Wiki
Clone wikiieeg / WsResourceAces
An ace is an access control entity. We have three types: projectAce
, userAce
, and worldAce
. Common ace attributes are
id
: The ace's idpermission
: The permission granted by the ace. Legal values depend on ace type.targetId
: The id of the target to which the ace applies. This is restricted to dataset ids.
The projectAce
is used to give access to one of the two groups defined by a project: the team or the admins. This ace requires the following additional attributes:
project
: The name of the project being given access.projectId
: The id of the project being given access.projectGroup
: The group within the project being given access. Legal values areteam
oradmins
.
Legal values of permission
are READ
, EDIT
, and OWNER
.
projectAce
example:
<projectAce id="23" project="My Project 1" projectId="5" projectGroup="team" permission="EDIT" targetId="1772c0f3-dad1-4a0c-b702-d8393fdd0db9" />
The userAce
is used to give access to an individual user. This ace adds the following attributes to the common ones:
username
: The user being given access.userId
: The id of the user being given access.
Legal values of permission
are READ
, EDIT
, and OWNER
.
userAce
example:
<userAce id="109" username="Joe Smith" userId="340" permission="OWNER" targetId="1772c0f3-dad1-4a0c-b702-d8393fdd0db9" />
The worldAce
is used to give access to all non-guest users. It does not require additional attributes.
Legal values of permission
are NONE
, READ
, and EDIT
.
worldAce
example:
<worldAce id="5" permission="READ" targetId="1772c0f3-dad1-4a0c-b702-d8393fdd0db9" />
List a dataset's aces (dev)
See the Datasets resource.
Add an ace (dev)
POST /services/aces
Example request body:
<userAce username="Joe Smith" userId="340" permission="OWNER" targetId="1772c0f3-dad1-4a0c-b702-d8393fdd0db9" />
Example response body:
<userAce id="109" username="Joe Smith" userId="340" permission="OWNER" targetId="1772c0f3-dad1-4a0c-b702-d8393fdd0db9" />
When the creation succeeds an HTTP response code of 201 is returned and the Location header is set pointing to the newly created ace.
The service will return a response code of 400 in the following situations:
- The user or project does not exist.
- The value of
permission
is illegal for ace type. - There is no dataset with id equal to
targetId
. - The user or project group already has an ace for the given dataset. Use modify instead.
- The request body has type
worldAce
. There is always exactly one world ace for a dataset so it does not need to be created. Use modify instead to change the world permission.
Modify an ace (dev)
PUT /services/aces/{ace id}
Only the permission field of an ace may be modified. If you want to revoke a user's or project group's access you should delete the ace.
The updated ace is returned in the response body.
Delete an ace (dev)
DELETE /services/ace/{ace id}
Updated