Grant privilege elevation command to user/role/group

post

https://example.com/PrivilegeElevationCommand/AddAssignment

In v1, there is only one privilege elevation command. 2. If additional columns are added to privilegeelevationassignment table in future for whatever reasons, they need to be optional columns and will be specified as additional optional parameters to this API. 3. In v2, a new API will be added to grant user/group/role permission to run commands specified in a privilege elevation command collection. 4. When adding permanent privilege elevation assignments (i.e., "Starts" and "Expires" are not specified), the REST API checks if there is any existing permanent privilege elevation assignment for the same command to the same principal and scope already exists, and throws an exception if it finds out. However, no distributed lock is taken for this check due to performance reason. So, there is still a slight chance that it may not catch this unusual case. However, this situation is handled by privilege elevation. It will calculate the effective permission based on all matching entries. 5. Note that it is legal to have multiple temporary privilege elevation asignments for the same command to the same principal and scope. 6. There is no support for dynamic system set.

Recent Requests

Time	Status	User Agent
Retrieving recent requests…

Loading…

Body Params

ScopeType

string

required

Whether the assignment is for a system or a system set. Specifies "Collection", or "System"

Scope

string

Scope of this assignment. If "ScopeType" is "System", specifies UUID of system. If "ScopeType" is "Collection", specifies UUID of system set.

PrivilegeElevationCommand

string

required

UUID of privilege elevation command returned in PrivilegeElevationCommand/Add REST API

Expires

string

If the permission to execute is temporary, specifies the expiration time in ISO 8601 format. Example: 2020-10-21T15:09:10Z. Note that the caller has to convert the time to UTC.

Starts

string

If the permission to execute is temporary, specifies the start time in ISO 8601 format. Example: 2020-10-21T15:09:10Z. Note that the caller has to convert the time to UTC.

Principal

string

Name of user/group/role in assignment. Either "PrincipalId" or "Principal" must be specified.

PrincipalId

string

UUID of user/group/role in assignment. Either "PrincipalId" or "Principal" must be specified.

BypassChallenge

boolean

Defaults to false

Whether user can execute the privilege elevation command without challenge

PrincipalType

string

required

Principal type. Supported values: "User", "Group", "Role"

Response

200API-Result