The relation of the resource with the Project
The type of the resource
Grant access to a resource to an entity. The result of this call is that the specified entity will have permission to take the specified action against the specified resource. Restrictions:
Add a single member to a group.
Restrictions:
The calling principal must have permission to take the manageMembers action against the group identified by the provided group HRN.
Example: In order to add a member to the group, GROUP-8e270653-f592-45a8-88d7-46d409ccfa8a, a permission with the following would be required:
"action" : "manageMembers"
"resource" : "hrn:here:authorization::myrealm:group/GROUP-8e270653-f592-45a8-88d7-46d409ccfa8a"
This API works only with tokens that are not scoped to a project.
Add the member to the requested Project.
Access Control:
User Access Token & Client Access Token
The calling principal must have permission to take the manageMembers action for the specified resource.
Example: In order to add a member to the Project, the following permission would be required:
"action" : "manageMembers"
"resource" : "hrn:here:authorization::myrealm:project/my-project-0000"
This API works only with tokens that are not scoped to a project.
Add the resource to the requested Project as a home or a reference(link).
Access Control:
User Access Token & Client Access Token When relation=home The requested resource will be assigned the requested project as its resource home. The resource MUST NOT already have an existing resource home.
The calling principal must have permission to take the manageResourceHome action for the specified project AND the share action for the specified resource.
Example: In order to add resource "hrn:here:data::myrealm:my-catalog-0000" to the project "hrn:here:authorization::myrealm:project/my-project-0000", the following permissions would be required:
Permission 1:
"action" : "manageResourceHome"
"resource" : "hrn:here:authorization::myrealm:project/my-project-0000"
Permission 2:
"action" : "share"
"resource" : "hrn:here:data::myrealm:my-catalog-0000" When relation=reference Link the resource to the requested Project as a reference(link). The requested resource will be assigned to the requested project as reference(link).
The resource MUST be available to the caller to attach as a resource reference(link). A resource is referenceable if it has been marked as referenceable and the caller has permission to all reference enabled actions against the resource OR The resource has been made linkable to the project/realm for the project linking enabled action The exclusive list of resources available to the caller to attach as a resource reference(link) is accessible via a call to /resources?referenceable=true or /resources?linkable=true
OR
Assign the role provided to the given entity. If the provided role is associated with a group, the entity being assigned the role must be a member of the associated group. Restrictions:
Attaches the Project Policy to the member of the Project.
Access Control:
User Access Token & Client Access Token
The calling principal must have permission to take the manageMembers action for the specified resource.
Example: In order to attach a custom policy in a Project to a member, the following permissions would be required:
"action" : "manageMembers"
"resource" : "hrn:here:authorization::myrealm:project/my-project-0000" AND
"action" : "managePolicies"
"resource" : "hrn:here:authorization::myrealm:project/my-project-0000"
In the Project workflow, the above permission is granted to all Project Admins and Resource Managers
This API works only with tokens that are not scoped to a project.
Cancel an invitation to the realm. Restrictions:
Checks whether a project exists with requested project hrn in caller realm.
If project does not exist in the same realm it will return 404.
Create a group within the realm that is associated with the calling party. The calling party will be made a member and an administrator of the created group.
Restrictions:
The calling principal must have permission to take the createGroup action against the realm associated with the calling party.
Example: In order to create a group within the calling party's realm a permission with the following would be required:
"action" : "createGroup"
"resource" : "hrn:here:account::myrealm:realm/myrealm"
This API works only with tokens that are not scoped to a project.
Create the requested Project in the callers realm Access Control:
Create the requested custom policy in the Project
Access Control:
User Access Token & Client Access Token
The calling principal must have permission to take the managePolicies action for the specified resource.
Example: In order to create a custom policy in a Project, the following permission would be required:
"action" : "managePolicies"
"resource" : "hrn:here:authorization::myrealm:project/my-project-0000"
In the Project workflow, the above permission is granted to all Project Admins and Resource Managers
This API works only with tokens that are not scoped to a project.
Create and send an invitation to add a new member to the realm, optionally assign membership to one or more groups if the Inviter is also a GroupAdmin for the group. Restrictions:
Delete the group identified by the provided group HRN.
Restrictions:
The calling principal must have permission to take the deleteGroup action against the group identified by the provided group HRN.
Example: In order to delete the group, GROUP-8e270653-f592-45a8-88d7-46d409ccfa8a, a permission with the following would be required:
"action" : "deleteGroup"
"resource" : "hrn:here:authorization::myrealm:group/GROUP-8e270653-f592-45a8-88d7-46d409ccfa8a"
This API works only with tokens that are not scoped to a project.
Delete the specified Project Access Control:
Remove the member from the specified Project Access Control:
Delete the custom policy in the Project
Access Control:
User Access Token & Client Access Token
The calling principal must have permission to take the managePolicies action for the specified resource.
Example: In order to update a custom policy in a Project, the following permission would be required:
"action" : "managePolicies"
"resource" : "hrn:here:authorization::myrealm:project/my-project-0000"
In the Project workflow, the above permission is granted to all Project Admins and Resource Managers
This API works only with tokens that are not scoped to a project.
Remove the resource from the project. The requested resource may only be linked as a reference, removing a home resource requires deleting the resource from the resource service.
Access Control:
User Access Token & Client Access Token
The calling principal must have permission to take the manageResourceReferences action for the specified project.
Example: In order to remove a resource reference(link) from the project "hrn:here:authorization::myrealm:project/my-project-0000", the following permission would be required:
"action" : "manageResourceReferences"
"resource" : "hrn:here:authorization::myrealm:project/my-project-0000"
This API works only with tokens that are not scoped to a project.
Remove the role provided to from the given member. Restrictions:
Detached the requested custom Project Policy from a Membber
Access Control:
User Access Token & Client Access Token
The calling principal must have permission to take the manageMembers action for the specified resource.
Example: In order to detach a custom policy in a Project from a member, the following permissions would be required:
"action" : "manageMembers"
"resource" : "hrn:here:authorization::myrealm:project/my-project-0000" AND
"action" : "managePolicies"
"resource" : "hrn:here:authorization::myrealm:project/my-project-0000"
In the Project workflow, the above permission is granted to all Project Admins and Resource Managers
This API works only with tokens that are not scoped to a project.
Get the list of all Projects in the Org
Access Control:
User Access Token & Client Access Token
The calling principal must have permission to take the listAllProjects action for the specified resource.
Example: In order to get a list of projects, the following permission would be required:
"action" : "listAllProjects"
This API works only with tokens that are not scoped to a project.
Get the list of all Project Members with the attached Policy
Access Control:
User Access Token & Client Access Token
The calling principal must have permission to take the read action for the specified resource.
Example: In order to read the list of all members attached to a project policy, the following permission would be required:
"action" : "read"
"resource" : "hrn:here:authorization::myrealm:project/my-project-0000"
In the Project workflow, the above permission is granted to all Project Members, Project Admins, Org Admins
This API works only with tokens that are not scoped to a project.
Get the list of Attached Project Policies For a Member
Access Control:
User Access Token & Client Access Token
The calling principal must have permission to take the read action for the specified resource.
Example: In order to read the list of the attached project policies, the following permission would be required:
"action" : "read"
"resource" : "hrn:here:authorization::myrealm:project/my-project-0000"
In the Project workflow, the above permission is granted to all Project Members, Project Admins, Org Admins
This API works only with tokens that are not scoped to a project.
Get the attached Project Policy For a Member
Access Control:
User Access Token & Client Access Token
The calling principal must have permission to take the read action for the specified resource.
Example: In order to read the attached project policy, the following permission would be required:
"action" : "read"
"resource" : "hrn:here:authorization::myrealm:project/my-project-0000"
In the Project workflow, the above permission is granted to all Project Members, Project Admins, Org Admins
This API works only with tokens that are not scoped to a project.
Retrieve the groups a given entity is a member of. Restrictions: The calling principal must have permission to take the readGroups action against the specified entity.
Retrieve the list of groups over which the provided entity has been granted the role of GroupAdmin. Restrictions:
Get a single grant given to an entity. This calls returns any permission to take the specified action against the specified resource on the requested entity. Restrictions:
Get grants. This call describes the permissions assigned to the specified entity that grant access to the specified resource.
Restrictions:
Retrieve the group identified by the provided group HRN.
Restrictions:
The calling principal must have permission to take the readMembers action against the realm associated with the calling party.
Example: In order to retrieve a group within the calling party's realm a permission with the following would be required:
"action" : "readMembers"
"resource" : "hrn:here:account::myrealm:realm/myrealm"
This API works only with tokens that are not scoped to a project.
Retrieve a single group member.
Restrictions:
The calling principal must have permission to take the readMembers action against the group identified by the provided group HRN.
Example: In order to retrieve a single member of the group, GROUP-8e270653-f592-45a8-88d7-46d409ccfa8a, a permission with the following would be required:
"action" : "readMembers"
"resource" : "hrn:here:authorization::myrealm:group/GROUP-8e270653-f592-45a8-88d7-46d409ccfa8a"
This API works only with tokens that are not scoped to a project.
Retrieve the list of members of the group identified by the provided group HRN.
Restrictions:
The calling principal must have permission to take the readMembers action against the group identified by the provided group HRN.
Example: In order to retrieve the members of the group, GROUP-8e270653-f592-45a8-88d7-46d409ccfa8a, a permission with the following would be required:
"action" : "readMembers"
"resource" : "hrn:here:authorization::myrealm:group/GROUP-8e270653-f592-45a8-88d7-46d409ccfa8a"
This API works only with tokens that are not scoped to a project.
List the roles which are associated with the provided group.
Restrictions:
Retrieve the list of groups within the realm associated with the calling party.
Restrictions:
The calling principal must have permission to take the readMembers action against the realm associated with the calling party.
Example: In order to list the groups within the calling party's realm a permission with the following would be required:
"action" : "readMembers"
"resource" : "hrn:here:account::myrealm:realm/myrealm"
This API works only with tokens that are not scoped to a project.
Get a list of ways this resource has been made linkable
Access Control:
The calling principal must have permission to take all the "requiredToMakeLinkable" actions against the service inferred via the reserved resource prefix of the resource in the path in the scope of the home project of the resource.
Example: In order to make a catalog linkable, the following permission would be required:
"action" : "manageResource"
"resource" : "hrn:here:data::olp-here:my-shared-catalog"
This API works only with tokens that are scoped to the home project of the resource.
Retrieve a list of groups of a member
This API works only with tokens that are not scoped to a project.
Retrieve the list of roles which have been assigned to the calling party. This API works only with tokens that are not scoped to a project.
Get the requested Project
Access Control:
User Access Token & Client Access Token
The calling principal must have permission to take the read action for the specified resource.
Example: In order to get a project, the following permission would be required:
"action" : "read"
"resource" : "hrn:here:authorization::myrealm:project/my-project-0000"
This API works only with tokens that are not scoped to a project.
Get the list of Projects you are a project admin or a member based on the "canManage" or "isMember" parameter's value.
Get the requested Project Member
Access Control:
Get the requested Project Policy
Access Control:
User Access Token & Client Access Token
The calling principal must have permission to take the read action for the specified resource.
Example: In order to read a project policy, the following permission would be required:
"action" : "read"
"resource" : "hrn:here:authorization::myrealm:project/my-project-0000"
In the Project workflow, the above permission is granted to all Project Members, Project Admins, Org Admins
This API works only with tokens that are not scoped to a project.
List the Policies that can be attached to members of the Project. This list will contain all the HERE provided policies and any custom user defined policies created in the Project.
Access Control:
User Access Token & Client Access Token
The calling principal must have permission to take the read action for the specified resource.
Example: In order to read a policy list of a Project, the following permission would be required:
"action" : "read"
"resource" : "hrn:here:authorization::myrealm:project/my-project-0000"
In the Project workflow, the above permission is granted to all Project Members, Project Admins, Org Admins
This API works only with tokens that are not scoped to a project.
Get the resource that is linked to the requested Project.
The requested resource may be linked as either a home or a reference(link).
Access Control:
User Access Token & Client Access Token
The calling principal must have permission to take the read action for the specified project
Example: In order to get resource "hrn:here:data::myrealm:my-catalog-0000" in the project "hrn:here:authorization::myrealm:project/my-project-0000", the following permission would be required:
"action" : "read"
"resource" : "hrn:here:authorization::myrealm:project/my-project-0000"
This API works only with tokens that are not scoped to a project.
Retrieve the user or application details of the member defined by memberId. Restrictions:
Retrieve the list of members within the realm. Restrictions:
Get the Resource that the caller is allowed to see based on the input query parameters
This API works only with tokens that are not scoped to a project.
Gets the actions list for the resource for the project based on the query parameters.
The list of available actions are filtered based on the relation of the resource, either home or reference with the allowed actions. This API provides a list of available actions during project workflows like linking or project policy creation.
Access Control:
User Access Token & Client Access Token
The calling principal must have permission to take the read action for the specified project
Example: In order to get resource "hrn:here:data::myrealm:my-catalog-0000" in the project "hrn:here:authorization::myrealm:project/my-project-0000", the following permission would be required:
"action" : "read"
"resource" : "hrn:here:authorization::myrealm:project/my-project-0000"
This API works only with tokens that are not scoped to a project.
Get the availability for linking this resource to either a project or realm.
Access Control:
The calling principal must have permission to take all the "requiredToMakeLinkable" actions against the service inferred via the reserved resource prefix of the resource in the path in the scope of the home project of the resource.
Example: In order to get the catalog linkability, the following permission would be required:
"action" : "manageResource"
"resource" : "hrn:here:data::olp-here:my-shared-catalog" This API works only with tokens that are scoped to the home project of the resource.
Get the list of Projects that the resource belongs to or is referenced in(linked to). The returned list will only include projects that are in the caller's realm.
Gets the actions list for the resource type based on the query parameters.
Get a list of Resources that the caller is allowed to see based on the input query parameters.
Get the role identified by the provided Role HRN.
Restrictions:
Example: In order to retrieve a role within the realm, MyRealm, a permission with the following would be required:
Retrieve the list of entities which have been assigned the role as identified by the provided role HRN.
Restrictions:
Example: In order to list the entities assigned the role, _ hrn:here:authorization::myrealm:role/ROLE-c1662138-a170-4264-ba18-7b506a708c37_, a permission with the following would be required:
Retrieve a single entity which has been assigned the role as identified by the provided role HRN.
Restrictions:
Get a single permission associated with the role identified by the provided Role HRN.
Restrictions:
Get the permissions associated with the role identified by the provided Role HRN.
Restrictions:
Example: In order to list role permissions for the specified role in realm MyRealm, a permission with the following would be required:
Retrieve the list of roles within the context of the provided realm.
Restrictions:
Remove the calling party from the group. This operation will also remove administrative roles from this member. This API works only with tokens that are not scoped to a project.
Remove the caller from the specified Project
Access Control:
List grants on user, apps, or groups. This call describes the permissions assigned to any user, app, or group in the same realm as the calling principal that has been granted access to the specified resource through an exact matching permission. Permissions granted through policies and roles are not included. Restrictions:
Get the list of members of the Project
Access Control:
User Access Token & Client Access Token
The calling principal must have permission to take the read action for the specified resource.
Example: In order to get a list of project members, the following permission would be required:
"action" : "read"
"resource" : "hrn:here:authorization::myrealm:project/my-project-0000"
This API works only with tokens that are not scoped to a project.
if 'onlyIncludeIdentities' query parameter is set to true, 'total' is NOT returned in Response
Get the list of resources in the requested Project & referenced in(linked to) the Project
Access Control:
User Access Token & Client Access Token
The calling principal must have permission to take the read action for the specified resource.
Example: In order to get the list of resources in the Project, the following permission would be required:
"action" : "read"
"resource" : "hrn:here:authorization::myrealm:project/my-project-0000"
This API works only with tokens that are not scoped to a project.
Get List of all the resources in the realm of the caller
Access Control:
User Access Token & Client Access Token
The calling principal must have permission to take the listRealmResources action for the specified resource.
Example: In order to get a list of projects, the following permission would be required:
"action" : "listRealmResources"
This API works only with tokens that are scoped to a project.
Adds a listing to make this resource linkable to either a project or entire realm.
The resource must belong to a project to be made linkable. Either projectHrn or realmHrn must be provided to make the resource linkable to.
Access Control:
The calling principal must have permission to take all the "requiredToMakeLinkable" actions against the service inferred via the reserved resource prefix of the resource in the path in the scope of the home project of the resource.
Example: In order to make a catalog linkable, the following permission would be required:
"action" : "manageResource"
"resource" : "hrn:here:data::olp-here:my-shared-catalog"
This API works only with tokens that are scoped to the home project of the resource.
Update the specified Project
Access Control:
Revoke access to a resource from an entity. The result of this call is that the specified entity will have any directly assigned permission to take the specified action against the specified resource removed.
Restrictions:
The realm of the calling principal must match the realm of the requested app.
The calling principal must have permission to take the removeGrant:{actionId} OR share action against the specified resource.
Example: In order to remove a grant for the readResource action against resource hrn:here:data:::my-shared-catalog a permission with the following would be required:
"action" : "removeGrant:readResource"
"resource" : "hrn:here:data:::my-shared-catalog" OR
"action" : "share"
"resource" : "hrn:here:data:::my-shared-catalog"
This API works only with tokens that are not scoped to a project.
Remove a member from the group. This operation will also remove administrative roles from this member.
Restrictions:
The calling principal must have permission to take the manageMembers action against the group identified by the provided group HRN.
Example: In order to remove a member from the group, GROUP-8e270653-f592-45a8-88d7-46d409ccfa8a, a permission with the following would be required:
"action" : "manageMembers"
"resource" : "hrn:here:authorization::myrealm:group/GROUP-8e270653-f592-45a8-88d7-46d409ccfa8a"
This API works only with tokens that are not scoped to a project.
Remove the linkability of this resource against the requested project or realm.
Resend an invitation to a new member to the realm. Restrictions:
Search for invitations in the realm, optionally providing a group. Restrictions:
Sets the Attached Policies list for the specified Project Member, overwriting any pre-existing Attached Policies. The request body will replace any pre-existing Policy attachment(s), and replace that list with those Policies identified in the request body.
Access Control:
User Access Token & Client Access Token
The calling principal must have permission to take the manageMembers action for the specified resource.
Example: In order to attach a custom policy in a Project to a member, the following permissions would be required:
"action" : "manageMembers"
"resource" : "hrn:here:authorization::myrealm:project/my-project-0000" AND * "action" : "managePolicies"
"resource" : "hrn:here:authorization::myrealm:project/my-project-0000"
In the Project workflow, the above permission is granted to all Project Admins and Resource Managers
This API works only with tokens that are not scoped to a project.
Update the group identified by the provided group HRN by updating all writable group fields including name and description.
Restrictions:
The calling principal must have permission to take the updateGroup action against the group identified by the provided group HRN.
Example: In order to modify the group, GROUP-8e270653-f592-45a8-88d7-46d409ccfa8a, a permission with the following would be required:
"action" : "updateGroup"
"resource" : "hrn:here:authorization::myrealm:group/GROUP-8e270653-f592-45a8-88d7-46d409ccfa8a"
This API works only with tokens that are not scoped to a project.
Update the requested custom policy in the Project
Access Control:
User Access Token & Client Access Token
The calling principal must have permission to take the managePolicies action for the specified resource.
Example: In order to update a custom policy in a Project, the following permission would be required:
"action" : "managePolicies"
"resource" : "hrn:here:authorization::myrealm:project/my-project-0000"
In the Project workflow, the above permission is granted to all Project Admins and Resource Managers
This API works only with tokens that are not scoped to a project.
Update the linkability of this resource against the requested project or realm.
Access Control: * The calling principal must have permission to take all the "requiredToMakeLinkable" actions against the service inferred via the reserved resource prefix of the resource in the path in the scope of the home project of the resource.
This API works only with tokens that are scoped to the home project of the resource.
Generated using TypeDoc
The relation of the resource with the Project.