Obtain predictive authorization decisions
Provides decisions and explanations that incorporate unsaved changes to authorization rules. A client enters an array of PATCH input that describes unsaved changes to authorization rules. The returned information is hypothetical in the sense that it reflects the effects of unsaved changes.
1{2 "version": 1,3 "explanations": [4 {5 "/reports/reports/5f74a445-7b99-42db-ab45-2c71e893feb1": [6 {7 "principal": {8 "version": 1,9 "name": "SASAdministrators",10 "type": "group"11 },12 "read": {13 "result": "grant",14 "grantFactor": {15 "direct": true,16 "contributingRules": [17 {18 "method": "GET",19 "rel": "directContributingRule",20 "href": "/authorization/rules/febcfcde-00ab-41ea-af4d-dff4d51e9e04",21 "uri": "/authorization/rules/febcfcde-00ab-41ea-af4d-dff4d51e9e04"22 }23 ]24 }25 }26 },27 {28 "principal": {29 "version": 1,30 "type": "authenticated-users"31 },32 "read": {33 "result": "prohibit"34 }35 }36 ]37 },38 {39 "/folders/folders/123-456-789": [40 {41 "principal": {42 "version": 1,43 "name": "SASAdministrators",44 "type": "group"45 },46 "read": {47 "result": "grant",48 "grantFactor": {49 "direct": true,50 "contributingRules": [51 {52 "method": "GET",53 "rel": "directContributingRule",54 "href": "/authorization/rules/febcfcde-00ab-41ea-af4d-dff4d51e9e04",55 "uri": "/authorization/rules/febcfcde-00ab-41ea-af4d-dff4d51e9e04"56 }57 ]58 },59 "conveyedExplanation": {60 "result": "grant",61 "grantFactor": {62 "direct": true,63 "contributingRules": [64 {65 "method": "GET",66 "rel": "directContributingRule",67 "href": "/authorization/rules/febcfcde-00ab-41ea-af4d-dff4d51e9e04",68 "uri": "/authorization/rules/febcfcde-00ab-41ea-af4d-dff4d51e9e04"69 }70 ]71 }72 }73 }74 }75 ]76 }77 ]78}
| Name | Type | Required | Description |
|---|---|---|---|
acceptItemType | string | false | String to match rules' acceptItemType against. |
acceptType | string | false | String to match rules' acceptType against. |
additionalGroup | array [string] | false | The ID of an additional group to include. You can specify this parameter multiple times. |
additionalUser | array [string] | false | The ID of an additional user to include. You can specify this parameter multiple times. |
contentType | string | false | String to match rules' contentType against. |
includeShares | boolean | false | Whether to include explanations for shares. Default: false |
includeSystemAccounts | boolean | false | Whether to provide hypothetical explanations for system accounts (such as sasapp and sas.ops-agentsrv). Default: false |
A hypothetical object that consists of one or more URIs and one or more new rules.
An authorization explanation, using new additional rules that aren't yet persisted in the service
| Name | Type | Required | Description |
|---|---|---|---|
version | integer<int32> | false | The version of the resource selection format that is being referenced. |
patch | array [Rule Patch Operation] | false | An array of patch operations to apply to the existing rules. |
uris | array [string] | false | The URIs for which to create the explanations. |
| Status | Meaning | Description | ||
|---|---|---|---|---|
| 200 | OK | The request succeeded. | Headers | Schema |
| 400 | Bad Request | The request was invalid. Returned if the format of the request does not match the schema for the media type used. |