- 09 Apr 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
Permit Deny
- Updated on 09 Apr 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
The Permit/Deny API call is a Yes/No authorization question. It returns a response to Access Decision-related responses to a specific question detailed in the API Request. It can also optionally return additional information.
Notice
When accessing the Authorization APIs, the URL base/prefix, according to your PlainID PDP Location- United States Cloud PDP - `https://tenant-name.us1.plainid.io`
- Canadian Cloud PDP - `https://tenant-name.ca1.plainid.io`
- European Cloud PDP - `https://tenant-name.eu1.plainid.io`
- Local PAA - `https://your-paa.acme.local`
For more information on which Asset Types to use with your PAA or Cloud PDP, refer to Managing Asset Types.
{
"entityId": "uid838277",
"clientId": "PDASDASDASDASDASDF40",
"clientSecret": "k3DSBn5vTJuNzcar0Cpb0wICar34QwYQCat4OMay",
"entityAttributes": {
"user_organization": [
"Acme Finance"
],
"user_title": [
"Branch Clerk"
],
"user_business_unit": [
"LOB1"
],
"User_Location": [
"US"
]
},
"combinedMultiValue": false,
"listOfResources": [
{
"resourceType": "Client Profiles",
"resources": [
{
"action": "Read",
"path": "P4",
"assetAttributes": {
"attribute_1": [
"string"
],
"attribute_2": [
"string"
]
}
}
]
}
]
}
Unique identifier of the Identity (e.g. UID)
Client ID of the Scope
Client Secret ID of the Scope
Contains a list of the Asset's unique identifiers:
· Resource type (required)
· Resources - Action (optional), Path (required), and Asset Attributes (optional)
Asset Template ID
Name of the Action
Unique Identifier of the Asset
Identity Template ID
Identity Context data for this request.
When specifying this parameter, you are requesting information based on a specific parameter and its value.
For example: Location where the contextData equals a specific branch.
If not defined, Dynamic Groups based on context data will not be considered in the Access Decision.
Environmental parameters need to be defined in Policies as a request (in Asset Rules or Conditions) and sent in the authorization request. Only the Assets that match the parameters in request will be returned.
If not defined, parameters based on Environmental data will not be considered in the Access Decision.
IP address to be used when validating a policy. Ensure that your IP Ranges are correct based on an IP calculator. If not defined, the IP considered in the calculation is taken from the X-Forwarded-For (Request header).
To define the offset from UTC time zone. Used in Time Condition.
Show/hide a detailed list of Resources that are allowed, denied, and not applicable.
Show/hide the context data in the response.
Show/hide the name of the Policy in the response that granted the specified access.
Show/hide the external id of the Policy in the response that granted the specified access.
Show/hide the asset attribute of the assets in the response.
Include/exclude the reason for denying access to an Asset.
For more details on Deny Reason, click here
Show/hide the Identity attribute of the Identity in the response.
Determines the format of the response – whether JSON
, JWT
, or StandardJWT
.
The attribute will determine if the response is going to consider the cache settings or override the cache and perform a full calculation.
Fetches the Asset Attribute based on the Asset ID at the beginning of the Access Decision calculation.
Determines the evaluation of Identity Attributes relationship in access decision.
An auto-generated key to set the correlation between the requested object and the response object (optional). When working with a single assetContext object, use the “singleObjectResponse” value to align to the original structure response.
These operational filters should affect the Runtime behavior and results by applying additional filtering which is not directly related to Authorization logic.
Input your sourceID/s here. For information on where to locate the sourceID, check out Managing Attribute Sources in our documentation.
User gets a Permit decision
{
"result": "PERMIT"
}
{
"result": "DENY"
}
{
"result": "PERMIT",
"response": [
{
"allowed": [
{
"path": "AS-XX-12575",
"action": "Access",
"template": "Accounts"
}
],
"denied": [],
"not_applicable": []
}
]
}
{
"result": "DENY",
"response": [
{
"allowed": [],
"denied": [
{
"path": "AS-XX-12575",
"action": "Access1",
"template": "Accounts"
}
],
"not_applicable": []
}
]
}
{
"result": "DENY",
"response": [
{
"allowed": [
{
"path": "AS-XX-12575",
"action": "Access",
"template": "Accounts"
}
],
"denied": [
{
"path": "AS-XX-1257566",
"action": "Access",
"template": "Accounts"
}
],
"not_applicable": []
}
]
}
An auto-generated key to set the correlation between the requested object and the response object (optional). When working with a single assetContext object, use the “singleObjectResponse” value to align to the original structure response.
Bad Request
Unauthorized
Forbidden
Not Found
Internal Server Error
Not Implemented