POST

tenants

{tenant_id}

permissions

lookup-subject

cr, err := client.Permission.LookupSubject(context.Background(), &v1.PermissionLookupSubjectRequest{
    TenantId: "t1",
    Metadata: &v1.PermissionLookupSubjectRequestMetadata{
        SnapToken: "",
        SchemaVersion: "",
        Depth: 20,
    },
    Entity: &v1.Entity{
        Type: "document",
        Id: "1",
    },
    Permission: "edit",
    SubjectReference: &v1.RelationReference{
        Type: "user",
        Relation: "",
    },
    PageSize: 20,
    ContinuousToken: "",
})

{
  "subject_ids": [
    "<string>"
  ],
  "continuous_token": "<string>"
}

Lookup Subject endpoint lets you ask questions in form of “Which subjects can do action Y on entity:X?”. As a response of this you’ll get a subject results in a format of string array.

In this endpoint you’ll get directly the IDs’ of the subjects that are authorized in an array.

Path Parameters

tenant_id

string

required

Identifier of the tenant, if you are not using multi-tenancy (have only one tenant) use pre-inserted tenant <code>t1</code> for this field. Required, and must match the pattern \“[a-zA-Z0-9-,]+\“, max 64 bytes.

Body

application/json

PermissionLookupSubjectRequest is the request message for the LookupSubject method in the Permission service.

metadata

object

PermissionLookupSubjectRequestMetadata metadata for the PermissionLookupSubjectRequest.

entity

object

Entity represents an entity with a type and an identifier.

permission

string

Permission to be checked, can be a permission or relation. Required, and must match the pattern "^([a-zA-Z][a-zA-Z0-9_]{1,62}[a-zA-Z0-9])$", max 64 bytes.

subject_reference

object

The RelationReference message provides a reference to a specific relation.

context

object

Context encapsulates the information related to a single operation, including the tuples involved and the associated attributes.

context.tuples

object[]

A repeated field of tuples involved in the operation.

context.attributes

object[]

A repeated field of attributes associated with the operation.

context.attributes.entity

object

Entity represents an entity with a type and an identifier.

context.attributes.attribute

string

context.attributes.value

object

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

 foo := &pb.Foo{...}
 any, err := anypb.New(foo)
 if err != nil {
   ...
 }
 ...
 foo := &pb.Foo{}
 if err := any.UnmarshalTo(foo); err != nil {
   ...
 }

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

JSON

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

context.data

object

Additional data associated with the context.

page_size

integer

page_size is the number of tenants to be returned in the response. The value should be between 1 and 100.

continuous_token

string

continuous_token is an optional parameter used for pagination. It should be the value received in the previous response.

Response

200

application/json

A successful response.

PermissionLookupSubjectResponse is the response message for the LookupSubject method in the Permission service.

subject_ids

string[]

List of identifiers for subjects that match the lookup.

continuous_token

string

continuous_token is a string that can be used to paginate and retrieve the next set of results.

Expand API Lookup Entity (Data Filtering)

cr, err := client.Permission.LookupSubject(context.Background(), &v1.PermissionLookupSubjectRequest{
    TenantId: "t1",
    Metadata: &v1.PermissionLookupSubjectRequestMetadata{
        SnapToken: "",
        SchemaVersion: "",
        Depth: 20,
    },
    Entity: &v1.Entity{
        Type: "document",
        Id: "1",
    },
    Permission: "edit",
    SubjectReference: &v1.RelationReference{
        Type: "user",
        Relation: "",
    },
    PageSize: 20,
    ContinuousToken: "",
})

{
  "subject_ids": [
    "<string>"
  ],
  "continuous_token": "<string>"
}

API Documentation

Schema Service

Data Service

Permission Service

Tenancy Service

Bundle Service

Watch Service

Subject Filtering

Path Parameters

Body

JSON

Response