Description

Get permission assignments.  These permissions can be on roles or subjects (note if assignment is assigned directly to a subject, it is in the context of a role).

You can lookup permissions by attribute definition, attribute definition name, role name or uuid, or subject. You can filter by action.  Note you must pass in at least an attribute definition, attribute definition name, role, or subject, and you can mix and match.

All returned permission assignments will be filtered for security based on the logged in or acted as user (security rules are on attribute framework wiki)

The returned data will include the permission assignments, and a normalized list of references (role, attribute definitions, attribute names (if requested with includeAttributeDefNames=T), subjects, etc)

You can lookup assignments by multiple owners, definitions, subjects, actions, etc (non-lite operation only)

If you want to return details on the assignment (e.g. the depth of each hierarchy etc), pass in the param: includePermissionAssignDetail=T

If you want to return the underlying attribute assignment objects, pass in the param: includeAttributeAssignments=T

If there are limits or other metadata on the permission, to read those, pass in includeAttributeAssignments=T and includeAssignmentsOnAssignments=T. Note these attribute assignments on assignments are only on the immediate assignment, not effective.

Features

Get permission assignments lite service

Get permission assignments service