Obtain authorization decisions with explanations
Provides authorization information for specified principals in a specified context. Each explanation identifies the rules that are relevant to a particular authorization decision and includes details (such as parent containment) if applicable. By default, explanations are provided for only principals to whom relevant authorization rules are directly assigned.
1{2 "version": 1,3 "explanations": [4 {5 "/reports/reports/5f74a445-7b99-42db-ab45-2c71e893feb1": [6 {7 "principal": {8 "version": 1,9 "name": "SASAdministrators",10 "type": "group"11 },12 "read": {13 "result": "grant",14 "grantFactor": {15 "direct": true,16 "contributingRules": [17 {18 "method": "GET",19 "rel": "directContributingRule",20 "href": "/authorization/rules/febcfcde-00ab-41ea-af4d-dff4d51e9e04",21 "uri": "/authorization/rules/febcfcde-00ab-41ea-af4d-dff4d51e9e04"22 }23 ]24 }25 }26 },27 {28 "principal": {29 "version": 1,30 "type": "authenticated-users"31 },32 "read": {33 "result": "prohibit"34 }35 }36 ]37 },38 {39 "/folders/folders/123-456-789": [40 {41 "principal": {42 "version": 1,43 "name": "SASAdministrators",44 "type": "group"45 },46 "read": {47 "result": "grant",48 "grantFactor": {49 "direct": true,50 "contributingRules": [51 {52 "method": "GET",53 "rel": "directContributingRule",54 "href": "/authorization/rules/febcfcde-00ab-41ea-af4d-dff4d51e9e04",55 "uri": "/authorization/rules/febcfcde-00ab-41ea-af4d-dff4d51e9e04"56 }57 ]58 },59 "conveyedExplanation": {60 "result": "grant",61 "grantFactor": {62 "direct": true,63 "contributingRules": [64 {65 "method": "GET",66 "rel": "directContributingRule",67 "href": "/authorization/rules/febcfcde-00ab-41ea-af4d-dff4d51e9e04",68 "uri": "/authorization/rules/febcfcde-00ab-41ea-af4d-dff4d51e9e04"69 }70 ]71 }72 }73 }74 }75 ]76 }77 ]78}
| Name | Type | Required | Description |
|---|---|---|---|
acceptItemType | string | false | String to match rules' acceptItemType against. |
acceptType | string | false | String to match rules' acceptType against. |
additionalGroup | array [string] | false | The ID of an additional group to include. You can specify this parameter multiple times. |
additionalUser | array [string] | false | The ID of an additional user to include. You can specify this parameter multiple times. |
contentType | string | false | String to match rules' contentType against. |
includeShares | boolean | false | Whether to include explanations for shares. Default: false |
includeSystemAccounts | boolean | false | Whether to provide explanations for system accounts (such as sasapp and sas.ops-agentsrv). Default: false |
The resources for which explanations are requested. Only 'uri' type selections (relative object URIs) are supported.
Identifies a set of resources.
| Name | Type | Required | Description |
|---|---|---|---|
version | integer | true | The schema version number of this media type. This representation is version 1. |
template | string<uri> | false | A URI template in which the {id} parameter can be replaced with a value from the "resources" array in order to yield the URI of the identified resource. |
type | string | false | Specifies whether the resources array contains IDs, URIs, or both. \n\n"id"the array contains resource identifiers only. This is the default if "type" is omitted.\n"uri"the array contains resource URIs\n"mixed"the array contains a mixture of identifiers and URIs.\n Allowed values: idurimixed |
resources | array [string] | true | An array of resource IDs or URIs |
links | array [Link] | false | An array of links to related resources and actions. |
| Status | Meaning | Description | ||
|---|---|---|---|---|
| 200 | OK | The request succeeded. | Headers | Schema |
| 400 | Bad Request | The request was invalid. Returned if the format of the request does not match the schema for the media type used. |