Query Improper Permission Configurations

Function

This API is used to query improper permission configurations.

Calling Method

For details, see Calling APIs.

URI

GET /v1/{project_id}/security/diagnose/unreasonable-permissions

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. For details about how to obtain the project ID, see Project ID and Account ID.

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
limit	No	Integer	Number of items displayed on each page
offset	No	Integer	Offset, which is the position where the query starts. The value must be greater than or equal to 0.
diagnose_id	Yes	String	Diagnosis task ID, which can be obtained through the diagnosis result API of the data permission control module
datasource_type	No	String	Data Source Type Hive data source DWS Data Source DLI Data Source
user_name	No	String	User name.

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
workspace	Yes	String	Workspace ID. For details about how to obtain the workspace ID, see Instance ID and Workspace ID.
X-Auth-Token	Yes	String	IAM token, which is obtained by calling the IAM API for obtaining a user token (value of X-Subject-Token in the response header). This parameter is mandatory for token authentication.

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
total	Integer	Total number of improper permission configurations
unreasonable_permissions	Array of DiagnosePermissionDetail objects	Improper permission configurations

**Table 5** DiagnosePermissionDetail
Parameter	Type	Description
id	String	Permission configuration ID
task_id	String	Diagnosis task ID
user_name	String	User name.
permission_type	String	Permission type
permission_action	String	Permission action
permission_source	String	Permission source
datasource_type	String	Data source type
cluster_name	String	Cluster name.
database	String	Database name
schema	String	Schema name
table	String	Table name
remark	String	Remarks.

Status code: 400

**Table 6** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.

Example Requests

/v1/0833a5737480d53b2f25c010dc1a7b88/security/diagnose/unreasonable-permissions?limit=10&offset=0&diagnose_id=6f28400297cc4402adfb13ce7533f996

Example Responses

Status code: 200

{
  "total" : 1,
  "unreasonable_permissions" : [ {
    "cluster_name" : "mrs_3x_autotest_do_not_del",
    "database" : "default",
    "datasource_type" : "HIVE",
    "id" : "0d524dab271b4050be7da83eb9d0af85",
    "permission_action" : "DROP",
    "permission_source" : "Level-2 permissions",
    "permission_type" : "ALLOW",
    "remark" : "Other roles except admin are not advised to have the DROP permission.",
    "schema" : null,
    "table" : "allfuhe",
    "task_id" : "6f28400297cc4402adfb13ce7533f996",
    "user_name" : "user1"
  } ]
}

Status Codes

Status Code	Description
200	OK
400	Bad Request

Parent Topic: Data Security Diagnosis

Previous topic: Diagnosing Data Security

Next topic: Querying the Diagnosis Result of the Data Permission Control Module

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.