Create a new authorization rule

post/rules
Internal-Use Only

Creates a new authorization rule that has a system-generated ID.

Request Samples

1

Response Samples

1{
2 "type": "grant",
3 "permissions": [
4 "read"
5 ],
6 "principalType": "authenticatedUsers",
7 "objectUri": "/preferences/",
8 "description": "Allow access to a service root.",
9 "matchParams": false,
10 "enabled": true,
11 "principal": "testprincipal"
12}

Header Parameters

NameTypeRequiredDescription
Accept
string
false

Specifies the desired format of the returned rule. Supported media types are: application/vnd.sas.authorization.rule+json;version=1 application/vnd.sas.authorization.rule+json;version=2 application/vnd.sas.authorization.rule+json;version=3 application/vnd.sas.authorization.rule+json;version=4 application/vnd.sas.authorization.rule+json;version=5 application/vnd.sas.authorization.rule+json;version=6 application/vnd.sas.authorization.rule+json;version=7 application/vnd.sas.authorization.rule+json;version=8 application/vnd.sas.authorization.rule+json;version=9 application/vnd.sas.authorization.rule+json;version=10

Content-Type
string
false

Specifies the format of the incoming rule. Supported media types are: application/vnd.sas.authorization.rule+json;version=1 application/vnd.sas.authorization.rule+json;version=2 application/vnd.sas.authorization.rule+json;version=3 application/vnd.sas.authorization.rule+json;version=4 application/vnd.sas.authorization.rule+json;version=5 application/vnd.sas.authorization.rule+json;version=6 application/vnd.sas.authorization.rule+json;version=7 application/vnd.sas.authorization.rule+json;version=8 application/vnd.sas.authorization.rule+json;version=9 application/vnd.sas.authorization.rule+json;version=10

Request Body

The properties of the new rule.

An authorization rule that does not have a known ID. The rule has not been saved or the ID is unavailable for some other reason. Compare with SavedAuthorizationRule.

NameTypeRequiredDescription
condition
string
false

A Spring Expression Language (SpEL) expression that limits the applicability of the rule. The rule applies only in authorization contexts in which the expression evaluates to 'true'.

containerUri
string
false

A relative URI that represents the container aspect of a container object, such as a folder. Rules that target a container URI affect access that the container conveys to its child members.

expirationTimeStamp
string<date-time>
false

The date and time at which the rule expires. Expired rules should be disregarded and deleted.

filter
string
false

Filter criteria for the rule's target object (or objects). This property is not currently in use.

contentType
string
false

Media type of the object that is handled by an endpoint. If set, rules will only apply to endpoints that consume resources of this type. Most rules do not specify a content type.

acceptType
string
false

Media type of the object returned by an endpoint. If set, rules will only apply to endpoints that produce resources of this type. Most rules do not specify an accept type.

acceptItemType
string
false

Media type of object in a resource collection that is returned by an endpoint. If set, rules will only apply to endpoints that produce a resource collection containing resources of this type. Most rules do not specify an accept item type.

objectUri
string
true

A relative URI or ANT-path pattern that represents a resource or set of resources. Most rules target an object URI.

permissions
array [string]
true

The specific actions that the rule affects (for example: read, update, delete, create, secure, add, or remove).

Allowed values:
addcreatedeletereadremovesecureupdate
principal
string
true

Specifies the ID of a user or group to which the rule applies. Use this property in conjunction with the principalType property.

principalType
string
true

The type of principal or construct to which the rule applies.

Allowed values:
usergroupauthenticatedUserseveryoneguest
reason
string
false

Information that a client can display to end users for diagnostic purposes. For example, a prohibit rule’s reason could be displayed to an end user as part of an 'access denied' message.

type
string
true

Indicates whether the rule blocks (prohibit) or attempts to provide (grant) access to the specified principal.

Allowed values:
grantprohibit
version
integer<int32>
false

The version of the rule representation. The current representation version is 8.

description
string
false

Information that documents the rule for administrative purposes.

enabled
boolean
false

Indicates whether the rule is enabled.

Default:
true
matchParams
boolean
false

Indicates whether the rule applies to only those requests whose query parameters exactly match the rule target.

Default:
false
links
array [Link]
false

Zero or more links that are to related resources and actions.

Responses

StatusMeaningDescription
201CreatedA new authorization rule was created.HeadersSchema
400Bad RequestThe request was invalid. Returned if the specified authorization rule is invalid.