IAM Policies API

IAM Policies API Reference

IAM Policies API Examples

Create the bearer_token and store in a file in a secure local directory with 0600 permissions.

IAM Policy Creation

Define the access_policies parameters and store in /path/to/jsonfile:

{
    "display_name": "Friendly name of the policy",
    "description": "Description of the policy",
    "filters": [
        { "or": [
            "attributes.arc_home_location_identity=locations/5ea815f0-4de1-4a84-9377-701e880fe8ae",
            "attributes.arc_home_location_identity=locations/27eed70b-9e2b-4db1-b8c4-e36505350dcc"
        ]},
        { "or": [
            "attributes.arc_display_type=Valve",
            "attributes.arc_display_type=Pump"
        ]},
        { "or": [
            "attributes.ext_vendor_name=SynsationIndustries"
        ]}
    ],
    "access_permissions": [
        {
            "asset_attributes_read": [ "toner_colour", "toner_type" ],
            "asset_attributes_write":["toner_colour"],
            "behaviours": [ "Attachments", "Firmware", "Maintenance", "RecordEvidence" ],
            "event_arc_display_type_read": ["toner_type", "toner_colour"],
            "event_arc_display_type_write": ["toner_replacement"],
            "include_attributes": [ "arc_display_name", "arc_display_type", "arc_firmware_version" ],
            "subjects": [
                "subjects/6a951b62-0a26-4c22-a886-1082297b063b",
                "subjects/a24306e5-dc06-41ba-a7d6-2b6b3e1df48d"
            ],
            "user_attributes": [
                {"or": ["group:maintainers", "group:supervisors"]}
            ]
        }
    ]
}

Create the access policy:

curl -v -X POST \
    -H "@$BEARER_TOKEN_FILE" \
    -H "Content-type: application/json" \
    -d "@/path/to/jsonfile" \
    https://app.rkvst.io/archivist/iam/v1/access_policies

The response is:

{
    "identity": "access_policies/3f5be24f-fd1b-40e2-af35-ec7c14c74d53",
    "display_name": "Friendly name of the policy",
    "description": "Description of the policy",
    "filters": [
        {"or": [
            "attributes.arc_home_location_identity=locations/5ea815f0-4de1-4a84-9377-701e880fe8ae",
            "attributes.arc_home_location_identity=locations/27eed70b-9e2b-4db1-b8c4-e36505350dcc"
        ]},
        {"or": [
            "attributes.arc_display_type=Valve",
            "attributes.arc_display_type=Pump"
        ]},
        {"or": [
            "attributes.ext_vendor_name=SynsationIndustries"
        ]}
    ],
    "access_permissions": [
        {
            "asset_attributes_read": [ "toner_colour", "toner_type" ],
            "asset_attributes_write":["toner_colour"],
            "behaviours": [ "Attachments", "Firmware", "Maintenance", "RecordEvidence" ],
            "event_arc_display_type_read": ["toner_type", "toner_colour"],
            "event_arc_display_type_write": ["toner_replacement"],
            "include_attributes": [ "arc_display_name", "arc_display_type", "arc_firmware_version" ],
            "subjects": [
                "subjects/6a951b62-0a26-4c22-a886-1082297b063b",
                "subjects/a24306e5-dc06-41ba-a7d6-2b6b3e1df48d"
            ],
            "user_attributes": [
                {"or": ["group:maintainers", "group:supervisors"]}
            ]
        }
    ]
}

IAM Policy Retrieval

IAM access policy records in RKVST are tokenized at creation time and referred to in all API calls and smart contracts throughout the system by a unique identity of the form:

access_policies/12345678-90ab-cdef-1234-567890abcdef

If you do not know the access_policy identity you can fetch IAM access policy records using other information you do know, such as the access_policy name.

Fetch all IAM access_policies (v1)

To fetch all IAM access_policies records, simply GET the iam/access_policies resource:

curl -v -X GET \
     -H "@$BEARER_TOKEN_FILE" \
     https://app.rkvst.io/archivist/iam/v1/access_policies

Fetch specific IAM access Policy by identity (v1)

If you know the unique identity of the IAM access policy Record simply GET the resource:

curl -v -X GET \
     -H "@$BEARER_TOKEN_FILE" \
     https://app.rkvst.io/archivist/iam/v1/access_policies/6a951b62-0a26-4c22-a886-1082297b063b

Fetch IAM Access Policies by name (v1)

To fetch all IAM access_policies with a specific name, GET the iam/access_policies resource and filter on display_name:

curl -g -v -X GET \
     -H "@$BEARER_TOKEN_FILE" \
     https://app.rkvst.io/archivist/iam/v1/access_policies?display_name=Some%20description

Each of these calls returns a list of matching IAM access_policies records in the form:

{
    "access_policies": [
        {
            "identity": "access_policies/6a951b62-0a26-4c22-a886-1082297b063b",
            "display_name": "Name to display",
            "description": "Description of the policy",
            "filters": [
                {"or": [
                    "attributes.arc_home_location_identity=locations/5ea815f0-4de1-4a84-9377-701e880fe8ae",
                    "attributes.arc_home_location_identity=locations/27eed70b-9e2b-4db1-b8c4-e36505350dcc"
                ]},
                {"or": [
                    "attributes.arc_display_type=Valve",
                    "attributes.arc_display_type=Pump"
                ]},
                {"or": [
                    "attributes.ext_vendor_name=SynsationIndustries"
                ]}
            ],
            "access_permissions": [
                {
                    "asset_attributes_read": [ "toner_colour", "toner_type" ],
                    "asset_attributes_write":["toner_colour"],
                    "behaviours": [ "Attachments", "Firmware", "Maintenance", "RecordEvidence" ],
                    "event_arc_display_type_read": ["toner_type", "toner_colour"],
                    "event_arc_display_type_write": ["toner_replacement"],
                    "include_attributes": [ "arc_display_name", "arc_display_type", "arc_firmware_version" ],
                    "subjects": [
                        "subjects/6a951b62-0a26-4c22-a886-1082297b063b",
                        "subjects/a24306e5-dc06-41ba-a7d6-2b6b3e1df48d"
                    ],
                    "user_attributes": [
                        {"or": ["group:maintainers", "group:supervisors"]}
                    ]
                }
            ]
        },
        {
            "identity": "access_policies/12345678-0a26-4c22-a886-1082297b063b",
            "display_name": "Some other description",
            "filters": [
                {"or": ["attributes.arc_display_type=door_access_reader"]}
            ],
            "access_permissions": [
                {
                    "asset_attributes_read": [ "toner_colour", "toner_type" ],
                    "asset_attributes_write":["toner_colour"],
                    "behaviours": [ "Attachments", "Firmware", "Maintenance", "RecordEvidence" ],
                    "event_arc_display_type_read": ["toner_type", "toner_colour"],
                    "event_arc_display_type_write": ["toner_replacement"],
                    "include_attributes": [ "arc_display_name", "arc_display_type", "arc_firmware_version" ],
                    "subjects": [
                        "subjects/6a951b62-0a26-4c22-a886-1082297b063b",
                        "subjects/a24306e5-dc06-41ba-a7d6-2b6b3e1df48d"
                    ],
                    "user_attributes": [
                        {"or": ["group:maintainers", "group:supervisors"]}
                    ]
                }
            ]
        }
    ]
}

IAM Policy Deletion

To delete an IAM access policy, issue following request:

curl -v -X DELETE \
    -H "@$BEARER_TOKEN_FILE" \
    -H "Content-type: application/json" \
    https://app.rkvst.io/archivist/iam/v1/access_policies/47b58286-ff0f-11e9-8f0b-362b9e155667

The response is:

{}

IAM Policy Update

Define the access_policies parameters to be changed and store in /path/to/jsonfile:

{
   "filters": [
        {"or": [
            "attributes.arc_home_location_identity=locations/5ea815f0-4de1-4a84-9377-701e880fe8ae",
            "attributes.arc_home_location_identity=locations/27eed70b-9e2b-4db1-b8c4-e36505350dcc"
        ]},
        {"or": [
            "attributes.arc_display_type=Valve",
            "attributes.arc_display_type=Pump"
        ]},
        {"or": [
            "attributes.ext_vendor_name=SynsationIndustries"
        ]}
    ],
    "access_permissions": [
        {
            "asset_attributes_read": [ "toner_colour", "toner_type" ],
            "asset_attributes_write":["toner_colour"],
            "behaviours": [ "Attachments", "Firmware", "Maintenance", "RecordEvidence" ],
            "event_arc_display_type_read": ["toner_type", "toner_colour"],
            "event_arc_display_type_write": ["toner_replacement"],
            "include_attributes": [ "arc_display_name", "arc_display_type", "arc_firmware_version" ],
            "subjects": [
                "subjects/6a951b62-0a26-4c22-a886-1082297b063b",
                "subjects/a24306e5-dc06-41ba-a7d6-2b6b3e1df48d"
            ],
            "user_attributes": [
                {"or": ["group:maintainers", "group:supervisors"]}
            ]
        }
    ]
}

Update the access policy:

curl -v -X PATCH \
    -H "@$BEARER_TOKEN_FILE" \
    -H "Content-type: application/json" \
    -d "@/path/to/jsonfile" \
    https://app.rkvst.io/archivist/iam/v1/access_policies/47b58286-ff0f-11e9-8f0b-362b9e155667

The response is:

{
    "identity": "access_policies/3f5be24f-fd1b-40e2-af35-ec7c14c74d53",
    "display_name": "Friendly name of the policy",
    "description": "Description of the policy",
    "filters": [
        {"or": [
            "attributes.arc_home_location_identity=locations/5ea815f0-4de1-4a84-9377-701e880fe8ae",
            "attributes.arc_home_location_identity=locations/27eed70b-9e2b-4db1-b8c4-e36505350dcc"
        ]},
        {"or": [
            "attributes.arc_display_type=Valve",
            "attributes.arc_display_type=Pump"
        ]},
        {"or": [
            "attributes.ext_vendor_name=SynsationIndustries"
        ]}
    ],
    "access_permissions": [
        {
            "asset_attributes_read": [ "toner_colour", "toner_type" ],
            "asset_attributes_write":["toner_colour"],
            "behaviours": [ "Attachments", "Firmware", "Maintenance", "RecordEvidence" ],
            "event_arc_display_type_read": ["toner_type", "toner_colour"],
            "event_arc_display_type_write": ["toner_replacement"],
            "include_attributes": [ "arc_display_name", "arc_display_type", "arc_firmware_version" ],
            "subjects": [
                "subjects/6a951b62-0a26-4c22-a886-1082297b063b",
                "subjects/a24306e5-dc06-41ba-a7d6-2b6b3e1df48d"
            ],
            "user_attributes": [
                {"or": ["group:maintainers", "group:supervisors"]}
            ]
        }
    ]
}

Matching Assets with IAM Policies

IAM access policy records in RKVST are tokenized at creation time and referred to in all API calls and smart contracts throughout the system by a unique identity of the form:

access_policies/12345678-90ab-cdef-1234-567890abcdef

If you do not know the access_policy identity you can fetch IAM access policy records using other information you do know, such as the access_policy name.

Fetch all Assets Matching Specific IAM access_policy (v1)

If you know the unique identity of the IAM access policy Record simply GET the resource:

curl -v -X GET \
     -H "@$BEARER_TOKEN_FILE" \
     https://app.rkvst.io/archivist/iam/v1/access_policies/6a951b62-0a26-4c22-a886-1082297b063b/assets

Each of these calls returns a list of matching Asset records in the form:

{
    "assets": [
        {
        "identity": "assets/6a951b62-0a26-4c22-a886-1082297b063b",
        "behaviours": [
            "Firmware",
            "Maintenance",
            "RecordEvidence",
            "LocationUpdate",
            "Attachments"
        ],
        "attributes": {
            "arc_display_type": "Pump",
            "arc_firmware_version": "1.0",
            "arc_home_location_identity": "locations/866790d8-4ed6-4cc9-8f60-07672609b331",
            "arc_serial_number": "vtl-x4-07",
            "arc_description": "Pump at A603 North East",
            "arc_display_name": "tcl.ccj.003",
            "some_custom_attribute": "value",
            "arc_attachments": [
                {
                    "arc_display_name": "arc_primary_image",
                    "arc_attachment_identity": "blobs/87b1a84c-1c6f-442b-923e-a97516f4d275",
                    "arc_hash_alg": "SHA256",
                    "arc_hash_value": "246c316e2cd6971ce5c83a3e61f9880fa6e2f14ae2976ee03500eb282fd03a60"
                }
        ]
        },
        "confirmation_status": "CONFIRMED",
        "tracked": "TRACKED"
        }
    ]
}

Fetch all IAM access_policies Matching Specific Asset (v1)

If you know the unique identity of the Asset Record simply GET matching policies:

curl -v -X GET \
     -H "@$BEARER_TOKEN_FILE" \
     https://app.rkvst.io/archivist/iam/v1/assets/6a951b62-0a26-4c22-a886-1082297b063b/access_policies

Each of these calls returns a list of matching IAM access_policies records in the form:

{
    "access_policies": [
        {
            "identity": "access_policies/6a951b62-0a26-4c22-a886-1082297b063b",
            "display_name": "Some description",
            "filters": [
                { "or": [
                    "attributes.arc_home_location_identity=locations/5ea815f0-4de1-4a84-9377-701e880fe8ae",
                    "attributes.arc_home_location_identity=locations/27eed70b-9e2b-4db1-b8c4-e36505350dcc",
                ]},
                { "or": [
                    "attributes.arc_display_type=Valve",
                    "attributes.arc_display_type=Pump"
                ]},
                { "or": [
                    "attributes.ext_vendor_name=SynsationIndustries"
                ]}
            ],
            "access_permissions": [
                {
                    "subjects": [
                        "subjects/6a951b62-0a26-4c22-a886-1082297b063b",
                        "subjects/a24306e5-dc06-41ba-a7d6-2b6b3e1df48d"
                    ],
                    "behaviours": [  "Attachments", "Firmware", "Maintenance", "RecordEvidence"  ],
                    "include_attributes": [ "arc_display_name", "arc_display_type", "arc_firmware_version" ],
                    "user_attributes": [
                        {"or": ["group:maintainers", "group:supervisors"]}
                    ]
                }
            ]
        },
        {
            "identity": "access_policies/12345678-0a26-4c22-a886-1082297b063b",
            "display_name": "Some other description",
            "filters": [
                { "or": ["attributes.arc_display_type=door_access_reader"]}
            ],
            "access_permissions": [
                {
                    "subjects": [
                        "subjects/6a951b62-0a26-4c22-a886-1082297b063b",
                        "subjects/a24306e5-dc06-41ba-a7d6-2b6b3e1df48d"
                    ],
                    "behaviours": [ "Attachments", "Maintenance", "RecordEvidence" ],
                    "include_attributes": [ "arc_display_name", "arc_display_type" ],
                    "user_attributes": [
                        {"or": ["group:maintainers", "group:supervisors"]}
                    ]
                }
            ]
        }
    ]
}

IAM Policies OpenAPI Docs

API to manage Identity Access Management.

get  /archivist/iam/v1/access_policies

List access policies

Description: Returns a paginated list of access_policies

{
  "access_policies": [
    {
      "access_permissions": [
        {
          "asset_attributes_read": [
            "attribute1",
            "attribute2"
          ],
          "behaviours": [
            "behaviour1",
            "behaviour2"
          ],
          "subjects": [
            "subjects/9846b867-3e42-4b5d-af56-bcd62c2126d2",
            "subjects/3907c132-900b-4481-82da-21ffe699ddb9"
          ],
          "user_attributes": [
            {
              "or": [
                "group:maintainers",
                "group:supervisors"
              ]
            }
          ]
        }
      ],
      "display_name": "Some description",
      "filters": [
        {
          "or": [
            "location=basingstoke",
            "location=cambridge"
          ]
        },
        {
          "or": [
            "asset_type=door_access_reader"
          ]
        }
      ],
      "identity": "access_policies/08838336-c357-460d-902a-3aba9528dd22"
    }
  ],
  "page_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InN0dW50aWR"
}
Response ParameterTypeDescription
access_policiesarrayDescribes an Access Policy for OBAC
next_page_tokenstringToken to retrieve the next page of results or empty if there are none.
ResponsesDescription
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to list the access policy.
429Returned when a user exceeds their subscription’s rate limit for requests.
500Returned when the underlying storage system returns an error.
defaultAn unexpected error response.

post  /archivist/iam/v1/access_policies

Create an access policy

Description: This request creates a new access policy. The display_name is the friendly name.

{
  "access_permissions": [
    {
      "asset_attributes_read": [
        "attribute1",
        "attribute2"
      ],
      "behaviours": [
        "behaviour1",
        "behaviour2"
      ],
      "subjects": [
        "subjects/9846b867-3e42-4b5d-af56-bcd62c2126d2",
        "subjects/3907c132-900b-4481-82da-21ffe699ddb9"
      ],
      "user_attributes": [
        {
          "or": [
            "group:maintainers",
            "group:supervisors"
          ]
        }
      ]
    }
  ],
  "description": "Customers description for the policy",
  "display_name": "Customers name for the policy",
  "filters": [
    {
      "or": [
        "location=basingstoke",
        "location=cambridge"
      ]
    },
    {
      "or": [
        "asset_type=door_access_reader"
      ]
    }
  ]
}
ParameterTypeDescription
access_permissionsarrayPermissions
descriptionstringCustomer description for the access policy.
display_namestringCustomer friendly name for the access policy.
filtersarrayFilter

{
  "access_permissions": [
    {
      "asset_attributes_read": [
        "attribute1",
        "attribute2"
      ],
      "behaviours": [
        "behaviour1",
        "behaviour2"
      ],
      "subjects": [
        "subjects/9846b867-3e42-4b5d-af56-bcd62c2126d2",
        "subjects/3907c132-900b-4481-82da-21ffe699ddb9"
      ],
      "user_attributes": [
        {
          "or": [
            "group:maintainers",
            "group:supervisors"
          ]
        }
      ]
    }
  ],
  "description": "User description for this policy",
  "display_name": "User name for this policy",
  "filters": [
    {
      "or": [
        "location=basingstoke",
        "location=cambridge"
      ]
    },
    {
      "or": [
        "asset_type=door_access_reader"
      ]
    }
  ],
  "identity": "access_policies/08838336-c357-460d-902a-3aba9528dd22"
}
Response ParameterTypeDescription
access_permissionsarrayPermissions
descriptionstringCustomer description for the access policy.
display_namestringCustomer friendly name for the access policy.
filtersarrayFilter
identitystringUnique identification for the access policy, Relative Resource Name
tenantstringTenant id
ResponsesDescription
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
402Returned when the user’s quota of access policies has been reached.
403Returned when the user is not authorized to create an access policy.
429Returned when a user exceeds their subscription’s rate limit for requests.
500Returned when the underlying storage system returns an error.
defaultAn unexpected error response.

delete  /archivist/iam/v1/access_policies/{uuid}

Delete an access policy

Description: Delete the identified access policy

ResponsesDescription
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to delete the access policy.
404Returned when the identified access policy does not exist.
429Returned when a user exceeds their subscription’s rate limit for requests.
500Returned when the underlying storage system returns an error.
defaultAn unexpected error response.

get  /archivist/iam/v1/access_policies/{uuid}

Get an access policy

Description: Returns the identified access policy

{
  "access_permissions": [
    {
      "asset_attributes_read": [
        "attribute1",
        "attribute2"
      ],
      "behaviours": [
        "behaviour1",
        "behaviour2"
      ],
      "subjects": [
        "subjects/9846b867-3e42-4b5d-af56-bcd62c2126d2",
        "subjects/3907c132-900b-4481-82da-21ffe699ddb9"
      ],
      "user_attributes": [
        {
          "or": [
            "group:maintainers",
            "group:supervisors"
          ]
        }
      ]
    }
  ],
  "description": "User description for this policy",
  "display_name": "User name for this policy",
  "filters": [
    {
      "or": [
        "location=basingstoke",
        "location=cambridge"
      ]
    },
    {
      "or": [
        "asset_type=door_access_reader"
      ]
    }
  ],
  "identity": "access_policies/08838336-c357-460d-902a-3aba9528dd22"
}
Response ParameterTypeDescription
access_permissionsarrayPermissions
descriptionstringCustomer description for the access policy.
display_namestringCustomer friendly name for the access policy.
filtersarrayFilter
identitystringUnique identification for the access policy, Relative Resource Name
tenantstringTenant id
ResponsesDescription
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to read the access policy.
404Returned when the identified access policy does not exist.
429Returned when a user exceeds their subscription’s rate limit for requests.
500Returned when the underlying storage system returns an error.
defaultAn unexpected error response.

patch  /archivist/iam/v1/access_policies/{uuid}

Update a access policy details

Description: Perform a full or partial update of the identified access policy

{
  "access_permissions": [
    {
      "asset_attributes_read": [
        "attribute1",
        "attribute2"
      ],
      "behaviours": [
        "behaviour1",
        "behaviour2"
      ],
      "subjects": [
        "subjects/9846b867-3e42-4b5d-af56-bcd62c2126d2",
        "subjects/3907c132-900b-4481-82da-21ffe699ddb9"
      ],
      "user_attributes": [
        {
          "or": [
            "group:maintainers",
            "group:supervisors"
          ]
        }
      ]
    }
  ],
  "description": "User description for this policy",
  "display_name": "User name for this policy",
  "filters": [
    {
      "or": [
        "location=basingstoke",
        "location=cambridge"
      ]
    },
    {
      "or": [
        "asset_type=door_access_reader"
      ]
    }
  ],
  "identity": "access_policies/08838336-c357-460d-902a-3aba9528dd22"
}
Response ParameterTypeDescription
access_permissionsarrayPermissions
descriptionstringCustomer description for the access policy.
display_namestringCustomer friendly name for the access policy.
filtersarrayFilter
identitystringUnique identification for the access policy, Relative Resource Name
tenantstringTenant id
ResponsesDescription
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to update the access policy.
404Returned when the identified access policy does not exist.
429Returned when a user exceeds their subscription’s rate limit for requests.
500Returned when the underlying storage system returns an error.
defaultAn unexpected error response.

get  /archivist/iam/v1/access_policies/{uuid}/assets

Returns assets matching access policy

Description: Returns assets matching access policy

{
  "assets": [
    {
      "at_time": "2019-11-27T14:44:19Z",
      "attributes": {
        "arc_attachments": [
          {
            "arc_attachment_identity": "blobs/1754b920-cf20-4d7e-9d36-9ed7d479744d",
            "arc_display_name": "Picture from yesterday",
            "arc_hash_alg": "sha256",
            "arc_hash_value": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b"
          }
        ],
        "arc_firmware_version": "3.2.1",
        "arc_home_location_identity": "locations/42054f10-9952-4c10-a082-9fd0d10295ae"
      },
      "behaviours": [
        "RecordEvidence"
      ],
      "confirmation_status": "PENDING",
      "identity": "assets/add30235-1424-4fda-840a-d5ef82c4c96f",
      "owner": "0x601f5A7D3e6dcB55e87bf2F17bC8A27AaCD3511",
      "proof_mechanism": "SIMPLE_HASH",
      "public": false,
      "tracked": "TRACKED"
    },
    {
      "at_time": "2019-11-27T14:44:19Z",
      "attributes": {
        "arc_attachments": [
          {
            "arc_attachment_identity": "blobs/2865ca31-d01f-5e6f-4621-de562470732e",
            "arc_display_name": "Picture",
            "arc_hash_alg": "sha256",
            "arc_hash_value": "12bc4819d90b6fe911b091a7c05134b65edfce045e09b048caaa7916ecdd458c"
          }
        ],
        "arc_firmware_version": "3.2.1",
        "arc_home_location_identity": "locations/53165a2c-6054-dd68-f093-a0e1e21304fd"
      },
      "behaviours": [
        "RecordEvidence"
      ],
      "confirmation_status": "PENDING",
      "identity": "assets/cef61346-2453-5aeb-921c-e6fa93d5b032",
      "owner": "0x601f5A7D3e6dcB55e87bf2F17bC8A27AaCD3511",
      "proof_mechanism": "KHIPU",
      "public": false,
      "tracked": "TRACKED"
    }
  ],
  "next_page_token": "abcd"
}
Response ParameterTypeDescription
assetsarrayThis describes Jitsuin Asset.
next_page_tokenstringToken to retrieve the next page of results or empty if there are none.
ResponsesDescription
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to list the access policy.
404Returned when the identified access policy does not exist.
429Returned when a user exceeds their subscription’s rate limit for requests.
500Returned when the underlying storage system returns an error.
defaultAn unexpected error response.

get  /archivist/iam/v1/access_policies:openapi

Get OpenAPI spec for AccessPolicies

Description: Get OpenAPI v2.0 spec for AccessPolicies

ResponsesDescription
200A successful response.
401Returned when the user is not authenticated to the system.
429Returned when a user exceeds their subscription’s rate limit for requests.
defaultAn unexpected error response.

get  /archivist/iam/v1/access_policies:openapi-ui

Get OpenAPI UI for AccessPolicies

Description: Get OpenAPI v2.0 UI for AccessPolicies

ResponsesDescription
200A successful response.
401Returned when the user is not authenticated to the system.
429Returned when a user exceeds their subscription’s rate limit for requests.
defaultAn unexpected error response.

get  /archivist/iam/v1/assets/{uuid}/access_policies

Get matching access policies

Description: Get matching access policies for specified asset

{
  "access_policies": [
    {
      "access_permissions": [
        {
          "asset_attributes_read": [
            "attribute1",
            "attribute2"
          ],
          "behaviours": [
            "behaviour1",
            "behaviour2"
          ],
          "subjects": [
            "subjects/9846b867-3e42-4b5d-af56-bcd62c2126d2",
            "subjects/3907c132-900b-4481-82da-21ffe699ddb9"
          ],
          "user_attributes": [
            {
              "or": [
                "group:maintainers",
                "group:supervisors"
              ]
            }
          ]
        }
      ],
      "display_name": "Some description",
      "filters": [
        {
          "or": [
            "location=basingstoke",
            "location=cambridge"
          ]
        },
        {
          "or": [
            "asset_type=door_access_reader"
          ]
        }
      ],
      "identity": "access_policies/08838336-c357-460d-902a-3aba9528dd22"
    }
  ],
  "page_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InN0dW50aWR"
}
Response ParameterTypeDescription
access_policiesarrayDescribes an Access Policy for OBAC
next_page_tokenstringToken to retrieve the next page of results or empty if there are none.
ResponsesDescription
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to list the access policy.
404Returned when the identified access policy does not exist.
429Returned when a user exceeds their subscription’s rate limit for requests.
500Returned when the underlying storage system returns an error.
defaultAn unexpected error response.

Edit this page on GitHub