete a subject assignment based on subject assignment id
Request
DELETE /management/subject-assignments/{assignmentId}
Delete all subject assignments in system
Delete all subject assignments based on subject id from all policies, child policies and tenants
Request
DELETE management/subjects/{subjectId}/subject-assignments
Get Identity Role assignments
Get Identity role assignment details for a role in a policy
Request
GET /management/policies/{policyId}/identityrole-assignments/{roleId}?filter={some value}
Optional Request Parameters
filter: Filters the results based on the value passed. The value is compared to the identity role.
Response
Data returned:
{
"data": {
"totalCount": 2,
"totalPages": 1,
"items": [
{
"data": {
"identityRoleAssignmentId": "16",
"tenant": null,
"identityRole": "Admin",
"description": null,
"allowed": true,
"inherited": false
},
"links": [
{
"rel": "update-self",
"href": "http://localhost:65471/management/identityrole-assignments/16"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/identityrole-assignments/16"
},
{
"rel": "policy-assignments",
"href": "http://localhost:65471/management/identityroles/Admin/policy-assignments"
}
]
},
{
"data": {
"identityRoleAssignmentId": "17",
"tenant": null,
"identityRole": "Customer",
"description": null,
"allowed": false,
"inherited": false
},
"links": [
{
"rel": "update-self",
"href": "http://localhost:65471/management/identityrole-assignments/17"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/identityrole-assignments/17"
},
{
"rel": "policy-assignments",
"href": "http://localhost:65471/management/identityroles/Customer/policy-assignments"
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "http://localhost:65471/management/policies/180/identityrole-assignments/16?count=20&page=1",
"name": "current"
},
{
"rel": "page",
"href": "http://localhost:65471/management/policies/180/identityrole-assignments/16?count=20&page=1",
"name": "first"
},
{
"rel": "page",
"href": "http://localhost:65471/management/policies/180/identityrole-assignments/16?count=20&page=1",
"name": "last"
},
{
"rel": "policy",
"href": "http://localhost:65471/management/policies/180"
},
{
"rel": "role",
"href": "http://localhost:65471/management/roles/16"
},
{
"rel": "add-identityrole",
"href": "http://localhost:65471/management/policies/180/identityrole-assignments/16"
}
]
}
Assign Identity Role
Create a new identity role assignment to a role in a policy
Request
POST /management/policies/{policyId}/identityrole-assignments/{roleId}
Data posted:
{
"IdentityRole": "Admin",
"Description": "Admin description",
"Allowed": true
}
Update Identity Role Assignment
Updates a identity role assignment based on assignment id
Request
PUT /management/identityrole-assignments/{assignmentId}
Data posted:
{
"IdentityRole": "Admin",
"Description": "Admin description",
"Allowed": true
}
Delete Identity Role Assignment
Delete a identity role assignment based on assignment id
Request
DELETE /management/identityrole-assignments/{assignmentId}
Get Expression Assignment
Get expression assignments for a role in a policy
Request
GET /management/policies/{policyId}/expression-assignments/{roleId}?filter={some value}
Optional Request Parameters
filter: Filters the results based on the value passed. The value is compared to the expression.
Response
Data returned:
{
"data": {
"totalCount": 2,
"totalPages": 1,
"items": [
{
"data": {
"expressionAssignmentId": "14",
"tenant": null,
"expression": "user=>user.HasClaim(\"tall\", \"true\")",
"description": null,
"allowed": true,
"inherited": false
},
"links": [
{
"rel": "update-self",
"href": "http://localhost:65471/management/expression-assignments/14"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/expression-assignments/14"
},
{
"rel": "policy-assignments",
"href": "http://localhost:65471/management/expression-assignments/14/policy-assignments"
}
]
},
{
"data": {
"expressionAssignmentId": "15",
"tenant": null,
"expression": "user=>user.HasClaim(\"smart\", \"true\")",
"description": null,
"allowed": false,
"inherited": false
},
"links": [
{
"rel": "update-self",
"href": "http://localhost:65471/management/expression-assignments/15"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/expression-assignments/15"
},
{
"rel": "policy-assignments",
"href": "http://localhost:65471/management/expression-assignments/15/policy-assignments"
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "http://localhost:65471/management/policies/180/expression-assignments/16?count=20&page=1",
"name": "current"
},
{
"rel": "page",
"href": "http://localhost:65471/management/policies/180/expression-assignments/16?count=20&page=1",
"name": "first"
},
{
"rel": "page",
"href": "http://localhost:65471/management/policies/180/expression-assignments/16?count=20&page=1",
"name": "last"
},
{
"rel": "policy",
"href": "http://localhost:65471/management/policies/180"
},
{
"rel": "role",
"href": "http://localhost:65471/management/roles/16"
},
{
"rel": "add-expression",
"href": "http://localhost:65471/management/policies/180/expression-assignments/16"
}
]
}
Assign Expression
Create a new expression assignment to a role in a policy
Request
POST /management/policies/{policyId}/expression-assignments/{roleId}
Data posted:
{
"Expression": "user=>user.HasClaim(\"tall\", \"true\")",
"Description": "expression description",
"Allowed": true
}
Update Expression Assignment
Updates an expression assignment based on assignment id
Request
PUT /management/expression-assignments/{assignmentId}
Data posted:
{
"Expression": "user=>user.HasClaim(\"tall\", \"true\")",
"Description": "expression description",
"Allowed": true
}
Delete Expression Assignment
Delete a expression assignment based on assignment id
Request
DELETE /management/expression-assignments/{assignmentId}
Get Policies for Subject
Get all policies that a subject is assigned to.
Request
GET /management/subjects/{subjectId}/policy-assignments
Response
Data returned:
{
"data": {
"totalCount": 1,
"totalPages": 1,
"items": [
{
"data": {
"policyId": "180",
"policyName": "test policy",
"policyPath": "test policy"
},
"links": [
{
"rel": "policy",
"href": "http://localhost:65471/management/policies/180"
},
{
"rel": "role-assignments",
"href": "http://localhost:65471/management/subjects/123/policies/180/role-assignments"
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "http://localhost:65471/management/subjects/123/policy-assignments?count=20&page=1",
"name": "current"
},
{
"rel": "page",
"href": "http://localhost:65471/management/subjects/123/policy-assignments?count=20&page=1",
"name": "first"
},
{
"rel": "page",
"href": "http://localhost:65471/management/subjects/123/policy-assignments?count=20&page=1",
"name": "last"
}
]
}
Get Roles for Subject by Policy
Get all roles that this subject is assigned to for a policy.
Request
GET /management/subjects/{subjectId}/policy-assignments/{policyId}/role-assignments
Response
Data returned:
{
"data": {
"totalCount": 1,
"totalPages": 1,
"items": [
{
"data": {
"policyId": "640",
"policyName": "policy 0",
"policyPath": "policy 0"
},
"links": [
{
"rel": "policy",
"href": "http://localhost:65471/management/policies/640"
},
{
"rel": "role-assignments",
"href": "http://localhost:65471/management/subjects/policy 0 role 0 subject 0/policies/640/role-assignments"
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "http://localhost:65471/management/subjects/policy 0 role 0 subject 0/policy-assignments?count=20&page=1",
"name": "current"
},
{
"rel": "page",
"href": "http://localhost:65471/management/subjects/policy 0 role 0 subject 0/policy-assignments?count=20&page=1",
"name": "first"
},
{
"rel": "page",
"href": "http://localhost:65471/management/subjects/policy 0 role 0 subject 0/policy-assignments?count=20&page=1",
"name": "last"
}
]
}
Get Policies for Identity Role
Get all policies that this identity role is assigned to.
Request
GET /management/identityroles/{identityRoleName}/policy-assignments
Response
Data returned:
{
"data": {
"totalCount": 1,
"totalPages": 1,
"items": [
{
"data": {
"policyId": "180",
"policyName": "test policy",
"policyPath": "test policy"
},
"links": [
{
"rel": "policy",
"href": "http://localhost:65471/management/policies/180"
},
{
"rel": "role-assignments",
"href": "http://localhost:65471/management/identityroles/Admin/policies/180/role-assignments"
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "http://localhost:65471/management/identityroles/Admin/policy-assignments?count=20&page=1",
"name": "current"
},
{
"rel": "page",
"href": "http://localhost:65471/management/identityroles/Admin/policy-assignments?count=20&page=1",
"name": "first"
},
{
"rel": "page",
"href": "http://localhost:65471/management/identityroles/Admin/policy-assignments?count=20&page=1",
"name": "last"
}
]
}
Get Roles for Identity Role by Policy
Get all roles that this identity role is assigned to for a policy.
Request
GET /management/identityroles/{identityRoleName}/policies/{policyId}/role-assignments
Response
Data returned:
{
"data": {
"totalCount": 1,
"totalPages": 1,
"items": [
{
"data": {
"roleId": "611",
"tenant": null,
"roleTenant": null,
"roleName": "policy 0 role 0",
"identityRoleAssignmentId": "6",
"allowed": true
},
"links": [
{
"rel": "role",
"href": "http://localhost:65471/management/roles/611"
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "http://localhost:65471/management/identityroles/policy 0 role 0 identity role 0/policies/640/role-assignments?count=20&page=1",
"name": "current"
},
{
"rel": "page",
"href": "http://localhost:65471/management/identityroles/policy 0 role 0 identity role 0/policies/640/role-assignments?count=20&page=1",
"name": "first"
},
{
"rel": "page",
"href": "http://localhost:65471/management/identityroles/policy 0 role 0 identity role 0/policies/640/role-assignments?count=20&page=1",
"name": "last"
},
{
"rel": "policy",
"href": "http://localhost:65471/management/policies/640"
}
]
}
Get Expression Assignment Policies
Get all policies that this expression is assigned to.
Request
GET /management/expression-assignments/{assignmentId}/policy-assignments
Response
Data returned:
{
"data": {
"totalCount": 1,
"totalPages": 1,
"items": [
{
"data": {
"policyId": "180",
"policyName": "test policy",
"policyPath": "test policy"
},
"links": [
{
"rel": "policy",
"href": "http://localhost:65471/management/policies/180"
},
{
"rel": "role-assignments",
"href": "http://localhost:65471/management/expression-assignments/14/policies/180/role-assignments"
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "http://localhost:65471/management/expression-assignments/14/policy-assignments?count=20&page=1",
"name": "current"
},
{
"rel": "page",
"href": "http://localhost:65471/management/expression-assignments/14/policy-assignments?count=20&page=1",
"name": "first"
},
{
"rel": "page",
"href": "http://localhost:65471/management/expression-assignments/14/policy-assignments?count=20&page=1",
"name": "last"
}
]
}
Get Roles for Expression by Policy
Get all roles that this expression is assigned to for a policy.
Request
GET GET /management/expression-assignments/{assignmentId}/policies/{policyId}/role-assignments
Response
Data returned:
{
"data": {
"totalCount": 1,
"totalPages": 1,
"items": [
{
"data": {
"roleId": "611",
"tenant": null,
"roleTenant": null,
"roleName": "policy 0 role 0",
"expressionAssignmentId": "4",
"allowed": true
},
"links": [
{
"rel": "role",
"href": "http://localhost:65471/management/roles/611"
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "http://localhost:65471/management/expression-assignments/4/policies/640/role-assignments?count=20&page=1",
"name": "current"
},
{
"rel": "page",
"href": "http://localhost:65471/management/expression-assignments/4/policies/640/role-assignments?count=20&page=1",
"name": "first"
},
{
"rel": "page",
"href": "http://localhost:65471/management/expression-assignments/4/policies/640/role-assignments?count=20&page=1",
"name": "last"
},
{
"rel": "policy",
"href": "http://localhost:65471/management/policies/640"
}
]
}
Get Policies for Role
Get all policies that a role is assigned to.
Request
GET /management/roles/{roleId}/policy-assignments
Response
Data returned:
{
"data": {
"totalCount": 1,
"totalPages": 1,
"items": [
{
"data": {
"policyId": "180",
"policyName": "test policy",
"policyPath": "test policy"
},
"links": [
{
"rel": "policy",
"href": "http://localhost:65471/management/policies/180"
},
{
"rel": "permission-assignments",
"href": "http://localhost:65471/management/roles/16/policies/180/permission-assignments"
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "http://localhost:65471/management/roles/16/policy-assignments?count=20&page=1",
"name": "current"
},
{
"rel": "page",
"href": "http://localhost:65471/management/roles/16/policy-assignments?count=20&page=1",
"name": "first"
},
{
"rel": "page",
"href": "http://localhost:65471/management/roles/16/policy-assignments?count=20&page=1",
"name": "last"
},
{
"rel": "role",
"href": "http://localhost:65471/management/roles/16"
}
]
}
Get Permissions for Role by Policy
Get all permission assignments for a role in a policy.
Request
GET /management/roles/{roleId}/policies/{policyId}/permission-assignments
Response
Data returned:
{
"data": {
"totalCount": 1,
"totalPages": 1,
"items": [
{
"data": {
"tenant": null,
"permissionId": "18",
"permissionName": "test permission",
"assignmentId": "16"
},
"links": [
{
"rel": "permission",
"href": "http://localhost:65471/management/permissions/18"
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "http://localhost:65471/management/roles/16/policies/180/permission-assignments?count=20&page=1",
"name": "current"
},
{
"rel": "page",
"href": "http://localhost:65471/management/roles/16/policies/180/permission-assignments?count=20&page=1",
"name": "first"
},
{
"rel": "page",
"href": "http://localhost:65471/management/roles/16/policies/180/permission-assignments?count=20&page=1",
"name": "last"
},
{
"rel": "policy",
"href": "http://localhost:65471/management/policies/180"
},
{
"rel": "role",
"href": "http://localhost:65471/management/roles/16"
}
]
}
Get Policies for Permission
Get all policies that a permission is assigned to.
Request
GET /management/permissions/{permissionId}/policy-assignments
Response
Data returned:
{
"data": {
"totalCount": 1,
"totalPages": 1,
"items": [
{
"data": {
"policyId": "180",
"policyName": "test policy",
"policyPath": "test policy"
},
"links": [
{
"rel": "policy",
"href": "http://localhost:65471/management/policies/180"
},
{
"rel": "role-assignments",
"href": "http://localhost:65471/management/permissions/18/policies/180/role-assignments"
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "http://localhost:65471/management/permissions/18/policy-assignments?count=20&page=1",
"name": "current"
},
{
"rel": "page",
"href": "http://localhost:65471/management/permissions/18/policy-assignments?count=20&page=1",
"name": "first"
},
{
"rel": "page",
"href": "http://localhost:65471/management/permissions/18/policy-assignments?count=20&page=1",
"name": "last"
},
{
"rel": "permission",
"href": "http://localhost:65471/management/permissions/18"
}
]
}
Get Roles for Permission by Policy
Get all role assignments to a permission in a policy.
Request
GET /management/permissions/{permissionId}/policies/{policyId}/role-assignments
Response
Data returned:
{
"data": {
"totalCount": 1,
"totalPages": 1,
"items": [
{
"data": {
"tenant": null,
"roleId": "16",
"roleName": "test role",
"roleTenant": null,
"assignmentId": "16"
},
"links": [
{
"rel": "role",
"href": "http://localhost:65471/management/roles/16"
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "http://localhost:65471/management/permissions/18/policies/180/role-assignments?count=20&page=1",
"name": "current"
},
{
"rel": "page",
"href": "http://localhost:65471/management/permissions/18/policies/180/role-assignments?count=20&page=1",
"name": "first"
},
{
"rel": "page",
"href": "http://localhost:65471/management/permissions/18/policies/180/role-assignments?count=20&page=1",
"name": "last"
},
{
"rel": "policy",
"href": "http://localhost:65471/management/policies/180"
},
{
"rel": "permission",
"href": "http://localhost:65471/management/permissions/18"
}
]
}
Gets Claim to Permission Assignments for a policy
Get list of claims assignments to a permission in a policy.
Request
GET /management/policies/{policyId}/claim-permission-assignments/{permissionId}
Response
Data returned:
{
"data": {
"tenant": null,
"totalCount": 3,
"totalPages": 1,
"currentPage": 1,
"items": [
{
"data": {
"claimToPermissionAssignmentId": 4,
"tenant": null,
"claimType": "role",
"claimValue": "admin",
"allowed": true,
"description": "admin"
},
"links": [
{
"rel": "self",
"href": "https://localhost:65471/management/claim-permission-assignments/4",
"name": null
},
{
"rel": "update-self",
"href": "https://localhost:65471/management/claim-permission-assignments/4",
"name": null
},
{
"rel": "delete-self",
"href": "https://localhost:65471/management/claim-permission-assignments/4",
"name": null
}
]
},
{
"data": {
"claimToPermissionAssignmentId": 1,
"tenant": null,
"claimType": "sub",
"claimValue": "1",
"allowed": false,
"description": "bob"
},
"links": [
{
"rel": "self",
"href": "https://localhost:65471/management/claim-permission-assignments/1",
"name": null
},
{
"rel": "update-self",
"href": "https://localhost:65471/management/claim-permission-assignments/1",
"name": null
},
{
"rel": "delete-self",
"href": "https://localhost:65471/management/claim-permission-assignments/1",
"name": null
}
]
},
{
"data": {
"claimToPermissionAssignmentId": 7,
"tenant": null,
"claimType": "sub",
"claimValue": "2",
"allowed": true,
"description": "alice"
},
"links": [
{
"rel": "self",
"href": "https://localhost:65471/management/claim-permission-assignments/7",
"name": null
},
{
"rel": "update-self",
"href": "https://localhost:65471/management/claim-permission-assignments/7",
"name": null
},
{
"rel": "delete-self",
"href": "https://localhost:65471/management/claim-permission-assignments/7",
"name": null
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "https://localhost:65471/management/policies/379/claim-permission-assignments/68{?tenant,count,page}",
"name": "template"
},
{
"rel": "page",
"href": "https://localhost:65471/management/policies/379/claim-permission-assignments/68?count=10&page=1",
"name": "current"
},
{
"rel": "page",
"href": "https://localhost:65471/management/policies/379/claim-permission-assignments/68?count=10&page=1",
"name": "first"
},
{
"rel": "page",
"href": "https://localhost:65471/management/policies/379/claim-permission-assignments/68?count=10&page=1",
"name": "last"
},
{
"rel": "policy",
"href": "https://localhost:65471/management/policies/379",
"name": null
},
{
"rel": "permission",
"href": "https://localhost:65471/management/permissions/68",
"name": null
},
{
"rel": "add-claim-permission-assignment",
"href": "https://localhost:65471/management/policies/379/claim-permission-assignments/68",
"name": null
}
]
}
Add Claim to Permission Assignments for a policy
Add claim to permission assignment in for a policy
Request
POST /management/policies/{policyId}/claim-permission-assignments/{permissionId}
Data posted:
{
"policyId": 379,
"permissionId": 68,
"claimType": "sub",
"claimValue": "1",
"allowed": true,
"description": "bob",
"isSystem": true,
"tenant": ""
}
Gets a claim to permission assignment
Request
GET /management/claim-permission-assignments/{claimPermissionAssignmentId}
Response
Data returned:
{
"data": {
"claimToPermissionAssignmentId": 1,
"tenant": null,
"claimType": "sub",
"claimValue": "1",
"allowed": false,
"description": "bob"
},
"links": [
{
"rel": "self",
"href": "https://localhost:65471/management/claim-permission-assignments/1",
"name": null
},
{
"rel": "update-self",
"href": "https://localhost:65471/management/claim-permission-assignments/1",
"name": null
},
{
"rel": "delete-self",
"href": "https://localhost:65471/management/claim-permission-assignments/1",
"name": null
},
{
"rel": "policy",
"href": "https://localhost:65471/management/policies/379",
"name": null
},
{
"rel": "permission",
"href": "https://localhost:65471/management/permissions/68",
"name": null
}
]
}
Update a claim to permission assignment
PUT /management/claim-permission-assignments/{claimPermissionAssignmentId}
Data posted:
{
"claimType": "sub",
"claimValue": "2",
"allowed": true,
"description": "Alice",
"claimToPermissionAssignmentId": 1,
"isSystem": true
}
Delete a claim to permission assignment
DELETE /management/claim-permission-assignments/{claimPermissionAssignmentId}
Gets aggregated claim to permission assignments for a policy
Gets all claim to permission assignment for a permission in a policy and parent policies and if same claim is assign in a parent and child policies, the value of the claim in the child policy is the one evaluated
Request
GET /management/claim-permission-assignments/{claimPermissionAssignmentId}
Response
Data returned:
{
"data": {
"tenant": null,
"totalCount": 3,
"totalPages": 1,
"currentPage": 1,
"items": [
{
"data": {
"tenant": null,
"claimType": "role",
"claimValue": "admin",
"allowed": true,
"description": "admin",
"claimToPermissionAssignmentId": "4",
"assignmentInherited": false
},
"links": [
{
"rel": "self",
"href": "https://localhost:65471/management/claim-permission-assignments/4",
"name": null
},
{
"rel": "update-self",
"href": "https://localhost:65471/management/claim-permission-assignments/4",
"name": null
},
{
"rel": "delete-self",
"href": "https://localhost:65471/management/claim-permission-assignments/4",
"name": null
}
]
},
{
"data": {
"tenant": null,
"claimType": "sub",
"claimValue": "1",
"allowed": false,
"description": "bob",
"claimToPermissionAssignmentId": "1",
"assignmentInherited": false
},
"links": [
{
"rel": "self",
"href": "https://localhost:65471/management/claim-permission-assignments/1",
"name": null
},
{
"rel": "update-self",
"href": "https://localhost:65471/management/claim-permission-assignments/1",
"name": null
},
{
"rel": "delete-self",
"href": "https://localhost:65471/management/claim-permission-assignments/1",
"name": null
}
]
},
{
"data": {
"tenant": null,
"claimType": "sub",
"claimValue": "2",
"allowed": true,
"description": "alice",
"claimToPermissionAssignmentId": "7",
"assignmentInherited": false
},
"links": [
{
"rel": "self",
"href": "https://localhost:65471/management/claim-permission-assignments/7",
"name": null
},
{
"rel": "update-self",
"href": "https://localhost:65471/management/claim-permission-assignments/7",
"name": null
},
{
"rel": "delete-self",
"href": "https://localhost:65471/management/claim-permission-assignments/7",
"name": null
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "https://localhost:65471/management/policies/379/aggregated-claim-permission-assignments/68{?tenant,count,page}",
"name": "template"
},
{
"rel": "page",
"href": "https://localhost:65471/management/policies/379/aggregated-claim-permission-assignments/68?count=10&page=1",
"name": "current"
},
{
"rel": "page",
"href": "https://localhost:65471/management/policies/379/aggregated-claim-permission-assignments/68?count=10&page=1",
"name": "first"
},
{
"rel": "page",
"href": "https://localhost:65471/management/policies/379/aggregated-claim-permission-assignments/68?count=10&page=1",
"name": "last"
},
{
"rel": "policy",
"href": "https://localhost:65471/management/policies/379",
"name": null
},
{
"rel": "permission",
"href": "https://localhost:65471/management/permissions/68",
"name": null
}
]
}
Get Role Assignments for Permission by Policy
Get aggregated role assignment details from the policy hierarchy for a permission in a policy.
Request
GET /management/policies/{policyId}/role-assignments/{permissionId}
Response
Data returned:
{
"data": {
"totalCount": 1,
"totalPages": 1,
"items": [
{
"data": {
"tenant": null,
"roleId": "16",
"roleName": "test role",
"roleTenant": null,
"roleDescription": "role description",
"roleAssignmentId": null,
"assigned": false,
"assignmentInherited": false
},
"links": [
{
"rel": "create-assignment",
"href": "http://localhost:65471/management/policies/180/role-assignments/18/16"
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "http://localhost:65471/management/policies/180/role-assignments/18?count=20&page=1",
"name": "current"
},
{
"rel": "page",
"href": "http://localhost:65471/management/policies/180/role-assignments/18?count=20&page=1",
"name": "first"
},
{
"rel": "page",
"href": "http://localhost:65471/management/policies/180/role-assignments/18?count=20&page=1",
"name": "last"
},
{
"rel": "policy",
"href": "http://localhost:65471/management/policies/180"
},
{
"rel": "permission",
"href": "http://localhost:65471/management/permissions/18"
}
]
}
Get Permission Assignments for Role by Policy
Get aggregated permission assignment details from the policy hierarchy for a role in a policy.
Request
GET /management/policies/{policyId}/permission-assignments/{roleId}
Response
Data returned:
{
"data": {
"tenant": null,
"totalCount": 1,
"totalPages": 1,
"currentPage": 1,
"items": [
{
"data": {
"tenant": null,
"permissionId": "14",
"permissionName": "Test Permission",
"permissionDescription": null,
"assignmentId": "729",
"assigned": true,
"assignmentInherited": false
},
"links": [
{
"rel": "delete-assignment",
"href": "http://localhost:65471/management/permission-assignments/729"
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "http://localhost:65471/management/policies/1509/permission-assignments/222?count=20&page=1",
"name": "current"
},
{
"rel": "page",
"href": "http://localhost:65471/management/policies/1509/permission-assignments/222?count=20&page=1",
"name": "first"
},
{
"rel": "page",
"href": "http://localhost:65471/management/policies/1509/permission-assignments/222?count=20&page=1",
"name": "last"
},
{
"rel": "self",
"href": "policies/1509/permission-assignments/222"
},
{
"rel": "policy",
"href": "http://localhost:65471/management/policies/1509"
},
{
"rel": "role",
"href": "http://localhost:65471/management/roles/222"
}
]
}
Assign Role to Permission by Policy
Assign a role to a permission in a policy.
Request
POST /management/policies/{policyId}/role-assignments/{permissionId}/{roleId}
Unassign Role to Permission by Policy
Unassign an existing assignment of a role to a permission in a policy.
Request
DELETE /management/permission-assignments/{assignmentId}
Get Tenants
List all tenants
Request
GET /management/tenants?filter={some name}
Optional Request Parameters
filter: Filters the results based on the value passed. The value is compared to the name.
Response
Data returned:
{
"data": {
"totalCount": 2,
"totalPages": 1,
"items": [
{
"data": {
"tenantId": "177",
"name": "tenant1",
"description": "t1 desc"
},
"links": [
{
"rel": "self",
"href": "http://localhost:65471/management/tenants/177"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/tenants/177"
},
{
"rel": "tenants",
"href": "http://localhost:65471/management/tenants/177/tenants"
},
{
"rel": "add-tenant",
"href": "http://localhost:65471/management/tenants/177/tenants"
}
]
},
{
"data": {
"tenantId": "180",
"name": "tenant2",
"description": "t2 desc"
},
"links": [
{
"rel": "self",
"href": "http://localhost:65471/management/tenants/180"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/tenants/180"
},
{
"rel": "tenants",
"href": "http://localhost:65471/management/tenants/180/tenants"
},
{
"rel": "add-tenant",
"href": "http://localhost:65471/management/tenants/180/tenants"
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "http://localhost:65471/management/tenants?count=20&page=1",
"name": "current"
},
{
"rel": "page",
"href": "http://localhost:65471/management/tenants?count=20&page=1",
"name": "first"
},
{
"rel": "page",
"href": "http://localhost:65471/management/tenants?count=20&page=1",
"name": "last"
},
{
"rel": "add-tenant",
"href": "http://localhost:65471/management/tenants"
}
]
}
Delete Tenant by Id
Request
DELETE /management/tenants/{tenantId}
Add Tenant
Add a new tenant
Request
POST /management/tenants
Data posted:
{
"Name": "tenant1",
"Description": "t1 desc"
}
Get Tenant Details
Request
GET /management/tenants/{tenantId}
Response
Data returned:
{
"data": {
"tenantId": "181",
"name": "tenant1",
"description": "t1 desc"
},
"links": [
{
"rel": "self",
"href": "http://localhost:65471/management/tenants/181"
},
{
"rel": "update-self",
"href": "http://localhost:65471/management/tenants/181"
},
{
"rel": "delete-self",
"href": "http://localhost:65471/management/tenants/181"
},
{
"rel": "tenants",
"href": "http://localhost:65471/management/tenants/181/tenants"
},
{
"rel": "add-tenant",
"href": "http://localhost:65471/management/tenants/181/tenants"
}
]
}
Update Tenant
Request
PUT /management/tenants/{tenantId}
Data posted:
{
"Name": "new tenant name",
"Description": "new description"
}
Add child tenant
Add a new child tenant for a tenant by id
Request
POST /management/tenants/{tenantId}/tenants
Data posted:
{
"Name": "t1child"
}
Get Policy assignments for tenant
Get the policies that has tenant roles
Request
GET /management/tenants/{tenantId}/policy-assignments
Response
Data returned:
{
"data": {
"totalCount": 1,
"totalPages": 1,
"currentPage": 1,
"items": [
{
"data": {
"policyId": "111",
"policyName": "test policy",
"policyPath": "test policy"
},
"links": [
{
"rel": "policy",
"href": "https://localhost:65471/management/policies/111",
"name": null
},
{
"rel": "roles",
"href": "https://localhost:65471/management/tenants/2/policies/111/roles",
"name": null
},
{
"rel": "role-assignments",
"href": "https://localhost:65471/management/tenants/2/policies/111/role-assignments",
"name": null
},
{
"rel": "permission-assignments",
"href": "https://localhost:65471/management/tenants/2/policies/111/permission-assignments",
"name": null
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policy-assignments{?count,page}",
"name": "template"
},
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policy-assignments?count=10&page=1",
"name": "current"
},
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policy-assignments?count=10&page=1",
"name": "first"
},
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policy-assignments?count=10&page=1",
"name": "last"
}
]
}
Get Roles in Policy For Tenant
Get the tenant roles in policies assigned to tenant
Request
GET /management/tenants/{tenantId}/policies/{policyId}/roles
Response
Data returned:
{
"data": {
"totalCount": 1,
"totalPages": 1,
"currentPage": 1,
"items": [
{
"data": {
"roleId": "14",
"name": "tenantRole",
"description": null
},
"links": [
{
"rel": "role",
"href": "https://localhost:65471/management/roles/14",
"name": null
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/roles{?count,page}",
"name": "template"
},
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/roles?count=10&page=1",
"name": "current"
},
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/roles?count=10&page=1",
"name": "first"
},
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/roles?count=10&page=1",
"name": "last"
}
]
}
Get Role assignments in Policy For Tenant
Get the tenant roles assignments in policies assigned to tenant
Request
GET GET /management/tenants/{tenantId}/policies/{policyId}/role-assignments
Response
Data returned:
{
"data": {
"totalCount": 1,
"totalPages": 1,
"currentPage": 1,
"items": [
{
"data": {
"roleId": "14",
"name": "tenantRole",
"description": null
},
"links": [
{
"rel": "role",
"href": "https://localhost:65471/management/roles/14",
"name": null
},
{
"rel": "subject-assignments",
"href": "https://localhost:65471/management/tenants/2/policies/111/roles/14/subject-assignments",
"name": null
},
{
"rel": "identityrole-assignments",
"href": "https://localhost:65471/management/tenants/2/policies/111/roles/14/identityrole-assignments",
"name": null
},
{
"rel": "expression-assignments",
"href": "https://localhost:65471/management/tenants/2/policies/111/roles/14/expression-assignments",
"name": null
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/role-assignments{?count,page}",
"name": "template"
},
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/role-assignments?count=10&page=1",
"name": "current"
},
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/role-assignments?count=10&page=1",
"name": "first"
},
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/role-assignments?count=10&page=1",
"name": "last"
}
]
}
Get subject assignments in roles in Policy For Tenant
Get subject assignments in tenant roles assignments in policies assigned to tenant
Request
GET /management/tenants/{tenantId}/policies/{policyId}/roles/{roleId}/subject-assignments
Response
Data returned:
{
"data": {
"totalCount": 1,
"totalPages": 1,
"currentPage": 1,
"items": [
{
"data": {
"subjectId": "1",
"description": "sub1",
"allowed": true
},
"links": null
}
]
},
"links": [
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/roles/14/subject-assignments{?count,page}",
"name": "template"
},
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/roles/14/subject-assignments?count=10&page=1",
"name": "current"
},
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/roles/14/subject-assignments?count=10&page=1",
"name": "first"
},
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/roles/14/subject-assignments?count=10&page=1",
"name": "last"
}
]
}
Get identity role assignments in roles in Policy For Tenant
Get identity role assignments in tenant roles assignments in policies assigned to tenant
Request
GET /management/tenants/{tenantId}/policies/{policyId}/roles/{roleId}/identityrole-assignments
Response
Data returned:
{
"data": {
"totalCount": 1,
"totalPages": 1,
"currentPage": 1,
"items": [
{
"data": {
"identityRole": "IdentityRoleTenant",
"description": null,
"allowed": true
},
"links": null
}
]
},
"links": [
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/roles/14/identityrole-assignments{?count,page}",
"name": "template"
},
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/roles/14/identityrole-assignments?count=10&page=1",
"name": "current"
},
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/roles/14/identityrole-assignments?count=10&page=1",
"name": "first"
},
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/roles/14/identityrole-assignments?count=10&page=1",
"name": "last"
}
]
}
Get expression assignments in roles in Policy For Tenant
Get expression assignments in tenant roles assignments in policies assigned to tenant
Request
GET /management/tenants/{tenantId}/policies/{policyId}/roles/{roleId}/expression-assignments
Response
Data returned:
{
"data": {
"totalCount": 1,
"totalPages": 1,
"currentPage": 1,
"items": [
{
"data": {
"expressionAssignmentId": "4",
"expression": "user=>user.HasClaim(\"tenant\", \"true\")",
"description": "",
"allowed": true
},
"links": null
}
]
},
"links": [
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/roles/14/expression-assignments{?count,page}",
"name": "template"
},
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/roles/14/expression-assignments?count=10&page=1",
"name": "current"
},
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/roles/14/expression-assignments?count=10&page=1",
"name": "first"
},
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/roles/14/expression-assignments?count=10&page=1",
"name": "last"
}
]
}
Get permission assignments in Policy For Tenant
Get permission assignments in policies assigned to tenant
Request
GET /management/tenants/{tenantId}/policies/{policyId}/permission-assignments
Response
Data returned:
{
"data": {
"totalCount": 1,
"totalPages": 1,
"currentPage": 1,
"items": [
{
"data": {
"permissionId": "12",
"name": "test permission",
"description": "permission description"
},
"links": [
{
"rel": "permission",
"href": "https://localhost:65471/management/permissions/12",
"name": null
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/permission-assignments{?count,page}",
"name": "template"
},
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/permission-assignments?count=10&page=1",
"name": "current"
},
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/permission-assignments?count=10&page=1",
"name": "first"
},
{
"rel": "page",
"href": "https://localhost:65471/management/tenants/2/policies/111/permission-assignments?count=10&page=1",
"name": "last"
}
]
}
Search Users
Request
GET /management/search/users?filter={some name}&tenant={tenant identifier}
Optional Request Parameters
filter: Filters the results based on the value passed.
tenant: Scopes the results based on the tenant identifier passed.
Response
Data returned:
{
"data": {
"totalCount": 4,
"totalPages": 1,
"items": [
{
"data": {
"subjectId": "ac682857-d507-4b87-934c-ac93785d6183",
"displayName": "Aqshgrp Rjmoivz (Aqshgrp.Rjmoivz@Rjxxtrx.com) tenant1"
},
"links": [
{
"rel": "role-assignments",
"href": "http://localhost:65471/management/subjects/ac682857-d507-4b87-934c-ac93785d6183/role-assignments"
}
]
},
{
"data": {
"subjectId": "09270580-20ac-4852-9ff2-d44bb0037225",
"displayName": "Rgrplqs Kfkikjz (Rgrplqs.Kfkikjz@Msswfvl.com) no-tenant"
},
"links": [
{
"rel": "role-assignments",
"href": "http://localhost:65471/management/subjects/09270580-20ac-4852-9ff2-d44bb0037225/role-assignments"
}
]
},
{
"data": {
"subjectId": "5c691d16-fbd4-438d-a755-2367ee8b82e0",
"displayName": "Rrofdkl Ogrpkis (Rrofdkl.Ogrpkis@Agujevv.com) tenant3"
},
"links": [
{
"rel": "role-assignments",
"href": "http://localhost:65471/management/subjects/5c691d16-fbd4-438d-a755-2367ee8b82e0/role-assignments"
}
]
},
{
"data": {
"subjectId": "ef53647d-7e56-42d8-8136-7e286d9b5b24",
"displayName": "Szziwsg Mottvze (Szziwsg.Mottvze@Fgrpvzx.com) tenant2"
},
"links": [
{
"rel": "role-assignments",
"href": "http://localhost:65471/management/subjects/ef53647d-7e56-42d8-8136-7e286d9b5b24/role-assignments"
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "http://localhost:65471/management/search/users?filter=grp&count=20&page=1",
"name": "current"
},
{
"rel": "page",
"href": "http://localhost:65471/management/search/users?filter=grp&count=20&page=1",
"name": "first"
},
{
"rel": "page",
"href": "http://localhost:65471/management/search/users?filter=grp&count=20&page=1",
"name": "last"
}
]
}
Search Roles
Request
GET /management/search/roles?filter={some name}&tenant={tenant identifier}
Optional Request Parameters
filter: Filters the results based on the value passed.
tenant: Scopes the results based on the tenant identifier passed.
Response
Data returned:
{
"data": {
"totalCount": 1,
"totalPages": 1,
"items": [
{
"data": {
"roleName": "20ab8376-ed0e-4e99-a900-c22375aa5a3e",
"description": "Aeoiwso tenant1"
},
"links": [
{
"rel": "role-assignments",
"href": "http://localhost:65471/management/identityroles/20ab8376-ed0e-4e99-a900-c22375aa5a3e/role-assignments"
}
]
}
]
},
"links": [
{
"rel": "page",
"href": "http://localhost:65471/management/search/roles?filter=Aeo&count=20&page=1",
"name": "current"
},
{
"rel": "page",
"href": "http://localhost:65471/management/search/roles?filter=Aeo&count=20&page=1",
"name": "first"
},
{
"rel": "page",
"href": "http://localhost:65471/management/search/roles?filter=Aeo&count=20&page=1",
"name": "last"
}
]
}