Permissions

Note

Refer to Authentication for ways to authenticate to the TPP WebSDK.

Creating, Updating, & Deleting Permissions

Note

Creating and updating permissions use the same method: features.permissions.update(). Updating permissions will create them if they do not exist for the user or group.

from pytpp import Authenticate, Features

api = Authenticate(...)
features = Features(api)

#### CREATE/UPDATE ####
features.permissions.update(
    obj=r'\VED\Policy\Administration\CAs',
    identity='AD+AwesomeAD:user123',
    is_associate_allowed=False,
    is_create_allowed=True,
    is_delete_allowed=True,
    is_manage_permissions_allowed=False,
    is_policy_write_allowed=False,
    is_private_key_read_allowed=False,
    is_private_key_write_allowed=False,
    is_read_allowed=True,
    is_rename_allowed=True,
    is_revoke_allowed=False,
    is_view_allowed=True,
    is_write_allowed=True
)

#### DELETE ####
features.permissions.delete(
    obj=r'\VED\Policy\Certificates\Awesome Team',
    identity='AD+AwesomeAD:user123'
)

Getting Explicit Permissions

Note

Explicit permissions are the permissions that are explicitly granted to a user or group on the object.

from pytpp import Authenticate, Features

api = Authenticate(...)
features = Features(api)

#### GET EXPLICIT PERMISSIONS ####
permissions = feature.permissions.get_explicit(
    obj=r'\VED\Policy\Certificates\Awesome Team',
    identity='AD+AwesomeAD:user123',
)

Getting Implicit Permissions

Note

Implicit permissions are permissions inherited from other folders and group memberships.

from pytpp import Authenticate, Features

api = Authenticate(...)
features = Features(api)

permissions = feature.permissions.get_implicit(
    obj=r'\VED\Policy\Administration\CAs',
    identity='AD+AwesomeAD:user123',
)

Getting Effective Permissions

Note

Effective permissions are the permissions that are effectively enforced by TPP. All master admin, implicit, and explicit permissions are taken into account to evaluate the final effective permissions of a user or group.

from pytpp import Authenticate, Features

api = Authenticate(...)
features = Features(api)

permissions = feature.permissions.get_effective(
    obj=r'\VED\Policy\Administration\CAs',
    identity='AD+AwesomeAD:user123',
)

Listing Identities Permitted On An Object

Note

Identites returned are those having effective permissions on the object.

from pytpp import Authenticate, Features

api = Authenticate(...)
features = Features(api)

#### LIST ALL IDENTITY PERMISSIONS ####
identities = feature.permissions.list_identities(obj=r'\VED\Policy\Administration\CAs')

for identity in identities:
    print(identity.name)