POST

tenants

{tenant_id}

permissions

subject-permission

The Subject Permission List endpoint allows you to inquire in the form of “Which permissions user:x can perform on entity:y?”. In response, you’ll receive a list of permissions specific to the user for the given entity, returned in the format of a map.

In this endpoint, you’ll receive a map of permissions and their statuses directly. The structure is map[string]CheckResult, such as “sample-permission” -> “ALLOWED”. This represents the permissions and their associated states in a key-value pair format.

Path Parameters

tenant_id

string

required

Identifier of the tenant, if you are not using multi-tenancy (have only one tenant) use pre-inserted tenant <code>t1</code> for this field. Required, and must match the pattern \“[a-zA-Z0-9-,]+\“, max 64 bytes.

Body

application/json

PermissionSubjectPermissionRequest is the request message for the SubjectPermission method in the Permission service.

metadata

object

PermissionSubjectPermissionRequestMetadata metadata for the PermissionSubjectPermissionRequest.

entity

object

Entity represents an entity with a type and an identifier.

subject

object

Subject represents an entity subject with a type, an identifier, and a relation.

context

object

Context encapsulates the information related to a single operation, including the tuples involved and the associated attributes.

context.tuples

object[]

A repeated field of tuples involved in the operation.

context.attributes

object[]

A repeated field of attributes associated with the operation.

context.attributes.entity

object

Entity represents an entity with a type and an identifier.

context.attributes.attribute

string

context.attributes.value

object

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

 foo := &pb.Foo{...}
 any, err := anypb.New(foo)
 if err != nil {
   ...
 }
 ...
 foo := &pb.Foo{}
 if err := any.UnmarshalTo(foo); err != nil {
   ...
 }

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

JSON

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

context.data

object

Additional data associated with the context.

Response

200 - application/json

PermissionSubjectPermissionResponse is the response message for the SubjectPermission method in the Permission service.

results

object

Map of results for each permission check.

Lookup Entity (Streaming)List Tenants

API Documentation

Schema Service

Data Service

Permission Service

Tenancy Service

Bundle Service

Watch Service

Subject Permission List

Path Parameters

Body

JSON

Response