Update or create an authorization rule

put/rules/{ruleId}

Internal-Use Only

Updates an authorization rule by completely replacing it with specified values. Or, if there is no rule that has the specified ID, creates a new rule using that ID.

Request Samples

application/vnd.sas.authorization.rule+json
1

Response Samples

200
application/vnd.sas.authorization.rule+json
1{
2  "type": "grant",
3  "permissions": [
4    "read"
5  ],
6  "principal": "testprincipal",
7  "principalType": "authenticatedUsers",
8  "objectUri": "/preferences/",
9  "description": "Allow access to a service root.",
10  "matchParams": false,
11  "version": 10,
12  "links": [
13    {
14      "method": "GET",
15      "rel": "self",
16      "href": "/authorization/rules/3288b305-981f-4b8d-b440-0911eabc3fac",
17      "uri": "/authorization/rules/3288b305-981f-4b8d-b440-0911eabc3fac",
18      "type": "application/vnd.sas.authorization.rule"
19    },
20    {
21      "method": "PUT",
22      "rel": "update",
23      "href": "/authorization/rules/3288b305-981f-4b8d-b440-0911eabc3fac",
24      "uri": "/authorization/rules/3288b305-981f-4b8d-b440-0911eabc3fac",
25      "type": "application/vnd.sas.authorization.rule",
26      "responseType": "application/vnd.sas.authorization.rule"
27    },
28    {
29      "method": "DELETE",
30      "rel": "delete",
31      "href": "/authorization/rules/3288b305-981f-4b8d-b440-0911eabc3fac",
32      "uri": "/authorization/rules/3288b305-981f-4b8d-b440-0911eabc3fac"
33    }
34  ],
35  "id": "3288b305-981f-4b8d-b440-0911eabc3fac",
36  "modifiedTimestamp": "2016-08-27T04:09:42.150Z",
37  "createdTimestamp": "2016-08-27T04:09:42.150Z",
38  "createdBy": "sas.preferences",
39  "modifiedBy": "sas.preferences",
40  "enabled": true
41}

Path Parameters

Name	Type	Required	Description
ruleId	string	true	The ID of the rule to update or create.

Header Parameters

Name	Type	Required	Description
If-Match	string	true	The entity tag obtained from the most recent `ETag` response header. Must match the current entity tag for the rule.

Request Body

The properties of the rule.

Any authorization rule that can be referenced by a unique identifier. This can be a savedAuthorizationRule or an unsaved authorization rule that has a client-specified identifier.

Name	Type	Required	Description
condition	string	false	A Spring Expression Language (SpEL) expression that limits the applicability of the rule. The rule applies only in authorization contexts in which the expression evaluates to 'true'.
containerUri	string	false	A relative URI that represents the container aspect of a container object, such as a folder. Rules that target a container URI affect access that the container conveys to its child members.
expirationTimeStamp	string<date-time>	false	The date and time at which the rule expires. Expired rules should be disregarded and deleted.
filter	string	false	Filter criteria for the rule's target object (or objects). This property is not currently in use.
contentType	string	false	Media type of the object that is handled by an endpoint. If set, rules will only apply to endpoints that consume resources of this type. Most rules do not specify a content type.
acceptType	string	false	Media type of the object returned by an endpoint. If set, rules will only apply to endpoints that produce resources of this type. Most rules do not specify an accept type.
acceptItemType	string	false	Media type of object in a resource collection that is returned by an endpoint. If set, rules will only apply to endpoints that produce a resource collection containing resources of this type. Most rules do not specify an accept item type.
objectUri	string	true	A relative URI or ANT-path pattern that represents a resource or set of resources. Most rules target an object URI.
permissions	array [string]	true	The specific actions that the rule affects (for example: read, update, delete, create, secure, add, or remove). Allowed values: addcreatedeletereadremovesecureupdate
principal	string	true	Specifies the ID of a user or group to which the rule applies. Use this property in conjunction with the principalType property.
principalType	string	true	The type of principal or construct to which the rule applies. Allowed values: usergroupauthenticatedUserseveryoneguest
reason	string	false	Information that a client can display to end users for diagnostic purposes. For example, a prohibit rule’s reason could be displayed to an end user as part of an 'access denied' message.
type	string	true	Indicates whether the rule blocks (prohibit) or attempts to provide (grant) access to the specified principal. Allowed values: grantprohibit
version	integer<int32>	false	The version of the rule representation. The current representation version is 8.
description	string	false	Information that documents the rule for administrative purposes.
enabled	boolean	false	Indicates whether the rule is enabled. Default: true
matchParams	boolean	false	Indicates whether the rule applies to only those requests whose query parameters exactly match the rule target. Default: false
links	array [Link]	false	Zero or more links that are to related resources and actions.
ruleId	string	false	The unique identifier for the rule.

Responses

Status	Meaning	Description
200	OK	The object was updated.	Headers	Schema
201	Created	A new authorization rule was created.	Headers	Schema
400	Bad Request	The request was invalid. Returned if the format of the request does not match the schema for the media type used. Also can be returned if the ID passed in the request payload does not match the ID in the URI.
412	Precondition Failed	Precondition failed		Schema
428	Precondition Required	Precondition required		Schema