Managing Permissions on SAP Users or Groups
Use the post /v1/cckm/sap/groups/{id}/update-acls
API to grant permissions to users or groups to perform specific actions on the SAP groups. User ID and group are mutually exclusive – specify either.
For the first time users or groups, actions are permitted as configured by the CCKM administrator. However, if the permissions of a user or group need to be modified later, for example, a new action is to be permitted or an existing action is to be revoked, the CCKM administrator needs to set that particular action to true
or false
.
For example, a user or group is permitted actions, keycreate
, keyupload
, and keydelete
. Now, to permit one more action keyrestore
to the user or group, set "permit":true
and "actions": "keyrestore"
and run the API. Similarly, now to deny permission to the action "keycreate"
, set "permit":false
, "actions": "keycreate"
, and run the API.
Syntax
Here, {id}
is the resource ID of the SAP group.
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authentication token. |
actions | array of strings | List of actions. Refer to Actions for the supported actions and details. |
group | string | Name of the user group to be granted permissions. User ID and group are mutually exclusive - specify either. |
permit | boolean | Whether to permit users to perform specific operations. Set true to permit, false to deny. |
user_id | string | ID of the user to be granted permissions. User ID and group are mutually exclusive – specify either. |
Actions
The following table lists the accepted values:
APIs | Actions | Description |
---|---|---|
List | view | Permission to view groups and their keys. |
Create | keycreate | Permission to create SAP native keys. |
Upload | keyupload | Permission to upload the CipherTrust Manager keys to SAP. |
Delete | keydelete | Permission to delete SAP keys. |
Restore | keyrestore | Permission to restore backed up keys to groups. |
Update (Edit key) | keyupdate | Permission to update keys, for example, editing properties, enabling/disabling keys, enabling/disabling key version, and editing labels. |
Delete Backup | deletebackup | Permission to delete backups of SAP keys from the CCKM. |
Rotate to Native Key | keyrotatetonative | Permission to rotate keys on SAP groups natively. |
Rotate to BYOK Key | keyrotatetobyok | Permission to rotate keys on SAP groups using BYOK. |
Synchronize | keysynchronize | Permission to synchronize SAP keys. |
Cancel | keysynchronize | Permission to cancel synchronization jobs. |
Remove | keyremove | Permission to remove SAP keys with their versions and backups from the CCKM. |
Create Report | reportcreate | Permission to create a report. |
Delete Report | reportdelete | Permission to delete a report. |
Download Report | reportdownload | Permission to download a report. |
View Report | reportview | Permission to view the content of a report. |
Example Request
Example Response
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.