Perfoming Batch Authentication
Function
Batch authentication. This API is exclusive to the tenant plane and not accessible from the management plane.
URI
POST /v1/{project_id}/instances/{instance_id}/policies/check-permission
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID. For how to obtain the project ID, see Obtaining a Project ID (lakeformation_04_0026.xml). |
|
instance_id |
Yes |
String |
LakeFormation instance ID. The value is automatically generated when the instance is created, for example, 2180518f-42b8-4947-b20b-adfc53981a25. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
Array of strings |
Tenant token. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
access_request |
Yes |
Array of AccessRequest objects |
Entity information. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
resource |
Yes |
ResourceInput object |
Resource information. |
|
principal |
Yes |
Array of Principal objects |
Authorization entity information. |
|
action |
Yes |
String |
Permission information: ALL, CREATE, ALTER, DROP, DESCRIBE, EXEC, CREATE_DATABASE, LIST_DATABASE, CREATE_TABLE, LIST_TABLE, CREATE_FUNC, LIST_FUNC, REGISTER_MODEL, LIST_MODEL, INSERT, UPDATE, DELETE, SELECT, READ, WRITE, OPERATE, and USE. Enumeration values:
|
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
resource_type |
Yes |
String |
Metadata resource type. The options are CATALOG, DATABASE, TABLE, FUNC, MODEL, COLUMN, and URI. Enumeration values:
|
|
catalog |
No |
String |
Catalog name. The value should contain 1 to 256 characters. Only letters, numbers, and underscores (_) are allowed. |
|
database |
No |
String |
Database name. The value should contain 1 to 128 characters. Only letters, numbers, hyphens (-), and underscores (_) are allowed. |
|
function |
No |
String |
Function name. The value should contain 1 to 256 characters. Only letters, numbers, and underscores (_) are allowed. |
|
table |
No |
String |
Table name. The value should contain 1 to 256 characters. Only letters, numbers, hyphens (-), and underscores (_) are allowed. |
|
column |
No |
String |
Column name. The value can contain 1 to 767 characters. Only letters, digits, and special characters (_-+*(),) are allowed. |
|
uri |
No |
String |
URI |
|
columns |
No |
Array of strings |
List of column names. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
principal_type |
Yes |
String |
Entity type. USER: user GROUP: group ROLE: role SHARE: share OTHER: others Enumeration values:
|
|
principal_source |
Yes |
String |
Entity source. IAM: cloud user SAML: SAML-based federation LDAP: ID user LOCAL: local user AGENTTENANT: agency OTHER: others Enumeration values:
|
|
principal_name |
Yes |
String |
Entity name. The value can contain 1 to 49 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed. |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
[items] |
Array of CheckPermissionResult objects |
OK |
|
Parameter |
Type |
Description |
|---|---|---|
|
check_result |
Boolean |
Check result of the input policy. |
|
error_message |
String |
Error message. |
|
data_filters |
Array of strings |
Row filter condition list. |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error message. |
|
solution_msg |
String |
Solution. |
Status code: 404
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error message. |
|
solution_msg |
String |
Solution. |
Status code: 500
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error message. |
|
solution_msg |
String |
Solution. |
Example Requests
GET https://{endpoint}/v1/{project_id}/instances/{instance_id}/policies/check-permission
{
"access_request" : [ {
"resource" : {
"resource_type" : "DATABASE",
"catalog" : "hive",
"database" : "test_database_name"
},
"principal" : [ {
"principal_type" : "GROUP",
"principal_source" : "IAM",
"principal_name" : "onebox"
} ],
"action" : "ALL"
} ]
}
Example Responses
Status code: 200
OK
[ {
"check_result" : false,
"error_message" : "test error message"
} ]
Status code: 400
Bad Request
{
"error_code" : "common.01000001",
"error_msg" : "failed to read http request, please check your input, code: 400, reason: Type mismatch., cause: TypeMismatchException"
}
Status code: 401
Unauthorized
{
"error_code": 'APIG.1002',
"error_msg": 'Incorrect token or token resolution failed'
}
Status code: 403
Forbidden
{
"error" : {
"code" : "403",
"message" : "X-Auth-Token is invalid in the request",
"error_code" : null,
"error_msg" : null,
"title" : "Forbidden"
},
"error_code" : "403",
"error_msg" : "X-Auth-Token is invalid in the request",
"title" : "Forbidden"
}
Status code: 404
Not Found
{
"error_code" : "common.01000001",
"error_msg" : "response status exception, code: 404"
}
Status code: 408
Request Timeout
{
"error_code" : "common.00000408",
"error_msg" : "timeout exception occurred"
}
Status code: 500
Internal Server Error
{
"error_code" : "common.00000500",
"error_msg" : "internal error"
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
OK |
|
400 |
Bad Request |
|
401 |
Unauthorized |
|
403 |
Forbidden |
|
404 |
Not Found |
|
408 |
Request Timeout |
|
500 |
Internal Server Error |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
