Querying the Grant List
Function
This API is used to query the users who have been granted the permissions of a key.
Calling Method
For details, see Calling APIs.
URI
POST /v1.0/{project_id}/kms/list-grants
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
key_id |
Yes |
String |
A 36-byte key ID which matches the regular expression ^[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12}$, for example, 0d0466b0-e727-4d9c-b35d-f84bb474a37f. |
|
limit |
No |
String |
Number of returned records. The default value is 1000. The value cannot be larger than the maximum number of grants, for example, 100. If the number of retrieved results is greater than this value, true is returned for the response parameter truncated, indicating that multiple pages of results are returned. |
|
marker |
No |
String |
Start position of the paginated query. If truncated is true in the response, you can send consecutive requests to obtain more records. Set marker to the value of next_marker in the response, for example, 10. |
|
sequence |
No |
String |
A 36-byte serial number of a request message, for example, 919c82d4-8046-4722-9094-35c3c6524cff |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
grants |
Array of Grants objects |
Grant list. For details, see the data structure description of the grants field. |
|
next_marker |
String |
Value of marker used for obtaining the next page of results. If the value of truncated is false, next_marker is left empty. |
|
truncated |
String |
Whether there is another page. true: There is more data on the next page. false: This is the last page. |
|
total |
Integer |
Total number of grants. |
|
Parameter |
Type |
Description |
|---|---|---|
|
key_id |
String |
Key ID. |
|
grant_id |
String |
Grant ID, which contains 64 bytes. |
|
grantee_principal |
String |
ID of the granted user. The value contains 1 to 64 bytes and matches the regular expression ^[a-zA-Z0-9]{1,64}$, for example, 0d0466b00d0466b00d0466b00d0466b0. |
|
grantee_principal_type |
String |
Grant type. The value can be user or domain. |
|
operations |
Array of strings |
List of granted operations. Possible values are as follows: create-datakey: Create a DEK. create-datakey-without-plaintext: Create a DEK that does not contain plaintext. encrypt-datakey: Encrypt DEK. decrypt-datakey: Decrypt DEK. describe-key: Query the key information. create-grant: Create the grant. retire-grant: Retire the grant. encrypt-data: Encrypt data. decrypt-data: Decrypt data. The value cannot be only create-grant. |
|
issuing_principal |
String |
ID of the user who created the grant. The value contains 1 to 64 bytes and matches the regular expression ^[a-zA-Z0-9]{1,64}$, for example, 0d0466b00d0466b00d0466b00d0466b0. |
|
creation_date |
String |
Creation time. The value is a timestamp which indicates how many seconds it has been since January 1, 1970, for example, 1497341531000. |
|
name |
String |
Grant name. The value is a string of 1 to 255 characters and matches the regular expression ^[a-zA-Z0-9:/_-]{1,255}$. |
|
retiring_principal |
String |
ID of the user whose grant can be retired. The value contains 1 to 64 bytes and matches the regular expression ^[a-zA-Z0-9]{1,64}$, for example, 0d0466b00d0466b00d0466b00d0466b0. |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 401
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 403
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 404
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 500
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 502
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 504
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Example Requests
Query the grant list of the key whose ID is 0d0466b0-e727-4d9c-b35d-f84bb474a37f.
{
"key_id" : "0d0466b0-e727-4d9c-b35d-f84bb474a37f"
}
Example Responses
Status code: 200
Request succeeded.
{
"grants" : [ {
"operations" : [ "create-datakey", "describe-key" ],
"issuing_principal" : "8b961fb414344d59825ba0c8c008c815",
"key_id" : "737fd52b-36c4-4c91-972e-f6e202de9f6e",
"grant_id" : "dd3f03e9229a5e47a41be6c27a630e60d5cbdbad2be89465d63109ad034db7d8",
"grantee_principal" : "13gg44z4g2sglzk0egw0u726zoyzvrs8",
"name" : "13gg44z4g2sglzk0egw0u726zoyzvrs8",
"creation_date" : "1597062260000",
"grantee_principal_type" : "user"
} ],
"next_marker" : "",
"total" : 1,
"truncated" : "false"
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Request succeeded. |
|
400 |
Invalid request parameters. |
|
401 |
Username and password are required for the requested page. |
|
403 |
Authentication failed. |
|
404 |
The resource does not exist. |
|
500 |
Internal service error. |
|
502 |
Failed to complete the request. The server receives an invalid response from the upstream server. |
|
504 |
Gateway timed out. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
