Permissions
Note
Refer to Authentication for ways to authenticate to the TPP WebSDK.
Creating, Updating, & Deleting Permissions
Note
Creating and updating permissions use the same method: features.permissions.update()
. Updating
permissions will create them if they do not exist for the user or group.
from pytpp import Authenticate, Features
api = Authenticate(...)
features = Features(api)
#### CREATE/UPDATE ####
features.permissions.update(
obj=r'\VED\Policy\Administration\CAs',
identity='AD+AwesomeAD:user123',
is_associate_allowed=False,
is_create_allowed=True,
is_delete_allowed=True,
is_manage_permissions_allowed=False,
is_policy_write_allowed=False,
is_private_key_read_allowed=False,
is_private_key_write_allowed=False,
is_read_allowed=True,
is_rename_allowed=True,
is_revoke_allowed=False,
is_view_allowed=True,
is_write_allowed=True
)
#### DELETE ####
features.permissions.delete(
obj=r'\VED\Policy\Certificates\Awesome Team',
identity='AD+AwesomeAD:user123'
)
Getting Explicit Permissions
Note
Explicit permissions are the permissions that are explicitly granted to a user or group on the object.
from pytpp import Authenticate, Features
api = Authenticate(...)
features = Features(api)
#### GET EXPLICIT PERMISSIONS ####
permissions = feature.permissions.get_explicit(
obj=r'\VED\Policy\Certificates\Awesome Team',
identity='AD+AwesomeAD:user123',
)
Getting Implicit Permissions
Note
Implicit permissions are permissions inherited from other folders and group memberships.
from pytpp import Authenticate, Features
api = Authenticate(...)
features = Features(api)
permissions = feature.permissions.get_implicit(
obj=r'\VED\Policy\Administration\CAs',
identity='AD+AwesomeAD:user123',
)
Getting Effective Permissions
Note
Effective permissions are the permissions that are effectively enforced by TPP. All master admin, implicit, and explicit permissions are taken into account to evaluate the final effective permissions of a user or group.
from pytpp import Authenticate, Features
api = Authenticate(...)
features = Features(api)
permissions = feature.permissions.get_effective(
obj=r'\VED\Policy\Administration\CAs',
identity='AD+AwesomeAD:user123',
)
Listing Identities Permitted On An Object
Note
Identites returned are those having effective permissions on the object.
from pytpp import Authenticate, Features
api = Authenticate(...)
features = Features(api)
#### LIST ALL IDENTITY PERMISSIONS ####
identities = feature.permissions.list_identities(obj=r'\VED\Policy\Administration\CAs')
for identity in identities:
print(identity.name)