Help Center/ Identity and Access Management/ API Reference (Kuala Lumpur Region)/ APIs/ Agency Management/ Querying the List of Permissions of an Agency on a Project
Updated on 2022-08-16 GMT+08:00
View PDF
Share

Querying the List of Permissions of an Agency on a Project

Function

This API is used to query the list of permissions of an agency on a project.

URI

  • URI format

    GET /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles

  • URI parameters

    Parameter

    Mandatory

    Type

    Description

    project_id

    Yes

    String

    ID of a project under the current domain.

    agency_id

    Yes

    String

    ID of an agency.

Request Parameters

  • Parameters in the request header

    Parameter

    Mandatory

    Type

    Description

    Content-Type

    Yes

    String

    Fill application/json;charset=utf8 in this field.

    X-Auth-Token

    Yes

    String

    Authenticated token with the Security Administrator permission.
  • Example request 
    curl -i -k -H "X-Auth-Token:$token" -H 'Content-Type:application/json;charset=utf8' -X GET https:///v3.0/OS-AGENCY/projects/0945241c5ebc4660bac540d48f2a2c14/agencies/37f90258b820472bbc8a0f4f0bfd720d/roles

Response Parameters

  • Parameters in the response body

    Parameter

    Mandatory

    Type

    Description

    roles

    Yes

    Array

    List of roles.
  • Description for the role format

    Parameter

    Mandatory

    Type

    Description

    id

    Yes

    String

    ID of a role.

    name

    Yes

    String

    Name of a role.

    domain_id

    Yes

    String

    ID of the domain to which a role belongs.

    type

    Yes

    String

    Display mode of a role.

    • AX: A role is displayed at the domain layer.
    • XA: A role is displayed at the project layer.
    • AA: A role is displayed at both the domain and project layers.
    • XX: A role is not displayed at the domain or project layer.

    display_name

    Yes

    String

    Displayed name of a role.

    catalog

    Yes

    String

    Directory where a role locates.

    policy

    Yes

    Dict

    Policy of a role.

    description

    Yes

    String

    Description of a role.
  • Example response (successful request) 
    {
  "roles": [
    {
      "catalog": "BASE",
      "display_name": "Tenant Guest",
      "name": "readonly",
      "policy": {
        "Version": "1.0",
        "Statement": [
          {
            "Action": [
              "::Get",
              "::List"
            ],
            "Effect": "Allow"
          },
          {
            "Action": [
              "identity:*"
            ],
            "Effect": "Deny"
          }
        ]
      },
      "domain_id": null,
      "type": "AA",
      "id": "b32d99a7778d4fd9aa5bc616c3dc4e5f",
      "description": "Tenant Guest"
    }
  ]
}
  • Example response (request failed) 
    {
  "error": {
    "message": "You are not authorized to perform the requested action: identity:list_domain_grants",
    "code": 403,
    "title": "Forbidden"
  }
}

Status Codes

Status Code

Description

200

The request is successful.

401

Authentication failed.

403

Access denied.

404

The requested resource cannot be found.

500

Internal server error.
Parent topic: Agency Management