Check permissions

Permissions define the ways in which a principal can interact with a SCO.

A permission mapping, indicating what permissions a principal has for a particular SCO, is called an access control list or ACL. An ACL consists of three pieces of information:

  • The ID of a principal (a principal-id ).

  • The ID of a SCO, account, or principal being acted on. In permission calls, it’s called an acl-id . In other calls, the ID might be called a sco-id , account-id , or principal-id .

  • A keyword that indicates the permission level the principal has, which is one of the valid values in permission-id .

Check the permission a principal has on a SCO

  1. Call permissions-info with both an acl-id and principal-id :

    https://example.com/api/xml?action=permissions-info&acl-id=2006334909 
        &principal-id=2006258745

    To check for permissions on a SCO, the acl-id is a sco-id . The acl-id can also be a principal-id or account-id .

  2. Parse the response for a permission-id :

    <?xml version="1.0" encoding="utf-8" ?>  
    <results> 
        <status code="ok" />  
        <permission acl-id="2007035246" permission-id="view"  
                principal-id="2006258745" />  
    </results>

    If a principal does not have an explicit permission to the SCO (in other words, if permission-id="" ), the principal’s permissions on the SCO’s parent object apply.

Check all principals’ permissions on a SCO

  1. Call permissions-info with an acl-id , but no principal-id :

    https://example.com/api/xml?action=permissions-info&acl-id=2006293572
  2. Iterate through the principal elements and parse them for permission-id values:

    <principal principal-id="2596608" is-primary="false" type="user"  
                    has-children="false" permission-id="view"> 
            <name>Jay Arnold</name>  
            <login>jay@example.com</login>  
    </principal>

    The valid permission values are listed in permission-id .

// Ethnio survey code removed