Permissions Service

Service to manage centralized approval policies.

Permissions

The Permissions service exposes methods to query permission information on existing records. $hide_from_yaml

QueryResourcePermissions

rpc QueryResourcePermissions (tetrateio.api.tsb.q.v2.QueryResourcePermissionsRequest) returns (tetrateio.api.tsb.q.v2.QueryResourcePermissionsResponse)

QueryResourcePermission looks up permissions that are allowed for the current principal. Multiple records can be queried with a single request. Query limit is 100, multiple requests are required to lookup more than the limit.

GetResourcePermissions

rpc GetResourcePermissions (tetrateio.api.tsb.q.v2.GetResourcePermissionsRequest) returns (tetrateio.api.tsb.q.v2.GetResourcePermissionsResponse)

GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.

GetResourcePermissionsRequest

Request to query permissions on a single record by FQN.

Field Description Validation Rule

fqn

string
Fully-qualified name of the resource

GetResourcePermissionsResponse

Response with permission rules.

Field Description Validation Rule

rules

List of tetrateio.api.tsb.rbac.v2.Role.Rule

Query

Query format of the resource lookup for the permission check

Field Description Validation Rule

queryId

string
OPTIONAL
Optional ID that is an open string the caller can use for correlation purposes.

fqn

string oneof kind
Fully-qualified name of the resource.

QueryResourcePermissionsRequest

Request to query permissions on multiple records.

Example: QueryResourcePermissionsRequest { Queries: []Query{ Query{ QueryID: “1234”, Kind: Query_Fqn{ Fqn: “tetrate/tenants/default/workspaces/example” } } } }

Field Description Validation Rule

queries

List of tetrateio.api.tsb.q.v2.Query
One or more resources to query permissions on, limited to 100 per request.

repeated = {
  min_items: 1
  max_items: 100
}

QueryResourcePermissionsResponse

Response with permissions for the requested queries.

Example: QueryResourcePermissionsResponse { Results: []Result{ Result{ Request: Query{ QueryID: “1234”, Kind: Query_Fqn{ Fqn: “tetrate/tenants/default/workspaces/example” } }, Rules: []*Role_Rule{ { Types: []*Role_ResourceType{ { ApiGroup: “api.tsb.tetrate.io/v2”, Kinds: []string{“Workspace”} } }, Permissions: []Permission{“READ”} } } } } }

Field Description Validation Rule

results

List of tetrateio.api.tsb.q.v2.QueryResourcePermissionsResponse.Result
List of permission results for the requested queries

Result

Represents a result for the requested query

Field Description Validation Rule

request

tetrateio.api.tsb.q.v2.Query
REQUIRED

rules

List of tetrateio.api.tsb.rbac.v2.Role.Rule
set of allowed RBAC rules that the current principal has on the matching resource. If the query produced no results, the rules set will be empty.