Check permission
Checks whether a role has a privilege on a resource. For example, is this Host authorized to execute (fetch the value of) this Secret?
Kinds of resources
|
Kind |
Description |
|---|---|
|
User |
One unique human |
|
Host |
A single logical machine (in the broad sense, not just physical) |
|
Layer |
A collection of hosts that have the same privileges |
|
Group |
A collection of users and groups that have the same privileges |
|
Policy |
Privileges on policies enable a user to create and modify objects and permissions |
|
Variable |
A secret such as a password, API key, SSH key, etc. |
|
Webservice |
An HTTP(S) web service that performs sensitive operations |
|
Entity IDs must be URL-encoded |
URI
|
Any identifier included in the URL must be URL-encoded to be recognized by the Conjur API.
Examples:
|
Identifier |
URL-Encoded |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example with curl
Suppose your account name is “myorg” and you want to check whether Host “data/application” can execute (fetch the value of) Variable “db-password”:
|
Request Headers
|
Field |
Description |
Example |
|---|---|---|
|
Authorization |
Conjur access token |
Token token=“eyJkYX…Rhb=” |
Response
|
Code |
Description |
|---|---|
|
204 |
The role has the specified privilege on the resource |
|
401 |
The request lacks valid authentication credentials |
|
404 |
The role or resource was not found; or the role does not have the specified permission |
Example URI
|
URI Parameters
|
Parameter |
Type |
Mandatory |
Description |
|---|---|---|---|
|
account |
String |
Yes |
Organization account name. Example: |
|
kind |
String |
Yes |
The kind of resource to test Example: |
|
identifier |
String |
Yes |
The identifier of the resource to test
|
|
role |
String |
Yes |
The fully qualified identifier of the role to test
|
|
privilege |
String |
Yes |
The privilege to test on the resource Example: |
Request
Headers
|
