Authorization

Manages authorization rules and makes authorization decisions.

Rules

Contains operations that create and manage authorization rules.
get
Get authorization rules
Internal-Use OnlyRetrieves some or all authorization rules, with or without paging./rules
post
Create a new authorization rule
Internal-Use OnlyCreates a new authorization rule that has a system-generated ID./rules
patch
Patch authorization rules
Internal-Use OnlyPerforms a set of rule management actions as specified in a JSON patch. The actions are performed synchronously and transactionally. A resource collection of all created and revised rules is returned. If the patch is not successfully applied, changes are rolled back./rules
delete
Delete an authorization rule
Internal-Use OnlyDeletes a specified authorization rule./rules/{ruleId}
get
Get an authorization rule
Internal-Use OnlyRetrieves a specified authorization rule./rules/{ruleId}
put
Update or create an authorization rule
Internal-Use OnlyUpdates an authorization rule by completely replacing it with specified values. Or, if there is no rule that has the specified ID, creates a new rule using that ID./rules/{ruleId}
post
Create a rule job
Internal-Use OnlyCreates an asynchronous job that performs one or more rule management actions (such as creating, updating, and deleting authorization rules. Each update and delete action must specify the rule ID for an existing rule. All actions are performed in a single request. The request returns a vnd.sas.authorization.rule.job that contains a 'self' and 'ruleJobState' links that can be used to retrieve the entire job or to check the current state of the running job./rules/jobs
get
Get information about a rule job
Internal-Use OnlyRetrieves descriptive information about a specified rule job./rules/jobs/{jobId}
delete
Delete a rule job
Internal-Use OnlyDeletes a specified rule job./rules/jobs/{jobId}
get
Get the state of a rule job
Internal-Use OnlyRetrieves status information for a specified rule job./rules/jobs/{jobId}/state
post
Validate the syntax of a specified rule condition
Internal-Use OnlyDetermines whether a client-supplied string is a properly formatted Spring Expression Language (SpEL) expression./commons/validations/conditions
post
Validate a new rule
Internal-Use OnlyDetermines whether a new authorization rule meets completeness and uniqueness requirements./commons/validations/rules
put
Validate an updated rule
Internal-Use OnlyDetermines whether an updated authorization rule meets completeness and uniqueness requirements./commons/validations/rules/{ruleId}
delete
Verify that a specified rule exists
Internal-Use OnlyDetermines whether a specified authorization rule exists./commons/validations/rules/{ruleId}

Decisions

Contains operations that make and explain authorization decisions.
post
Obtain an authorization decision
Internal-Use OnlyDetermines whether a specified principal is authorized to perform a specified action in a specified context. The response is either true (the action is authorized) or false (the action is not authorized)./decisions
post
Obtain authorization decisions with explanations
Internal-Use OnlyProvides authorization information for specified principals in a specified context. Each explanation identifies the rules that are relevant to a particular authorization decision and includes details (such as parent containment) if applicable. By default, explanations are provided for only principals to whom relevant authorization rules are directly assigned./decisions
post
Obtain predictive authorization decisions
Internal-Use OnlyProvides decisions and explanations that incorporate unsaved changes to authorization rules. A client enters an array of PATCH input that describes unsaved changes to authorization rules. The returned information is hypothetical in the sense that it reflects the effects of unsaved changes./decisions
post
Obtain multiple authorization decisions
Internal-Use OnlyDetermines which actions a specified principal is authorized to perform in a specified context. Each requested action is evaluated against its associated permission. Granted and prohibited actions are returned in separate lists./decisions

Shares

Contains operations that concern shares.
get
Get shares
Internal-Use OnlyRetrieves some or all shares, with or without paging./shares
post
Create a new share
Internal-Use OnlyCreates a new share that has a system-generated ID./shares
patch
Patch shares
Internal-Use OnlyPerforms a set of share management actions as specified in a JSON patch. The actions are performed synchronously and transactionally. A resource collection of all created and revised shares is returned. If the patch is not successfully applied, changes are rolled back./shares
delete
Delete a share
Internal-Use OnlyDeletes a specified share./shares/{shareId}
get
Get a share
Internal-Use OnlyRetrieves a specified share./shares/{shareId}
put
Update a share
Internal-Use OnlyUpdates a share by completely replacing it with specified values./shares/{shareId}
get
Get sharing configuration
Internal-Use OnlyGets property values that specify how sharing is configured. Currently, there are two properties that configure sharing: sas.authorization.share.enabled and sas.authorization.share.reshare.enabled. The first determines whether sharing is enabled at all in the system while the second determines whether users are allowed to grant reshare permission on objects. There can be additional properties in the future./shares/configuration

Capabilities

Contains operations that create and manager authorization capabilities.
get
Get a summary list of capabilities
Internal-Use OnlyReturns a summary list of capabilities defined in the system. Note that paging is not supported when the group parameter is used./capabilities
post
Define a new capability
Internal-Use OnlyCreates a new capability. If a Capability with the same name already exists then 201 status is returned and the Location header contains the URI for the existing Capability./capabilities
delete
Delete all capabilities assigned to a group
Internal-Use OnlyDeletes all the capabilities assigned to a group./capabilities
get
Retrieve the details for a capability
Internal-Use OnlyRetrieve the full details for a capability defined in the system, including list of groups assigned to that capability./capabilities/{capabilityName}
patch
Update an existing capability
Internal-Use OnlyPatches the specified capability based on the representation in the request body./capabilities/{capabilityName}
get
Get the collection of groups this capability is assigned to
Internal-Use OnlyGet the collection of groups this capability is assigned to where each group is represented as a Principal object/capabilities/{capabilityName}/groups
post
Assign a capability to a group
Internal-Use OnlyAssign the specified capability to a group principal/capabilities/{capabilityName}/groups
delete
Unassign the capability from a group
Internal-Use OnlyRemove the group from the list of groups authorized to access this capability./capabilities/{capabilityName}/groups/{groupId}

Metadata

Contains operations that provide information about this API.
get
Get list of links that this API supports
Internal-Use OnlyClients should use this top-level endpoint and the appropriate link relationship to find the specific endpoint of interest./
get
Get a localized list of rule types
Internal-Use OnlyProvides localized versions of type enums for use as display labels in a graphical user interface. The names are localized to the accept-language of the header./localizations/types
get
Get a localized list of principal types
Internal-Use OnlyProvides localized versions of principal type enums for use as display labels in a graphical user interface. The names are localized to the accept-language of the header./localizations/principalTypes
get
Get a localized list of permission names
Internal-Use OnlyProvides localized versions of permission enums for use as display labels in a graphical user interface. The names are localized to the accept-language of the header./localizations/permissions