IAM Policies API

IAM Policies API Reference

get  /archivist/iam/v1/access_policies

List access policies

Description: Returns a paginated list of access_policies

{
  "access_policies": [
    {
      "access_permissions": [
        {
          "asset_attributes_read": [
            "attribute1",
            "attribute2"
          ],
          "behaviours": [
            "behaviour1",
            "behaviour2"
          ],
          "subjects": [
            "subjects/9846b867-3e42-4b5d-af56-bcd62c2126d2",
            "subjects/3907c132-900b-4481-82da-21ffe699ddb9"
          ],
          "user_attributes": [
            {
              "or": [
                "group:maintainers",
                "group:supervisors"
              ]
            }
          ]
        }
      ],
      "display_name": "Some description",
      "filters": [
        {
          "or": [
            "location=basingstoke",
            "location=cambridge"
          ]
        },
        {
          "or": [
            "asset_type=door_access_reader"
          ]
        }
      ],
      "identity": "access_policies/08838336-c357-460d-902a-3aba9528dd22"
    }
  ],
  "page_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InN0dW50aWR"
}
Response Parameter Type Description
access_policies array Describes an Access Policy for OBAC
next_page_token string Token to retrieve the next page of results or empty if there are none.
Responses Description
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to list the access policy.
500Returned when the underlying storage system returns an error.
defaultAn unexpected error response.

post  /archivist/iam/v1/access_policies

Create an access policy

Description: This request creates a new access policy. The display_name is the friendly name.

{
  "access_permissions": [
    {
      "asset_attributes_read": [
        "attribute1",
        "attribute2"
      ],
      "behaviours": [
        "behaviour1",
        "behaviour2"
      ],
      "subjects": [
        "subjects/9846b867-3e42-4b5d-af56-bcd62c2126d2",
        "subjects/3907c132-900b-4481-82da-21ffe699ddb9"
      ],
      "user_attributes": [
        {
          "or": [
            "group:maintainers",
            "group:supervisors"
          ]
        }
      ]
    }
  ],
  "description": "Customers description for the policy",
  "display_name": "Customers name for the policy",
  "filters": [
    {
      "or": [
        "location=basingstoke",
        "location=cambridge"
      ]
    },
    {
      "or": [
        "asset_type=door_access_reader"
      ]
    }
  ]
}
Parameter Type Description
access_permissions array Permissions
description string Customer description for the access policy.
display_name string Customer friendly name for the access policy.
filters array Filter

{
  "access_permissions": [
    {
      "asset_attributes_read": [
        "attribute1",
        "attribute2"
      ],
      "behaviours": [
        "behaviour1",
        "behaviour2"
      ],
      "subjects": [
        "subjects/9846b867-3e42-4b5d-af56-bcd62c2126d2",
        "subjects/3907c132-900b-4481-82da-21ffe699ddb9"
      ],
      "user_attributes": [
        {
          "or": [
            "group:maintainers",
            "group:supervisors"
          ]
        }
      ]
    }
  ],
  "description": "User description for this policy",
  "display_name": "User name for this policy",
  "filters": [
    {
      "or": [
        "location=basingstoke",
        "location=cambridge"
      ]
    },
    {
      "or": [
        "asset_type=door_access_reader"
      ]
    }
  ],
  "identity": "access_policies/08838336-c357-460d-902a-3aba9528dd22"
}
Response Parameter Type Description
access_permissions array Permissions
description string Customer description for the access policy.
display_name string Customer friendly name for the access policy.
filters array Filter
identity string Unique identification for the access policy, Relative Resource Name
tenant string Tenant id
Responses Description
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to create an access policy.
429Returned when the allowed number of access_policies exceeds internal limit.
500Returned when the underlying storage system returns an error.
defaultAn unexpected error response.

get  /archivist/iam/v1/{asset_identity}/access_policies

Get matching access policies

Description: Get matching access policies for specified asset

{
  "access_policies": [
    {
      "access_permissions": [
        {
          "asset_attributes_read": [
            "attribute1",
            "attribute2"
          ],
          "behaviours": [
            "behaviour1",
            "behaviour2"
          ],
          "subjects": [
            "subjects/9846b867-3e42-4b5d-af56-bcd62c2126d2",
            "subjects/3907c132-900b-4481-82da-21ffe699ddb9"
          ],
          "user_attributes": [
            {
              "or": [
                "group:maintainers",
                "group:supervisors"
              ]
            }
          ]
        }
      ],
      "display_name": "Some description",
      "filters": [
        {
          "or": [
            "location=basingstoke",
            "location=cambridge"
          ]
        },
        {
          "or": [
            "asset_type=door_access_reader"
          ]
        }
      ],
      "identity": "access_policies/08838336-c357-460d-902a-3aba9528dd22"
    }
  ],
  "page_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InN0dW50aWR"
}
Response Parameter Type Description
access_policies array Describes an Access Policy for OBAC
next_page_token string Token to retrieve the next page of results or empty if there are none.
Responses Description
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to list the access policy.
404Returned when the identified access policy does not exist.
500Returned when the underlying storage system returns an error.
defaultAn unexpected error response.

delete  /archivist/iam/v1/{identity}

Delete an access policy

Description: Delete the identified access policy

Responses Description
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to delete the access policy.
404Returned when the identified access policy does not exist.
500Returned when the underlying storage system returns an error.
defaultAn unexpected error response.

get  /archivist/iam/v1/{identity}

Get an access policy

Description: Returns the identified access policy

{
  "access_permissions": [
    {
      "asset_attributes_read": [
        "attribute1",
        "attribute2"
      ],
      "behaviours": [
        "behaviour1",
        "behaviour2"
      ],
      "subjects": [
        "subjects/9846b867-3e42-4b5d-af56-bcd62c2126d2",
        "subjects/3907c132-900b-4481-82da-21ffe699ddb9"
      ],
      "user_attributes": [
        {
          "or": [
            "group:maintainers",
            "group:supervisors"
          ]
        }
      ]
    }
  ],
  "description": "User description for this policy",
  "display_name": "User name for this policy",
  "filters": [
    {
      "or": [
        "location=basingstoke",
        "location=cambridge"
      ]
    },
    {
      "or": [
        "asset_type=door_access_reader"
      ]
    }
  ],
  "identity": "access_policies/08838336-c357-460d-902a-3aba9528dd22"
}
Response Parameter Type Description
access_permissions array Permissions
description string Customer description for the access policy.
display_name string Customer friendly name for the access policy.
filters array Filter
identity string Unique identification for the access policy, Relative Resource Name
tenant string Tenant id
Responses Description
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to read the access policy.
404Returned when the identified access policy does not exist.
500Returned when the underlying storage system returns an error.
defaultAn unexpected error response.

patch  /archivist/iam/v1/{identity}

Update a access policy details

Description: Perform a full or partial update of the identified access policy

{
  "access_permissions": [
    {
      "asset_attributes_read": [
        "attribute1",
        "attribute2"
      ],
      "behaviours": [
        "behaviour1",
        "behaviour2"
      ],
      "subjects": [
        "subjects/9846b867-3e42-4b5d-af56-bcd62c2126d2",
        "subjects/3907c132-900b-4481-82da-21ffe699ddb9"
      ],
      "user_attributes": [
        {
          "or": [
            "group:maintainers",
            "group:supervisors"
          ]
        }
      ]
    }
  ],
  "description": "User description for this policy",
  "display_name": "User name for this policy",
  "filters": [
    {
      "or": [
        "location=basingstoke",
        "location=cambridge"
      ]
    },
    {
      "or": [
        "asset_type=door_access_reader"
      ]
    }
  ],
  "identity": "access_policies/08838336-c357-460d-902a-3aba9528dd22"
}
Parameter Type Description
access_permissions array Permissions
description string Customer description for the access policy.
display_name string Customer friendly name for the access policy.
filters array Filter
identity string Unique identification for the access policy, Relative Resource Name
tenant string Tenant id

{
  "access_permissions": [
    {
      "asset_attributes_read": [
        "attribute1",
        "attribute2"
      ],
      "behaviours": [
        "behaviour1",
        "behaviour2"
      ],
      "subjects": [
        "subjects/9846b867-3e42-4b5d-af56-bcd62c2126d2",
        "subjects/3907c132-900b-4481-82da-21ffe699ddb9"
      ],
      "user_attributes": [
        {
          "or": [
            "group:maintainers",
            "group:supervisors"
          ]
        }
      ]
    }
  ],
  "description": "User description for this policy",
  "display_name": "User name for this policy",
  "filters": [
    {
      "or": [
        "location=basingstoke",
        "location=cambridge"
      ]
    },
    {
      "or": [
        "asset_type=door_access_reader"
      ]
    }
  ],
  "identity": "access_policies/08838336-c357-460d-902a-3aba9528dd22"
}
Response Parameter Type Description
access_permissions array Permissions
description string Customer description for the access policy.
display_name string Customer friendly name for the access policy.
filters array Filter
identity string Unique identification for the access policy, Relative Resource Name
tenant string Tenant id
Responses Description
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to update the access policy.
404Returned when the identified access policy does not exist.
500Returned when the underlying storage system returns an error.
defaultAn unexpected error response.

get  /archivist/iam/v1/{identity}/assets

Returns assets matching access policy

Description: Returns assets matching access policy

null
Response Parameter Type Description
assets array This describes Jitsuin Asset.
next_page_token string Token to retrieve the next page of results or empty if there are none.
Responses Description
200A successful response.
400Returned when the request is badly formed.
401Returned when the user is not authenticated to the system.
403Returned when the user is not authorized to list the access policy.
404Returned when the identified access policy does not exist.
500Returned when the underlying storage system returns an error.
defaultAn unexpected error response.

Edit this page on GitHub