IAM Policies API

IAM Policies API Reference

IAM Policies API Examples

Create the bearer_token and store in a file in a secure local directory with 0600 permissions.

IAM Policy Creation

Define the access_policies parameters and store in /path/to/jsonfile:

{
    "display_name": "Friendly name of the policy",
    "description": "Description of the policy",
    "filters": [
        { "or": [
            "attributes.arc_home_location_identity=locations/5ea815f0-4de1-4a84-9377-701e880fe8ae",
            "attributes.arc_home_location_identity=locations/27eed70b-9e2b-4db1-b8c4-e36505350dcc"
        ]},
        { "or": [
            "attributes.arc_display_type=Valve",
            "attributes.arc_display_type=Pump"
        ]},
        { "or": [
            "attributes.ext_vendor_name=SynsationIndustries"
        ]}
    ],
    "access_permissions": [
        {
            "asset_attributes_read": [ "toner_colour", "toner_type" ],
            "asset_attributes_write":["toner_colour"],
            "behaviours": [ "Attachments", "Firmware", "Maintenance", "RecordEvidence" ],
            "event_arc_display_type_read": ["toner_type", "toner_colour"],
            "event_arc_display_type_write": ["toner_replacement"],
            "include_attributes": [ "arc_display_name", "arc_display_type", "arc_firmware_version" ],
            "subjects": [
                "subjects/6a951b62-0a26-4c22-a886-1082297b063b",
                "subjects/a24306e5-dc06-41ba-a7d6-2b6b3e1df48d"
            ],
            "user_attributes": [
                {"or": ["group:maintainers", "group:supervisors"]}
            ]
        }
    ]
}

Create the access policy:

curl -v -X POST \
    -H "@$BEARER_TOKEN_FILE" \
    -H "Content-type: application/json" \
    -d "@/path/to/jsonfile" \
    https://app.rkvst.io/archivist/iam/v1/access_policies

The response is:

{
    "identity": "access_policies/3f5be24f-fd1b-40e2-af35-ec7c14c74d53",
    "display_name": "Friendly name of the policy",
    "description": "Description of the policy",
    "filters": [
        {"or": [
            "attributes.arc_home_location_identity=locations/5ea815f0-4de1-4a84-9377-701e880fe8ae",
            "attributes.arc_home_location_identity=locations/27eed70b-9e2b-4db1-b8c4-e36505350dcc"
        ]},
        {"or": [
            "attributes.arc_display_type=Valve",
            "attributes.arc_display_type=Pump"
        ]},
        {"or": [
            "attributes.ext_vendor_name=SynsationIndustries"
        ]}
    ],
    "access_permissions": [
        {
            "asset_attributes_read": [ "toner_colour", "toner_type" ],
            "asset_attributes_write":["toner_colour"],
            "behaviours": [ "Attachments", "Firmware", "Maintenance", "RecordEvidence" ],
            "event_arc_display_type_read": ["toner_type", "toner_colour"],
            "event_arc_display_type_write": ["toner_replacement"],
            "include_attributes": [ "arc_display_name", "arc_display_type", "arc_firmware_version" ],
            "subjects": [
                "subjects/6a951b62-0a26-4c22-a886-1082297b063b",
                "subjects/a24306e5-dc06-41ba-a7d6-2b6b3e1df48d"
            ],
            "user_attributes": [
                {"or": ["group:maintainers", "group:supervisors"]}
            ]
        }
    ]
}

IAM Policy Retrival

IAM access policy records in RKVST are tokenized at creation time and referred to in all API calls and smart contracts throughout the system by a unique identity of the form:

access_policies/12345678-90ab-cdef-1234-567890abcdef

If you do not know the access_policy identity you can fetch IAM access policy records using other information you do know, such as the access_policy name.

Fetch all IAM access_policies (v1)

To fetch all IAM access_policies records, simply GET the iam/access_policies resource:

curl -v -X GET \
     -H "@$BEARER_TOKEN_FILE" \
     https://app.rkvst.io/archivist/iam/v1/access_policies

Fetch specific IAM access Policy by identity (v1)

If you know the unique identity of the IAM access policy Record simply GET the resource:

curl -v -X GET \
     -H "@$BEARER_TOKEN_FILE" \
     https://app.rkvst.io/archivist/iam/v1/access_policies/6a951b62-0a26-4c22-a886-1082297b063b

Fetch IAM Access Policies by name (v1)

To fetch all IAM access_policies with a specific name, GET the iam/access_policies resource and filter on display_name:

curl -g -v -X GET \
     -H "@$BEARER_TOKEN_FILE" \
     https://app.rkvst.io/archivist/iam/v1/access_policies?display_name=Some%20description

Each of these calls returns a list of matching IAM access_policies records in the form:

{
    "access_policies": [
        {
            "identity": "access_policies/6a951b62-0a26-4c22-a886-1082297b063b",
            "display_name": "Name to display",
            "description": "Description of the policy",
            "filters": [
                {"or": [
                    "attributes.arc_home_location_identity=locations/5ea815f0-4de1-4a84-9377-701e880fe8ae",
                    "attributes.arc_home_location_identity=locations/27eed70b-9e2b-4db1-b8c4-e36505350dcc"
                ]},
                {"or": [
                    "attributes.arc_display_type=Valve",
                    "attributes.arc_display_type=Pump"
                ]},
                {"or": [
                    "attributes.ext_vendor_name=SynsationIndustries"
                ]}
            ],
            "access_permissions": [
                {
                    "asset_attributes_read": [ "toner_colour", "toner_type" ],
                    "asset_attributes_write":["toner_colour"],
                    "behaviours": [ "Attachments", "Firmware", "Maintenance", "RecordEvidence" ],
                    "event_arc_display_type_read": ["toner_type", "toner_colour"],
                    "event_arc_display_type_write": ["toner_replacement"],
                    "include_attributes": [ "arc_display_name", "arc_display_type", "arc_firmware_version" ],
                    "subjects": [
                        "subjects/6a951b62-0a26-4c22-a886-1082297b063b",
                        "subjects/a24306e5-dc06-41ba-a7d6-2b6b3e1df48d"
                    ],
                    "user_attributes": [
                        {"or": ["group:maintainers", "group:supervisors"]}
                    ]
                }
            ]
        },
        {
            "identity": "access_policies/12345678-0a26-4c22-a886-1082297b063b",
            "display_name": "Some other description",
            "filters": [
                {"or": ["attributes.arc_display_type=door_access_reader"]}
            ],
            "access_permissions": [
                {
                    "asset_attributes_read": [ "toner_colour", "toner_type" ],
                    "asset_attributes_write":["toner_colour"],
                    "behaviours": [ "Attachments", "Firmware", "Maintenance", "RecordEvidence" ],
                    "event_arc_display_type_read": ["toner_type", "toner_colour"],
                    "event_arc_display_type_write": ["toner_replacement"],
                    "include_attributes": [ "arc_display_name", "arc_display_type", "arc_firmware_version" ],
                    "subjects": [
                        "subjects/6a951b62-0a26-4c22-a886-1082297b063b",
                        "subjects/a24306e5-dc06-41ba-a7d6-2b6b3e1df48d"
                    ],
                    "user_attributes": [
                        {"or": ["group:maintainers", "group:supervisors"]}
                    ]
                }
            ]
        }
    ]
}

IAM Policy Deletion

To delete an IAM access policy, issue following request:

curl -v -X DELETE \
    -H "@$BEARER_TOKEN_FILE" \
    -H "Content-type: application/json" \
    https://app.rkvst.io/archivist/iam/v1/access_policies/47b58286-ff0f-11e9-8f0b-362b9e155667

The response is:

{}

IAM Policy Update

Define the access_policies parameters to be changed and store in /path/to/jsonfile:

{
   "filters": [
        {"or": [
            "attributes.arc_home_location_identity=locations/5ea815f0-4de1-4a84-9377-701e880fe8ae",
            "attributes.arc_home_location_identity=locations/27eed70b-9e2b-4db1-b8c4-e36505350dcc"
        ]},
        {"or": [
            "attributes.arc_display_type=Valve",
            "attributes.arc_display_type=Pump"
        ]},
        {"or": [
            "attributes.ext_vendor_name=SynsationIndustries"
        ]}
    ],
    "access_permissions": [
        {
            "asset_attributes_read": [ "toner_colour", "toner_type" ],
            "asset_attributes_write":["toner_colour"],
            "behaviours": [ "Attachments", "Firmware", "Maintenance", "RecordEvidence" ],
            "event_arc_display_type_read": ["toner_type", "toner_colour"],
            "event_arc_display_type_write": ["toner_replacement"],
            "include_attributes": [ "arc_display_name", "arc_display_type", "arc_firmware_version" ],
            "subjects": [
                "subjects/6a951b62-0a26-4c22-a886-1082297b063b",
                "subjects/a24306e5-dc06-41ba-a7d6-2b6b3e1df48d"
            ],
            "user_attributes": [
                {"or": ["group:maintainers", "group:supervisors"]}
            ]
        }
    ]
}

Update the access policy:

curl -v -X PATCH \
    -H "@$BEARER_TOKEN_FILE" \
    -H "Content-type: application/json" \
    -d "@/path/to/jsonfile" \
    https://app.rkvst.io/archivist/iam/v1/access_policies/47b58286-ff0f-11e9-8f0b-362b9e155667

The response is:

{
    "identity": "access_policies/3f5be24f-fd1b-40e2-af35-ec7c14c74d53",
    "display_name": "Friendly name of the policy",
    "description": "Description of the policy",
    "filters": [
        {"or": [
            "attributes.arc_home_location_identity=locations/5ea815f0-4de1-4a84-9377-701e880fe8ae",
            "attributes.arc_home_location_identity=locations/27eed70b-9e2b-4db1-b8c4-e36505350dcc"
        ]},
        {"or": [
            "attributes.arc_display_type=Valve",
            "attributes.arc_display_type=Pump"
        ]},
        {"or": [
            "attributes.ext_vendor_name=SynsationIndustries"
        ]}
    ],
    "access_permissions": [
        {
            "asset_attributes_read": [ "toner_colour", "toner_type" ],
            "asset_attributes_write":["toner_colour"],
            "behaviours": [ "Attachments", "Firmware", "Maintenance", "RecordEvidence" ],
            "event_arc_display_type_read": ["toner_type", "toner_colour"],
            "event_arc_display_type_write": ["toner_replacement"],
            "include_attributes": [ "arc_display_name", "arc_display_type", "arc_firmware_version" ],
            "subjects": [
                "subjects/6a951b62-0a26-4c22-a886-1082297b063b",
                "subjects/a24306e5-dc06-41ba-a7d6-2b6b3e1df48d"
            ],
            "user_attributes": [
                {"or": ["group:maintainers", "group:supervisors"]}
            ]
        }
    ]
}

Matching Assets with IAM Policies

IAM access policy records in RKVST are tokenized at creation time and referred to in all API calls and smart contracts throughout the system by a unique identity of the form:

access_policies/12345678-90ab-cdef-1234-567890abcdef

If you do not know the access_policy identity you can fetch IAM access policy records using other information you do know, such as the access_policy name.

Fetch all Assets Matching Specific IAM access_policy (v1)

If you know the unique identity of the IAM access policy Record simply GET the resource:

curl -v -X GET \
     -H "@$BEARER_TOKEN_FILE" \
     https://app.rkvst.io/archivist/iam/v1/access_policies/6a951b62-0a26-4c22-a886-1082297b063b/assets

Each of these calls returns a list of matching Asset records in the form:

{
    "assets": [
        {
        "identity": "assets/6a951b62-0a26-4c22-a886-1082297b063b",
        "behaviours": [
            "Firmware",
            "Maintenance",
            "RecordEvidence",
            "LocationUpdate",
            "Attachments"
        ],
        "attributes": {
            "arc_display_type": "Pump",
            "arc_firmware_version": "1.0",
            "arc_home_location_identity": "locations/866790d8-4ed6-4cc9-8f60-07672609b331",
            "arc_serial_number": "vtl-x4-07",
            "arc_description": "Pump at A603 North East",
            "arc_display_name": "tcl.ccj.003",
            "some_custom_attribute": "value",
            "arc_attachments": [
                {
                    "arc_display_name": "arc_primary_image",
                    "arc_attachment_identity": "blobs/87b1a84c-1c6f-442b-923e-a97516f4d275",
                    "arc_hash_alg": "SHA256",
                    "arc_hash_value": "246c316e2cd6971ce5c83a3e61f9880fa6e2f14ae2976ee03500eb282fd03a60"
                }
        ]
        },
        "confirmation_status": "CONFIRMED",
        "tracked": "TRACKED"
        }
    ]
}

Fetch all IAM access_policies Matching Specific Asset (v1)

If you know the unique identity of the Asset Record simply GET matching policies:

curl -v -X GET \
     -H "@$BEARER_TOKEN_FILE" \
     https://app.rkvst.io/archivist/iam/v1/assets/6a951b62-0a26-4c22-a886-1082297b063b/access_policies

Each of these calls returns a list of matching IAM access_policies records in the form:

{
    "access_policies": [
        {
            "identity": "access_policies/6a951b62-0a26-4c22-a886-1082297b063b",
            "display_name": "Some description",
            "filters": [
                { "or": [
                    "attributes.arc_home_location_identity=locations/5ea815f0-4de1-4a84-9377-701e880fe8ae",
                    "attributes.arc_home_location_identity=locations/27eed70b-9e2b-4db1-b8c4-e36505350dcc",
                ]},
                { "or": [
                    "attributes.arc_display_type=Valve",
                    "attributes.arc_display_type=Pump"
                ]},
                { "or": [
                    "attributes.ext_vendor_name=SynsationIndustries"
                ]}
            ],
            "access_permissions": [
                {
                    "subjects": [
                        "subjects/6a951b62-0a26-4c22-a886-1082297b063b",
                        "subjects/a24306e5-dc06-41ba-a7d6-2b6b3e1df48d"
                    ],
                    "behaviours": [  "Attachments", "Firmware", "Maintenance", "RecordEvidence"  ],
                    "include_attributes": [ "arc_display_name", "arc_display_type", "arc_firmware_version" ],
                    "user_attributes": [
                        {"or": ["group:maintainers", "group:supervisors"]}
                    ]
                }
            ]
        },
        {
            "identity": "access_policies/12345678-0a26-4c22-a886-1082297b063b",
            "display_name": "Some other description",
            "filters": [
                { "or": ["attributes.arc_display_type=door_access_reader"]}
            ],
            "access_permissions": [
                {
                    "subjects": [
                        "subjects/6a951b62-0a26-4c22-a886-1082297b063b",
                        "subjects/a24306e5-dc06-41ba-a7d6-2b6b3e1df48d"
                    ],
                    "behaviours": [ "Attachments", "Maintenance", "RecordEvidence" ],
                    "include_attributes": [ "arc_display_name", "arc_display_type" ],
                    "user_attributes": [
                        {"or": ["group:maintainers", "group:supervisors"]}
                    ]
                }
            ]
        }
    ]
}

IAM Policies OpenAPI Docs

get  /archivist/iam/v1/access_policies

List access policies

Description: Returns a paginated list of access_policies

{
  "access_policies": [
    {
      "access_permissions": [
        {
          "asset_attributes_read": [
            "attribute1",
            "attribute2"
          ],
          "behaviours": [
            "behaviour1",
            "behaviour2"
          ],
          "subjects": [
            "subjects/9846b867-3e42-4b5d-af56-bcd62c2126d2",
            "subjects/3907c132-900b-4481-82da-21ffe699ddb9"
          ],
          "user_attributes": [
            {
              "or": [
                "group:maintainers",
                "group:supervisors"
              ]
            }
          ]
        }
      ],
      "display_name": "Some description",
      "filters": [
        {
          "or": [
            "location=basingstoke",
            "location=cambridge"
          ]
        },
        {
          "or": [
            "asset_type=door_access_reader"
          ]
        }
      ],
      "identity": "access_policies/08838336-c357-460d-902a-3aba9528dd22"
    }
  ],
  "page_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InN0dW50aWR"
}
Response Parameter Type Description
access_policies array Describes an Access Policy for OBAC
next_page_token string Token to retrieve the next page of results or empty if there are none.
Responses Description
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to list the access policy.
500Returned when the underlying storage system returns an error.
defaultAn unexpected error response.

post  /archivist/iam/v1/access_policies

Create an access policy

Description: This request creates a new access policy. The display_name is the friendly name.

{
  "access_permissions": [
    {
      "asset_attributes_read": [
        "attribute1",
        "attribute2"
      ],
      "behaviours": [
        "behaviour1",
        "behaviour2"
      ],
      "subjects": [
        "subjects/9846b867-3e42-4b5d-af56-bcd62c2126d2",
        "subjects/3907c132-900b-4481-82da-21ffe699ddb9"
      ],
      "user_attributes": [
        {
          "or": [
            "group:maintainers",
            "group:supervisors"
          ]
        }
      ]
    }
  ],
  "description": "Customers description for the policy",
  "display_name": "Customers name for the policy",
  "filters": [
    {
      "or": [
        "location=basingstoke",
        "location=cambridge"
      ]
    },
    {
      "or": [
        "asset_type=door_access_reader"
      ]
    }
  ]
}
Parameter Type Description
access_permissions array Permissions
description string Customer description for the access policy.
display_name string Customer friendly name for the access policy.
filters array Filter

{
  "access_permissions": [
    {
      "asset_attributes_read": [
        "attribute1",
        "attribute2"
      ],
      "behaviours": [
        "behaviour1",
        "behaviour2"
      ],
      "subjects": [
        "subjects/9846b867-3e42-4b5d-af56-bcd62c2126d2",
        "subjects/3907c132-900b-4481-82da-21ffe699ddb9"
      ],
      "user_attributes": [
        {
          "or": [
            "group:maintainers",
            "group:supervisors"
          ]
        }
      ]
    }
  ],
  "description": "User description for this policy",
  "display_name": "User name for this policy",
  "filters": [
    {
      "or": [
        "location=basingstoke",
        "location=cambridge"
      ]
    },
    {
      "or": [
        "asset_type=door_access_reader"
      ]
    }
  ],
  "identity": "access_policies/08838336-c357-460d-902a-3aba9528dd22"
}
Response Parameter Type Description
access_permissions array Permissions
description string Customer description for the access policy.
display_name string Customer friendly name for the access policy.
filters array Filter
identity string Unique identification for the access policy, Relative Resource Name
tenant string Tenant id
Responses Description
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to create an access policy.
429Returned when the allowed number of access_policies exceeds internal limit.
500Returned when the underlying storage system returns an error.
defaultAn unexpected error response.

delete  /archivist/iam/v1/access_policies/{uuid}

Delete an access policy

Description: Delete the identified access policy

Responses Description
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to delete the access policy.
404Returned when the identified access policy does not exist.
500Returned when the underlying storage system returns an error.
defaultAn unexpected error response.

get  /archivist/iam/v1/access_policies/{uuid}

Get an access policy

Description: Returns the identified access policy

{
  "access_permissions": [
    {
      "asset_attributes_read": [
        "attribute1",
        "attribute2"
      ],
      "behaviours": [
        "behaviour1",
        "behaviour2"
      ],
      "subjects": [
        "subjects/9846b867-3e42-4b5d-af56-bcd62c2126d2",
        "subjects/3907c132-900b-4481-82da-21ffe699ddb9"
      ],
      "user_attributes": [
        {
          "or": [
            "group:maintainers",
            "group:supervisors"
          ]
        }
      ]
    }
  ],
  "description": "User description for this policy",
  "display_name": "User name for this policy",
  "filters": [
    {
      "or": [
        "location=basingstoke",
        "location=cambridge"
      ]
    },
    {
      "or": [
        "asset_type=door_access_reader"
      ]
    }
  ],
  "identity": "access_policies/08838336-c357-460d-902a-3aba9528dd22"
}
Response Parameter Type Description
access_permissions array Permissions
description string Customer description for the access policy.
display_name string Customer friendly name for the access policy.
filters array Filter
identity string Unique identification for the access policy, Relative Resource Name
tenant string Tenant id
Responses Description
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to read the access policy.
404Returned when the identified access policy does not exist.
500Returned when the underlying storage system returns an error.
defaultAn unexpected error response.

patch  /archivist/iam/v1/access_policies/{uuid}

Update a access policy details

Description: Perform a full or partial update of the identified access policy

{
  "access_permissions": [
    {
      "asset_attributes_read": [
        "attribute1",
        "attribute2"
      ],
      "behaviours": [
        "behaviour1",
        "behaviour2"
      ],
      "subjects": [
        "subjects/9846b867-3e42-4b5d-af56-bcd62c2126d2",
        "subjects/3907c132-900b-4481-82da-21ffe699ddb9"
      ],
      "user_attributes": [
        {
          "or": [
            "group:maintainers",
            "group:supervisors"
          ]
        }
      ]
    }
  ],
  "description": "User description for this policy",
  "display_name": "User name for this policy",
  "filters": [
    {
      "or": [
        "location=basingstoke",
        "location=cambridge"
      ]
    },
    {
      "or": [
        "asset_type=door_access_reader"
      ]
    }
  ],
  "identity": "access_policies/08838336-c357-460d-902a-3aba9528dd22"
}
Parameter Type Description
access_permissions array Permissions
description string Customer description for the access policy.
display_name string Customer friendly name for the access policy.
filters array Filter
identity string Unique identification for the access policy, Relative Resource Name
tenant string Tenant id

{
  "access_permissions": [
    {
      "asset_attributes_read": [
        "attribute1",
        "attribute2"
      ],
      "behaviours": [
        "behaviour1",
        "behaviour2"
      ],
      "subjects": [
        "subjects/9846b867-3e42-4b5d-af56-bcd62c2126d2",
        "subjects/3907c132-900b-4481-82da-21ffe699ddb9"
      ],
      "user_attributes": [
        {
          "or": [
            "group:maintainers",
            "group:supervisors"
          ]
        }
      ]
    }
  ],
  "description": "User description for this policy",
  "display_name": "User name for this policy",
  "filters": [
    {
      "or": [
        "location=basingstoke",
        "location=cambridge"
      ]
    },
    {
      "or": [
        "asset_type=door_access_reader"
      ]
    }
  ],
  "identity": "access_policies/08838336-c357-460d-902a-3aba9528dd22"
}
Response Parameter Type Description
access_permissions array Permissions
description string Customer description for the access policy.
display_name string Customer friendly name for the access policy.
filters array Filter
identity string Unique identification for the access policy, Relative Resource Name
tenant string Tenant id
Responses Description
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to update the access policy.
404Returned when the identified access policy does not exist.
500Returned when the underlying storage system returns an error.
defaultAn unexpected error response.

get  /archivist/iam/v1/access_policies/{uuid}/assets

Returns assets matching access policy

Description: Returns assets matching access policy

{
  "assets": [
    {
      "at_time": "2019-11-27T14:44:19Z",
      "attributes": {
        "arc_attachments": [
          {
            "arc_attachment_identity": "blobs/1754b920-cf20-4d7e-9d36-9ed7d479744d",
            "arc_display_name": "Picture from yesterday",
            "arc_hash_alg": "sha256",
            "arc_hash_value": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b"
          }
        ],
        "arc_firmware_version": "3.2.1",
        "arc_home_location_identity": "locations/42054f10-9952-4c10-a082-9fd0d10295ae"
      },
      "behaviours": [
        "RecordEvidence"
      ],
      "confirmation_status": "PENDING",
      "identity": "assets/add30235-1424-4fda-840a-d5ef82c4c96f",
      "owner": "0x601f5A7D3e6dcB55e87bf2F17bC8A27AaCD3511",
      "proof_mechanism": "SIMPLE_HASH",
      "tracked": "TRACKED"
    },
    {
      "at_time": "2019-11-27T14:44:19Z",
      "attributes": {
        "arc_attachments": [
          {
            "arc_attachment_identity": "blobs/2865ca31-d01f-5e6f-4621-de562470732e",
            "arc_display_name": "Picture",
            "arc_hash_alg": "sha256",
            "arc_hash_value": "12bc4819d90b6fe911b091a7c05134b65edfce045e09b048caaa7916ecdd458c"
          }
        ],
        "arc_firmware_version": "3.2.1",
        "arc_home_location_identity": "locations/53165a2c-6054-dd68-f093-a0e1e21304fd"
      },
      "behaviours": [
        "RecordEvidence"
      ],
      "confirmation_status": "PENDING",
      "identity": "assets/cef61346-2453-5aeb-921c-e6fa93d5b032",
      "owner": "0x601f5A7D3e6dcB55e87bf2F17bC8A27AaCD3511",
      "proof_mechanism": "KHIPU",
      "tracked": "TRACKED"
    }
  ],
  "next_page_token": "abcd"
}
Response Parameter Type Description
assets array This describes Jitsuin Asset.
next_page_token string Token to retrieve the next page of results or empty if there are none.
Responses Description
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to list the access policy.
404Returned when the identified access policy does not exist.
500Returned when the underlying storage system returns an error.
defaultAn unexpected error response.

get  /archivist/iam/v1/assets/{uuid}/access_policies

Get matching access policies

Description: Get matching access policies for specified asset

{
  "access_policies": [
    {
      "access_permissions": [
        {
          "asset_attributes_read": [
            "attribute1",
            "attribute2"
          ],
          "behaviours": [
            "behaviour1",
            "behaviour2"
          ],
          "subjects": [
            "subjects/9846b867-3e42-4b5d-af56-bcd62c2126d2",
            "subjects/3907c132-900b-4481-82da-21ffe699ddb9"
          ],
          "user_attributes": [
            {
              "or": [
                "group:maintainers",
                "group:supervisors"
              ]
            }
          ]
        }
      ],
      "display_name": "Some description",
      "filters": [
        {
          "or": [
            "location=basingstoke",
            "location=cambridge"
          ]
        },
        {
          "or": [
            "asset_type=door_access_reader"
          ]
        }
      ],
      "identity": "access_policies/08838336-c357-460d-902a-3aba9528dd22"
    }
  ],
  "page_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InN0dW50aWR"
}
Response Parameter Type Description
access_policies array Describes an Access Policy for OBAC
next_page_token string Token to retrieve the next page of results or empty if there are none.
Responses Description
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to list the access policy.
404Returned when the identified access policy does not exist.
500Returned when the underlying storage system returns an error.
defaultAn unexpected error response.

Edit this page on GitHub