Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

SAP Groups APIs

Managing Permissions on SAP Users or Groups

search

Please Note:

Managing Permissions on SAP Users or Groups

Use the post /v1/cckm/sap/groups/{id}/update-acls API to grant permissions to users or groups to perform specific actions on the SAP groups. User ID and group are mutually exclusive – specify either.

For the first time users or groups, actions are permitted as configured by the CCKM administrator. However, if the permissions of a user or group need to be modified later, for example, a new action is to be permitted or an existing action is to be revoked, the CCKM administrator needs to set that particular action to true or false.

For example, a user or group is permitted actions, keycreate, keyupload, and keydelete. Now, to permit one more action keyrestore to the user or group, set "permit":true and "actions": "keyrestore" and run the API. Similarly, now to deny permission to the action "keycreate", set "permit":false, "actions": "keycreate", and run the API.

Syntax

curl -k '<IP>/api/v1/cckm/sap/groups/{id}/update-acls' -X POST -H 'Authorization: AUTHTOKEN --compressed

Here, {id} is the resource ID of the SAP group.

Request Parameters

ParameterTypeDescription
AUTHTOKENstringAuthentication token.
actionsarray of stringsList of actions. Refer to Actions for the supported actions and details.
groupstringName of the user group to be granted permissions. User ID and group are mutually exclusive - specify either.
permitbooleanWhether to permit users to perform specific operations. Set true to permit, false to deny.
user_idstringID of the user to be granted permissions. User ID and group are mutually exclusive – specify either.

Actions

The following table lists the accepted values:

APIsActionsDescription
ListviewPermission to view groups and their keys.
CreatekeycreatePermission to create SAP native keys.
UploadkeyuploadPermission to upload the CipherTrust Manager keys to SAP.
DeletekeydeletePermission to delete SAP keys.
RestorekeyrestorePermission to restore backed up keys to groups.
Update (Edit key)keyupdatePermission to update keys, for example, editing properties, enabling/disabling keys, enabling/disabling key version, and editing labels.
Delete BackupdeletebackupPermission to delete backups of SAP keys from the CCKM.
Rotate to Native KeykeyrotatetonativePermission to rotate keys on SAP groups natively.
Rotate to BYOK KeykeyrotatetobyokPermission to rotate keys on SAP groups using BYOK.
SynchronizekeysynchronizePermission to synchronize SAP keys.
CancelkeysynchronizePermission to cancel synchronization jobs.
RemovekeyremovePermission to remove SAP keys with their versions and backups from the CCKM.
Create ReportreportcreatePermission to create a report.
Delete ReportreportdeletePermission to delete a report.
Download ReportreportdownloadPermission to download a report.
View ReportreportviewPermission to view the content of a report.

Example Request

curl -k 'https://127.0.0.1/api/v1/cckm/sap/groups/e4b2c2da-4226-4cd8-bbfa-b3ad7a7c05ea/update-acls' -X POST -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJjNTQ1ZjU0OS1iMDViLTQ2MWUtYmY4MC00NWI3ZjQxNmUwMjgiLCJzdWIiOiJsb2NhbHw3ODA0Y2QzOC01YWIyLTQ1MjktOTcwYi1hOTEyNzVmOTBkMzUiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiZjg1MDQ5ZmUtZGM4Ni00NDVhLWEwMTUtNGUyM2NkNTc4OGM2Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjMzNWFjYjg0LTJjN2ItNGM1ZC1iMDIzLTgyOTQxNmZjYzUyZSIsImlhdCI6MTYzMzMzOTk4NywiZXhwIjoxNjMzMzQwMjg3fQ.wNxiuDp1f6ycODQUAPKtiyY-1wVzCkm6KjG5XYyUfh8' --compressed

Example Response

{
    "application/json":{
        "id":"ce0ffe4b-fbda-4e87-88af-4b9b4e6484f9",
        "uri":"kylo:kylo:cckm:sfdc-organization:ce0ffe4b-fbda-4e87-88af-4b9b4e6484f9",
        "account":"kylo:kylo:admin:accounts:kylo",
        "application":"ncryptify:gemalto:admin:apps:kylo",
        "devAccount":"ncryptify:gemalto:admin:accounts:gemalto",
        "createdAt":"2021-08-25T04:30:47.915696Z",
        "updatedAt":"2021-08-25T10:04:24.415596321Z",
        "name":"orgnisation name",
        "sfdc_org_id":"00DB000000012ABCDE",
        "connection":"sfdc",
        "cloud_name":"sfdc",
        "organization_type":"Sandbox",
        "refreshed_at":"2021-08-25T04:31:24.089748Z",
        "acls":[
            {
                "user_id":"local|624b6c12-21d4-489a-ab8b-982f91f2f3aa",
                "actions":[
                "view",
                "keydestroy"
                ]
            },
            {
                "group":"CCKM Users",
                "actions":[
                "view"
                ]
            }
        ]
    }
}

Response Codes

Response CodeDescription
2xxSuccess
4xxClient errors
5xxServer errors

Refer to HTTP status codes for details.