Permissions
define the ways in which a principal can interact with a SCO.
A permission mapping, indicating what permissions a principal
has for a particular SCO, is called an
access control list
or
ACL. An ACL consists of three pieces of information:
-
The ID of a principal (a
principal-id
).
-
The ID of a SCO, account, or principal being acted on. In
permission calls, it’s called an
acl-id
. In other
calls, the ID might be called a
sco-id
,
account-id
,
or
principal-id
.
-
A keyword that indicates the permission level the principal
has, which is one of the valid values in
permission-id
.
Check the permission a principal has on a SCO
-
Call
permissions-info
with
both an
acl-id
and
principal-id
:
https://example.com/api/xml?action=permissions-info&acl-id=2006334909
&principal-id=2006258745
To check for permissions
on a SCO, the
acl-id
is a
sco-id
.
The
acl-id
can also be a
principal-id
or
account-id
.
-
Parse the response for a
permission-id
:
<?xml version="1.0" encoding="utf-8" ?>
<results>
<status code="ok" />
<permission acl-id="2007035246" permission-id="view"
principal-id="2006258745" />
</results>
If a principal does not have an
explicit permission to the SCO (in other words, if
permission-id=""
),
the principal’s permissions on the SCO’s parent object apply.
Check all principals’ permissions on a SCO
-
Call
permissions-info
with
an
acl-id
, but no
principal-id
:
https://example.com/api/xml?action=permissions-info&acl-id=2006293572
-
Iterate through the
principal
elements and
parse them for
permission-id
values:
<principal principal-id="2596608" is-primary="false" type="user"
has-children="false" permission-id="view">
<name>Jay Arnold</name>
<login>jay@example.com</login>
</principal>
The valid permission values are
listed in
permission-id
.
|
|
|