Permissions Service

import { PanelContent, PanelContentCode, } from “@theme/Panel”;

Service to manage centralized approval policies.

Permissions

The Permissions service exposes methods to query permission information on existing records. $hide_from_yaml

QueryResourcePermissions

rpc QueryResourcePermissions (tetrateio.api.tsb.q.v2.QueryResourcePermissionsRequest) returns (tetrateio.api.tsb.q.v2.QueryResourcePermissionsResponse)

QueryResourcePermission looks up permissions that are allowed for the current principal. Multiple records can be queried with a single request. Query limit is 100, multiple requests are required to lookup more than the limit.

GetResourcePermissions

rpc GetResourcePermissions (tetrateio.api.tsb.q.v2.GetResourcePermissionsRequest) returns (tetrateio.api.tsb.q.v2.GetResourcePermissionsResponse)

GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.

GetResourcePermissionsRequest

Request to query permissions on a single record by FQN.

Field	Description	Validation Rule
fqn	string Fully-qualified name of the resource	–

GetResourcePermissionsResponse

Response with permission rules.

Field	Description	Validation Rule
rules	List of tetrateio.api.tsb.rbac.v2.Role.Rule	–

Query

Query format of the resource lookup for the permission check

Field	Description	Validation Rule
queryId	string OPTIONAL Optional ID that is an open string the caller can use for correlation purposes.	–
fqn	string ^{oneof kind} Fully-qualified name of the resource.	–

QueryResourcePermissionsRequest

Request to query permissions on multiple records.

Example: QueryResourcePermissionsRequest { Queries: []Query{ Query{ QueryID: “1234”, Kind: Query_Fqn{ Fqn: “tetrate/tenants/default/workspaces/example” } } } }

Field	Description	Validation Rule
queries	List of tetrateio.api.tsb.q.v2.Query One or more resources to query permissions on, limited to 100 per request.	repeated = { min_items: `1` max_items: `100` }

QueryResourcePermissionsResponse

Response with permissions for the requested queries.

Example: QueryResourcePermissionsResponse { Results: []Result{ Result{ Request: Query{ QueryID: “1234”, Kind: Query_Fqn{ Fqn: “tetrate/tenants/default/workspaces/example” } }, Rules: []*Role_Rule{ { Types: []*Role_ResourceType{ { ApiGroup: “api.tsb.tetrate.io/v2”, Kinds: []string{“Workspace”} } }, Permissions: []Permission{“READ”} } } } } }

Field	Description	Validation Rule
results	List of tetrateio.api.tsb.q.v2.QueryResourcePermissionsResponse.Result List of permission results for the requested queries	–

Result

Represents a result for the requested query

Field	Description	Validation Rule
request	tetrateio.api.tsb.q.v2.Query REQUIRED	–
rules	List of tetrateio.api.tsb.rbac.v2.Role.Rule set of allowed RBAC rules that the current principal has on the matching resource. If the query produced no results, the rules set will be empty.	–

TSB

最近更新于 2023-09-19