Permissions

class Permissions(api)

Bases: FeatureBase

delete(obj, identity)

Deletes all explicit permissions granted to a user or group on the obj. All implicit permissions, i.e. those that are inherited from group memberships and parent folders, are unaffected.

Parameters

• obj (Union[config.Object, str]) – Config Object or Distinguished Name (DN) of the object.

• identity (Union[ident.Identity, str]) – Identity Object or Prefixed Name of the user or group.

get_effective(obj, identity)

Returns the effective permissions of a user or group on the obj. Effective permissions are the permissions that are take effect when the user authenticates to TPP. All Master Admin, implicit, and explicit permissions are taken into account to evaluate the final effective permissions of a user or group.

Parameters

• obj (Union[config.Object, str]) – Config Object or Distinguished Name (DN) of the object.

• identity (Union[ident.Identity, str]) – Identity Object or Prefixed Name of the user or group.

Returns

Effective permissions granted to the identity.

Return type

Permissions

get_explicit(obj, identity)

Returns the explicit permissions of a user or group on the obj. Explicit permissions are the permissions that are explicitly granted to a user or group on a particular object. A user or group may have permissions to the object via implicit permissions, which are permissions inherited from other folders and group memberships. Implicit permissions are ignored. To get implicit permissions, use get_implicit().

Parameters

• obj (Union[config.Object, str]) – Config Object or Distinguished Name (DN) of the object.

• identity (Union[ident.Identity, str]) – Identity Object or Prefixed Name of the user or group.

Returns

Explicit permissions granted to the identity.

Return type

Permissions

get_implicit(obj, identity)

Returns the implicit permissions of a user or group on the obj. Implicit permissions are permissions inherited from other folders and group memberships. To get explicit permissions, use get_explicit().

Parameters

• obj (Union[config.Object, str]) – Config Object or Distinguished Name (DN) of the object.

• identity (Union[ident.Identity, str]) – Identity Object or Prefixed Name of the user or group.

Returns

Implicit permissions granted to the identity.

Return type

Permissions

list_identities(obj)

Returns a list of Identity objects that have explicit permissions to the object. Explicit permissions are the permissions that are explicitly granted to a user or group on a particular object. A user or group may have permissions to the object via implicit permissions, which are permissions inherited from other folders and group memberships. Implicit permissions are ignored.

Parameters

obj (Union[config.Object, str]) – Config Object or Distinguished Name (DN) of the object.

Returns

List of Identity Object.

update(obj, identity, is_associate_allowed=None, is_create_allowed=None, is_delete_allowed=None, is_manage_permissions_allowed=None, is_policy_write_allowed=None, is_private_key_read_allowed=None, is_private_key_write_allowed=None, is_read_allowed=None, is_rename_allowed=None, is_revoke_allowed=None, is_view_allowed=None, is_write_allowed=None)

Grants the specified permissions to a user or group identity. If any arguments are not specified as True or False then that value will default to their existing permissions or False.

Parameters

• obj (Union[config.Object, str]) – Config Object or Distinguished Name (DN) of the object.

• identity (Union[ident.Identity, str]) – Identity Object or Prefixed Name of the user or group.

• is_associate_allowed (bool) – Allows associating/dissociating applications to certificates and pushing certificates to the associated applications.

• is_create_allowed (bool) – Allows creating subordinate objects to the obj. Also grants View permission.

• is_delete_allowed (bool) – Allows deleting subordinate objects to the obj.

• is_manage_permissions_allowed (bool) – Allows modification to others’ permissions to obj and its subordinate objects.

• is_policy_write_allowed (bool) – Allows modification to policy values on folder. Requires View permission. Also grants Read and Write permissions.

• is_private_key_read_allowed (bool) – Allows download of private keys.

• is_private_key_write_allowed (bool) – Allows upload of private keys.

• is_read_allowed (bool) – Allows ability to read values on subordinate objects to obj.

• is_rename_allowed (bool) – Allows ability to rename and move subordinate objects to obj. Requires Rename permission to the destination location.

• is_revoke_allowed (bool) – Allows ability to invalidate a certificate. Requires Write permission to the certificate object.

• is_view_allowed (bool) – Allows ability to view the name of all subordinate objects to obj.

• is_write_allowed (bool) – Allows editing of subordinate objects to obj.