Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CTE-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Widows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Salesforce Organization APIs

Granting Permissions to Users or Groups

search

Please Note:

You are not viewing the most recent version of this page. 2.19 is the latest version available.

print

Granting Permissions to Users or Groups

Use the post /v1/cckm/sfdc/organizations/{id}/update-acls API to grant permissions to users or groups to perform specified operations on a Salesforce organization on the CipherTrust Manager.

User ID and group are mutually exclusive – specify either. For the first time users or groups, actions are permitted as configured by the CCKM administrator. However, if the permissions of a user or group need to be modified later, for example, a new action is to be permitted or an existing action is to be revoked, the CCKM administrator needs to set that particular action to true or false.

For example, a user or group is permitted actions, keycreate, keyupload, and keyimport. Now, to permit one more action keydestroy to the user or group, set "permit":true and "actions": "keydestroy" and run the API. Similarly, now to deny permission to the action keycreate, set "permit":false, "actions": "keycreate", and run the API.

Refer to Actions for actions supported by different APIs.

copy link to clipboardSyntax

curl -k '<IP>/api/v1/cckm/sfdc/organizations/{id}/update-acls' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n  "acls": [\n    {\n      "group": "<group>",\n      "actions": [\n        "<action-1>", "<action-2>"\n      ],\n      "permit": <true|false>\n    }\n  ]\n}' --compressed

Here, {id} represents the ID of the Salesforce organization resource on the CipherTrust Manager.

copy link to clipboardRequest Parameters

ParameterTypeDescription
AUTHTOKENstringAuthorization token.
aclsarray of JSONsPermissions to be granted to users and groups. Refer to ACLs for details.

copy link to clipboardACLs

ParameterTypeDescription
actionsarray of stringsList of actions. Refer to Actions for details.
groupstringName of the user group to be granted permissions. User ID and group are mutually exclusive – specify either.
permitbooleanWhether to permit users to perform specific operations. Set true to permit, false to deny.
user_idstringID of the user to be granted permissions. User ID and group are mutually exclusive – specify either.

copy link to clipboardActions

The following table lists the accepted values:

APIsActionsDescription
CreatekeycreatePermission to create Salesforce keys.
UploadkeyuploadPermission to upload keys to Salesforce.
Destroy KeykeydestroyPermission to destroy Salesforce keys.
Import KeykeyimportPermission to import a destroyed Salesforce keys.
Rotate KeykeyrotatePermission to rotate the Salesforce keys.
SynchronizekeysynchronizePermission to synchronize Salesforce keys.
CancelkeysynchronizePermission to cancel Salesforce key synchronization jobs.
UpdatekeyupdatePermission to update cache-only key attributes (certificate and named credential).
Enable Key RotationkeyupdatePermission to enable automatic key rotation of Salesforce keys.
Disable Key RotationkeyupdatePermission to disable automatic key rotation of Salesforce keys.
ListviewPermission to view Salesforce keys.
Get (Salesforce Keys)viewPermission to view details of a Salesforce key with the given ID.
List (Salesforce Organizations)viewPermission to view Salesforce organizations.
Get (Salesforce Organizations)viewPermission to view details of Salesforce organizations with the given ID.
Create Cache-only Key EndpointendpointcreatePermission to create cache-only key endpoints.
Update Cache-only Key EndpointendpointupdatePermission to update cache-only key endpoints.
Delete Cache-only Key EndpointendpointdeletePermission to delete cache-only key endpoints.
Activate Cache-only KeycacheonlykeyactivatePermission to activate cache-only keys.
Upload Cache-only KeycacheonlykeyuploadPermission to upload cache-only keys.
Update Cache-only KeycacheonlykeyupdatePermission to update cache-only keys.
Destroy Cache-only KeycacheonlykeydestroyPermission to destroy cache-only keys.
Create CertificatecertificatecreatePermission to create certificate to be used to encrypt tenant secrets.
Delete CertificatecertificatedeletePermission to delete certificates.
Synchronize CertificatecertificatesyncPermission to synchronize certificates from Salesforce to the CipherTrust Manager.
Delete BackupdeletebackupPermission to delete backup of Salesforce keys from CCKM.

copy link to clipboardExample Request

curl -k 'https://127.0.0.1/api/v1/cckm/sfdc/organizations/2473e846-31a8-4ee6-8299-17025548b4e2/update-acls' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhOGY3N2IxZS1lOTY2LTQwMjEtODRjMC01YjZiNjAzMTBmOWEiLCJzdWIiOiJsb2NhbHwzM2Y5ZDFmNi04MjJiLTQ0NTItOGM4MC1mYzM0ZGYyZTI3OGQiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNjcyMjMzMDAtYjU2ZC00ZmVmLTkwMDEtZGE1NGY2ZDdiMzY4Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjNkNWM4OWYzLTM1OWYtNGZmYS04ZTMyLWMxZjk0NTIyMWYzNiIsImlhdCI6MTYyMDE5NTY0NCwiZXhwIjoxNjIwMTk1OTQ0fQ.NAHcbm9TIB3YmVg-i_nfXf0-B0wMbAoXMSTaAJ-Ke-U' -H 'Content-Type: application/json' --data-binary $'{\n  "acls": [\n    {\n      "group": "CCKM Users",\n      "actions": [\n        "view", "keycreate"\n      ],\n      "permit": true\n    }\n  ]\n}' --compressed

copy link to clipboardExample Response

{
    "id": "2473e846-31a8-4ee6-8299-17025548b4e2",
    "uri": "kylo:kylo:cckm:sfdc-organization:2473e846-31a8-4ee6-8299-17025548b4e2",
    "account": "kylo:kylo:admin:accounts:kylo",
    "application": "ncryptify:gemalto:admin:apps:kylo",
    "devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
    "createdAt": "2021-07-22T09:21:07.019666Z",
    "updatedAt": "2021-07-22T09:29:20.198938053Z",
    "name": "Thales",
    "organization_id": "00DB000000040bIMAQ",
    "connection": "sfdc-connection",
    "cloud_name": "sfdc",
    "type": "Regular",
    "acls": [
        {
            "group": "CCKM Users",
            "actions": [
                "view",
                "keycreate"
            ]
        }
    ]
}

The output shows the updated permissions for the Salesforce organization with ID 2473e846-31a8-4ee6-8299-17025548b4e2.

copy link to clipboardResponse Codes

Response CodeDescription
2xxSuccess
4xxClient errors
5xxServer errors

Refer to HTTP status codes for details.

On this page