User List
- 09 Apr 2024
- 4 Minutes to read
- Print
- DarkLight
- PDF
User List
- Updated on 09 Apr 2024
- 4 Minutes to read
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Post
/api/runtime/userlist/v3
The User List API call is an open-ended question for a specific Asset. It returns the list of users, their associated attributes and which action they are allowed to perform on a specific Asset.
Note: The User List end point is used primarily for reporting data. There are time and amount constraints based on your identity sources.
Notice
When accessing the Authorization APIs, the URL base/prefix, according to your PlainID PDP Location- United States Cloud PDP - `https://tenant-name.us1.plainid.io`
- Canadian Cloud PDP - `https://tenant-name.ca1.plainid.io`
- European Cloud PDP - `https://tenant-name.eu1.plainid.io`
- Local PAA - `https://your-paa.acme.local`
For more information on which Asset Types to use with your PAA or Cloud PDP, refer to Managing Asset Types.
Body parameters
User List request
{
"clientId": "string",
"clientSecret": "string",
"asset": {
"resourceType": "Account US",
"path": "Transfer US 5000",
"actions": [
"Access"
],
"assetAttributes": {
"attribute_1": [
"string"
],
"attribute_2": [
"string"
]
}
},
"contextData": {
"string": [
"string"
]
},
"environment": {
"string": [
"string"
]
},
"remoteIp": "string",
"timeZoneOffset": 0.0,
"entityTypes": [
"string"
],
"includeContext": false,
"includeAccessPolicy": false,
"includeAsset": false,
"includeInActiveIdentities": false,
"includeIdentityAttributes": false,
"accessTokenFormat": "JSON",
"useCache": true,
"calculateCorrelationAttributes": [
"string"
]
}object
clientId
string Required
Client ID of the Scope
Min length1
clientSecret
string Required
Client Secret ID of the Scope
Min length1
asset
objectRequired
resourceType
string
Asset Template ID (required)
path
string
Unique Identifier of the Asset (required)
actions
Array
Name of the Action (optional)
assetAttributes
object
(optional)
attribute_1
string
attribute_2
string
contextData
object
Identity Context data for this request.
When specifying this parameter, you are requesting information based on a specific parameter and its value.
For example, Location where the contextData equals a specific branch.
If not defined, Dynamic groups based on context data will not be considered in the Access Decision.
string
Array
environment
object
Environmental parameters need to be defined in policies as request.
If not defined, parameters based on environmental data will not be considered in the Access Decision.
string
Array
remoteIp
string
IP address to be used when validating a policy. Ensure that your IP Ranges are correct based on an IP calculator. If not defined, the IP considered in the calculation is taken from the X-Forwarded-For (Request header). If not defined,the IP considered in the calculation is taken from the X-Forwarded-For (Request header).
timeZoneOffset
number
To define the offset from UTC time zone.
Used in Time Condition.
Default"0"
Example-12
entityTypes
Array
Because the full payload of the response can be very large, this parameter enables you to decrease the payload size by including a list of Identity Types and their attributes, that will return in the response.
If not specified, all identities from all Identity Types will be included in the response.
includeContext
boolean
Show/hide the context data in the response.
Default"False"
includeAccessPolicy
boolean
Show/hide the name of the Policy in the response that has granted the specified access.
Default"False"
includeAccessPolicyId
boolean
Show/hide the external id of the Policy in the response that granted the specified access.
Default"False"
includeAsset
boolean
Show/hide the asset attribute of the assets from the request.
Default"False"
includeInActiveIdentities
boolean
Show/hide the inactive users in the response.
Default"False"
includeIdentityAttributes
boolean
Show/hide the identity attribute of the identity in the response.
Default"False"
accessTokenFormat
string
Determines the format of the response – whether JSON, JWT, or StandardJWT.
Default"JSON"
listOfResources
string
useCache
boolean
The attribute will deter-mine if the response will consider the cache settings or override the cache and perform a full calculation.
Default"True"
calculateCorrelationAttributes
Array
Provides the ability to present the attribute that is responsible for the investigated access, based on defined correlation attributes. according to the
· entityType
· entityAttribute
· resourceAttribute
operationalFilters
Array of object
These operational filters should affect the Runtime behavior and results by applying additional filtering which is not directly related to Authorization logic.
object
OneOf
identitySourcesFilterByIDs
filterType
string Required
filterProperties
object
filterAction
string Required
Valid values[ "INCLUDE", "EXCLUDE" ]
objectsList
Array of string Required
string
Input your sourceID/s here. For information on where to locate the sourceID, check out Managing Attribute Sources in our documentation.
userListIdentitiesFilterByRule
filterType
string Required
filterProperties
object
filterDetails
Array of object Required
object
sourceId
string Required
For information on where to locate the sourceID, check out Managing Attribute Sources in our documentation.
filtersRelation
string Required
Valid values[ "OR", "AND" ]
filters
Array of object Required
object
attribute
string Required
For more information on where to locate attributes, see Managing Identity Attributes.
operator
string Required
Valid values[ "IN", "EQUALS" ]
values
Array of string Required
string
Responses
200
OK
users list for asset - 200
{
"response": [
{
"action": "Access",
"entities": [
{
"entityType": "bank_users",
"uid": "UX-12349"
},
{
"entityType": "bank_users",
"uid": "UX-12348"
},
{
"entityType": "bank_users",
"uid": "UX-12347"
},
{
"entityType": "bank_users",
"uid": "UX-12346"
},
{
"entityType": "bank_users",
"uid": "UX-12345"
}
]
},
{
"action": "TestAction",
"entities": []
}
]
}includeIdentityAttributes - 200
{
"response": [
{
"action": "Access",
"entities": [
{
"entityType": "bank_users",
"uid": "UX-12349",
"attributes": {
"uid": [
"UX-12349"
],
"location": [
"Alabama"
],
"department": [
"Mortgage"
],
"branch": [
"vitae nisl"
]
}
},
{
"entityType": "bank_users",
"uid": "UX-12348",
"attributes": {
"uid": [
"UX-12348"
],
"location": [
"Alabama"
],
"department": [
"Loans"
],
"branch": [
"varius integer"
]
}
},
{
"entityType": "bank_users",
"uid": "UX-12347",
"attributes": {
"uid": [
"UX-12347"
],
"location": [
"Alabama"
],
"department": [
"Savings"
],
"branch": [
"egestas metus"
]
}
},
{
"entityType": "bank_users",
"uid": "UX-12346",
"attributes": {
"uid": [
"UX-12346"
],
"location": [
"Alabama"
],
"department": [
"Mortgage"
],
"branch": [
"ac est"
]
}
},
{
"entityType": "bank_users",
"uid": "UX-12345",
"attributes": {
"uid": [
"UX-12345"
],
"location": [
"Alabama"
],
"department": [
"Savings"
],
"branch": [
"sapien quis"
]
}
}
]
},
{
"action": "TestAction",
"entities": []
}
]
}includeAccessPolicy and includeAccessPolicyId - 200
{
"response": [
{
"action": "Access",
"entities": [
{
"entityType": "bank_users",
"uid": "UX-12349",
"permissions": {
"permission": [
"Manage consumers accounts in branch"
],
"permissionId": [
"p1"
]
}
},
{
"entityType": "bank_users",
"uid": "UX-12348",
"permissions": {
"permission": [
"Manage consumers accounts in branch"
],
"permissionId": [
"p1"
]
}
},
{
"entityType": "bank_users",
"uid": "UX-12347",
"permissions": {
"permission": [
"Manage consumers accounts in branch"
],
"permissionId": [
"p1"
]
}
},
{
"entityType": "bank_users",
"uid": "UX-12346",
"permissions": {
"permission": [
"Manage consumers accounts in branch"
],
"permissionId": [
"p1"
]
}
},
{
"entityType": "bank_users",
"uid": "UX-12345",
"permissions": {
"permission": [
"Manage consumers accounts in branch"
],
"permissionId": [
"p1"
]
}
}
]
},
{
"action": "TestAction",
"entities": []
}
]
}object
asset
object
resourceType
string
Asset Template ID (required)
path
string
Unique Identifier of the Asset (required)
assetAttributes
object
(optional)
attribute_1
string
attribute_2
string
contextData
object
string
Array
response
Array of object
object
action
string
entities
Array of object
object
entityType
string
uid
string
permissions
Array of object
object
permission
string
permissionId
string
attributes
object
string
Array
400
Basic Request - 400 - Bad Request
Basic Request - 400 - Bad Request
{}object
401
Unauthorized
403
Forbidden
404
Not Found
500
Internal Server Error
501
Not Implemented
Was this article helpful?