Permissions
- class Permissions(api)
Bases:
FeatureBase
- delete(obj, identity)
Deletes all explicit permissions granted to a user or group on the
obj
. All implicit permissions, i.e. those that are inherited from group memberships and parent folders, are unaffected.- Parameters
obj (Union[config.Object, str]) – Config Object or Distinguished Name (DN) of the object.
identity (Union[ident.Identity, str]) – Identity Object or Prefixed Name of the user or group.
- get_effective(obj, identity)
Returns the effective permissions of a user or group on the
obj
. Effective permissions are the permissions that are take effect when the user authenticates to TPP. All Master Admin, implicit, and explicit permissions are taken into account to evaluate the final effective permissions of a user or group.- Parameters
obj (Union[config.Object, str]) – Config Object or Distinguished Name (DN) of the object.
identity (Union[ident.Identity, str]) – Identity Object or Prefixed Name of the user or group.
- Returns
Effective permissions granted to the
identity
.- Return type
- get_explicit(obj, identity)
Returns the explicit permissions of a user or group on the
obj
. Explicit permissions are the permissions that are explicitly granted to a user or group on a particular object. A user or group may have permissions to the object via implicit permissions, which are permissions inherited from other folders and group memberships. Implicit permissions are ignored. To get implicit permissions, useget_implicit()
.- Parameters
obj (Union[config.Object, str]) – Config Object or Distinguished Name (DN) of the object.
identity (Union[ident.Identity, str]) – Identity Object or Prefixed Name of the user or group.
- Returns
Explicit permissions granted to the
identity
.- Return type
- get_implicit(obj, identity)
Returns the implicit permissions of a user or group on the
obj
. Implicit permissions are permissions inherited from other folders and group memberships. To get explicit permissions, useget_explicit()
.- Parameters
obj (Union[config.Object, str]) – Config Object or Distinguished Name (DN) of the object.
identity (Union[ident.Identity, str]) – Identity Object or Prefixed Name of the user or group.
- Returns
Implicit permissions granted to the
identity
.- Return type
- list_identities(obj)
Returns a list of Identity objects that have explicit permissions to the object. Explicit permissions are the permissions that are explicitly granted to a user or group on a particular object. A user or group may have permissions to the object via implicit permissions, which are permissions inherited from other folders and group memberships. Implicit permissions are ignored.
- Parameters
obj (Union[config.Object, str]) – Config Object or Distinguished Name (DN) of the object.
- Returns
List of Identity Object.
- update(obj, identity, is_associate_allowed=None, is_create_allowed=None, is_delete_allowed=None, is_manage_permissions_allowed=None, is_policy_write_allowed=None, is_private_key_read_allowed=None, is_private_key_write_allowed=None, is_read_allowed=None, is_rename_allowed=None, is_revoke_allowed=None, is_view_allowed=None, is_write_allowed=None)
Grants the specified permissions to a user or group identity. If any arguments are not specified as
True
orFalse
then that value will default to their existing permissions orFalse
.- Parameters
obj (Union[config.Object, str]) – Config Object or Distinguished Name (DN) of the object.
identity (Union[ident.Identity, str]) – Identity Object or Prefixed Name of the user or group.
is_associate_allowed (bool) – Allows associating/dissociating applications to certificates and pushing certificates to the associated applications.
is_create_allowed (bool) – Allows creating subordinate objects to the
obj
. Also grants View permission.is_delete_allowed (bool) – Allows deleting subordinate objects to the
obj
.is_manage_permissions_allowed (bool) – Allows modification to others’ permissions to
obj
and its subordinate objects.is_policy_write_allowed (bool) – Allows modification to policy values on folder. Requires View permission. Also grants Read and Write permissions.
is_private_key_read_allowed (bool) – Allows download of private keys.
is_private_key_write_allowed (bool) – Allows upload of private keys.
is_read_allowed (bool) – Allows ability to read values on subordinate objects to
obj
.is_rename_allowed (bool) – Allows ability to rename and move subordinate objects to
obj
. Requires Rename permission to the destination location.is_revoke_allowed (bool) – Allows ability to invalidate a certificate. Requires Write permission to the certificate object.
is_view_allowed (bool) – Allows ability to view the name of all subordinate objects to
obj
.is_write_allowed (bool) – Allows editing of subordinate objects to
obj
.