Authorization

Manages authorization rules and makes authorization decisions.

Rules

Contains operations that create and manage authorization rules.

Get authorization rules

Internal-Use OnlyRetrieves some or all authorization rules, with or without paging.

Create a new authorization rule

Internal-Use OnlyCreates a new authorization rule that has a system-generated ID.

Patch authorization rules

Internal-Use OnlyPerforms a set of rule management actions as specified in a JSON patch. The actions are performed synchronously and transactionally. A resource collection of all created and revised rules is returned. If the patch is not successfully applied, changes are rolled back.

Delete an authorization rule

Internal-Use OnlyDeletes a specified authorization rule.

/rules/{ruleId}

Get an authorization rule

Internal-Use OnlyRetrieves a specified authorization rule.

/rules/{ruleId}

Update or create an authorization rule

Internal-Use OnlyUpdates an authorization rule by completely replacing it with specified values. Or, if there is no rule that has the specified ID, creates a new rule using that ID.

/rules/{ruleId}

Create a rule job

Internal-Use OnlyCreates an asynchronous job that performs one or more rule management actions (such as creating, updating, and deleting authorization rules. Each update and delete action must specify the rule ID for an existing rule. All actions are performed in a single request. The request returns a vnd.sas.authorization.rule.job that contains a 'self' and 'ruleJobState' links that can be used to retrieve the entire job or to check the current state of the running job.

Get information about a rule job

Internal-Use OnlyRetrieves descriptive information about a specified rule job.

/rules/jobs/{jobId}

Delete a rule job

Internal-Use OnlyDeletes a specified rule job.

/rules/jobs/{jobId}

Get the state of a rule job

Internal-Use OnlyRetrieves status information for a specified rule job.

/rules/jobs/{jobId}/state

Validate the syntax of a specified rule condition

Internal-Use OnlyDetermines whether a client-supplied string is a properly formatted Spring Expression Language (SpEL) expression.

/commons/validations/conditions

Validate a new rule

Internal-Use OnlyDetermines whether a new authorization rule meets completeness and uniqueness requirements.

/commons/validations/rules

Validate an updated rule

Internal-Use OnlyDetermines whether an updated authorization rule meets completeness and uniqueness requirements.

/commons/validations/rules/{ruleId}

Verify that a specified rule exists

Internal-Use OnlyDetermines whether a specified authorization rule exists.

/commons/validations/rules/{ruleId}

Decisions

Contains operations that make and explain authorization decisions.

Obtain an authorization decision

Internal-Use OnlyDetermines whether a specified principal is authorized to perform a specified action in a specified context. The response is either true (the action is authorized) or false (the action is not authorized).

Obtain authorization decisions with explanations

Internal-Use OnlyProvides authorization information for specified principals in a specified context. Each explanation identifies the rules that are relevant to a particular authorization decision and includes details (such as parent containment) if applicable. By default, explanations are provided for only principals to whom relevant authorization rules are directly assigned.

Obtain predictive authorization decisions

Internal-Use OnlyProvides decisions and explanations that incorporate unsaved changes to authorization rules. A client enters an array of PATCH input that describes unsaved changes to authorization rules. The returned information is hypothetical in the sense that it reflects the effects of unsaved changes.

Obtain multiple authorization decisions

Internal-Use OnlyDetermines which actions a specified principal is authorized to perform in a specified context. Each requested action is evaluated against its associated permission. Granted and prohibited actions are returned in separate lists.

Shares

Contains operations that concern shares.

Get shares

Internal-Use OnlyRetrieves some or all shares, with or without paging.

Create a new share

Internal-Use OnlyCreates a new share that has a system-generated ID.

Patch shares

Internal-Use OnlyPerforms a set of share management actions as specified in a JSON patch. The actions are performed synchronously and transactionally. A resource collection of all created and revised shares is returned. If the patch is not successfully applied, changes are rolled back.

Delete a share

Internal-Use OnlyDeletes a specified share.

/shares/{shareId}

Get a share

Internal-Use OnlyRetrieves a specified share.

/shares/{shareId}

Update a share

Internal-Use OnlyUpdates a share by completely replacing it with specified values.

/shares/{shareId}

Get sharing configuration

Internal-Use OnlyGets property values that specify how sharing is configured. Currently, there are two properties that configure sharing: sas.authorization.share.enabled and sas.authorization.share.reshare.enabled. The first determines whether sharing is enabled at all in the system while the second determines whether users are allowed to grant reshare permission on objects. There can be additional properties in the future.

/shares/configuration

Capabilities

Contains operations that create and manager authorization capabilities.

Get a summary list of capabilities

Internal-Use OnlyReturns a summary list of capabilities defined in the system. Note that paging is not supported when the group parameter is used.

Define a new capability

Internal-Use OnlyCreates a new capability. If a Capability with the same name already exists then 201 status is returned and the Location header contains the URI for the existing Capability.

Delete all capabilities assigned to a group

Internal-Use OnlyDeletes all the capabilities assigned to a group.

Retrieve the details for a capability

Internal-Use OnlyRetrieve the full details for a capability defined in the system, including list of groups assigned to that capability.

/capabilities/{capabilityName}

Update an existing capability

Internal-Use OnlyPatches the specified capability based on the representation in the request body.

/capabilities/{capabilityName}

Get the collection of groups this capability is assigned to

Internal-Use OnlyGet the collection of groups this capability is assigned to where each group is represented as a Principal object

/capabilities/{capabilityName}/groups

Assign a capability to a group

Internal-Use OnlyAssign the specified capability to a group principal

/capabilities/{capabilityName}/groups

Unassign the capability from a group

Internal-Use OnlyRemove the group from the list of groups authorized to access this capability.

/capabilities/{capabilityName}/groups/{groupId}

Metadata

Contains operations that provide information about this API.

Get list of links that this API supports

Internal-Use OnlyClients should use this top-level endpoint and the appropriate link relationship to find the specific endpoint of interest.

Get a localized list of rule types

Internal-Use OnlyProvides localized versions of type enums for use as display labels in a graphical user interface. The names are localized to the accept-language of the header.

/localizations/types

Get a localized list of principal types

Internal-Use OnlyProvides localized versions of principal type enums for use as display labels in a graphical user interface. The names are localized to the accept-language of the header.

/localizations/principalTypes

Get a localized list of permission names

Internal-Use OnlyProvides localized versions of permission enums for use as display labels in a graphical user interface. The names are localized to the accept-language of the header.

/localizations/permissions