POST OAuth/EnumerateRules
Enumerates all rules for a particular application.
Requirements
- Roles: Admin, Grant Admin, Auditor, or Application Owner. See OAuth roles for more information.
- Token scope: Admin
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
NOTE Only one of the required parameters must passed.
Name |
Description |
---|---|
ApplicationID
string |
(Required) The ID of the application. |
Count integer |
(Required) The number of results to show per page. Request a specific page using the Start parameter. |
GranteePrefixedUniversal string |
(Required) The prefixed universal for the identity whose grants will be enumerated. |
Descending boolean |
Set to |
MaximumScope string |
Results must match the string passed. |
NoExpire boolean |
Set to |
OrderBy integer |
The field for the rules to be ordered by. The following values can be passed:
|
Renewable boolean |
Set to |
Start integer |
The page of results to display. The Count parameter is required, and it will determine the number of results to show per page. |
Returns
Name |
Description |
---|---|
HTTP 200 |
See OAuth result codes. A Rules array is returned with a list of rules. For descriptions of each value in the response, see the Parameters section of POST OAuth/CreateRule. |
HTTP 400 |
For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body:
|
HTTP 401 |
For authentication errors, this call returns HTTP 401 Unauthorized and the following data in the message body:
|
HTTP 403 |
If the response is HTTP 403 Forbidden, the requester's token does not include the admin scope. Call POST Authorize/Oauth with the correct scope and restriction. Update the header with the new token and retry.
|
Examples
Request examples
Return all rules for a user
POST /vedsdk/oauth/enumeraterules HTTP/1.1 Host: tpp-server-url Content-Type: application/json Accept: application/json Authorization: Bearer 4MyGeneratedBearerTknz== { "TrusteePrefixedUniversal": "local:{23cbc293-90f9-4e77-95a7-6cf5d9a4bd2e}" }
Return all rules for an application
POST /vedsdk/oauth/enumeraterules HTTP/1.1 Host: tpp-server-url Content-Type: application/json Accept: application/json Authorization: Bearer 4MyGeneratedBearerTknz== { "ApplicationId": "VenafiMMCEventViewer" }
Return all rules that match all parameters
POST /vedsdk/oauth/enumeraterules HTTP/1.1 Host: tpp-server-url Content-Type: application/json Accept: application/json Authorization: Bearer 4MyGeneratedBearerTknz== { "ApplicationId": "SSHManage", "TrusteePrefixedUniversal": "local:{23cbc293-90f9-4e77-95a7-6cf5d9a4bd2e}", "AccessValidity": 31557600, "Description": "This is the decription for this application", "GrantValidity": 7776000, "MaximumScope": "ssh:approve,delete,discover,manage", "Renewable": true }
Response example
Sample response for request to return the SSHManage application
{ "Result": 0, "Rules": [ { "AccessValidity": 21557600, "ApplicationId": "SSHManage", "Description": "Rule for User 2", "GrantValidity": 2776000, "MaximumScope": "ssh:discover", "Renewable": true, "TrusteePrefixedUniversal": "local:{5371f67c-c194-49e2-9c1a-e25c8b0e2e32}" }, { "AccessValidity": 11557600, "ApplicationId": "SSHManage", "Description": "Rule for User 1", "GrantValidity": 1776000, "MaximumScope": "ssh:discover", "Renewable": false, "TrusteePrefixedUniversal": "local:{23cbc293-90f9-4e77-95a7-6cf5d9a4bd2e}" }, { "AccessValidity": 31557600, "ApplicationId": "SSHManage", "Description": "Rule for User 3", "GrantValidity": 3776000, "MaximumScope": "ssh:discover", "Renewable": false, "TrusteePrefixedUniversal": "local:{e818fecb-54fc-43e0-b16f-372032fda588}" } ], "Success": true }