Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

SAP HYOK APIs

Granting Permissions to Users or Groups

search

Please Note:

printsuggest an editpdf paneldownload

Granting Permissions to Users or Groups

se the post /v1/cckm/sap/ekm/keystores/{id}/update-acls API to grant permissions to users or groups to perform specific actions on the SAP keystore.

For the first time users or groups, actions are permitted as configured by the CCKM administrator. However, if the permissions of a user or group needs to be modified later, for example, a new action is to be permitted or an existing action is to be revoked, the CCKM administrator needs to set that particular action to true or false.

For example, a user or group is permitted actions, hyokkeycreate, hyokkeyupdate, and hyokkeydelete. Now, to permit one more action hyokkeyblockunblock to the user or group, set "permit":true and "actions": "hyokkeyblockunblock", and run the API. Similarly, now to deny permission to the action hyokkeycreate, set "permit":false, "actions": "hyokkeycreate", and run the API.

copy link to clipboardSyntax

curl -k 'https://<IP>/api/v1/cckm/sap/ekm/keystores/{id}/update-acls' -X POST -H 'Authorization: AUTHTOKEN' --compressed

Here, {id} represents the keystore ID.

copy link to clipboardRequest Parameters

ParameterTypeDescription
AUTHTOKENstringAuthorization token.
actionsarray of stringsPermitted actions on the SAP keys. The actions can be:
• hyokkeycreate
• viewhyokkey
• hyokkeyupdate
• hyokkeydelete
• hyokkeyblockunblock
• hyokkeyrotate
• hyokkeyarchiverecover
Refer to APIs and Action Mapping for the supported actions and details.
groupstringName of the user group to be granted permissions. User ID and group are mutually exclusive – specify either.
permitbooleanWhether to permit users to perform specific operations. Set true to permit, false to deny.
user_idstringID of the user to be granted permissions. User ID and group are mutually exclusive – specify either.

copy link to clipboardAPIs and Action Mapping

The following table lists the mapping of APIs and actions required to call these APIs.

APIsActions RequiredDescription
ListviewhyokkeyPermission to view groups and their keys.
CreatehyokkeycreatePermission to create external keys in SAP KeyStores.
UpdatehyokkeyupdatePermission to updates the SAP External key attributes.
DeletehyokkeydeletePermission to deletes an SAP External key and its versions.
BlockhyokkeyblockunblockPermission to blocks all the proxy operations on the SAP external key.
UnblockhyokkeyblockunblockPermission to unblocks all the proxy operations on the SAP external key.
Enable/DisablehyokkeyupdatePermission to enable/disable the SAP External key.
Enable/Disable Auto RotationhyokkeyupdatePermission to enable/disable the SAP External key rotation
Add VersionhyokkeyrotatePermission to add versions on SAP External key.
ArchivehyokkeyarchiverecoverPermission to archive the SAP External key.
RecoverhyokkeyarchiverecoverPermission to recover the SAP External key.

copy link to clipboardExample Request

curl -k 'https://127.0.0.1/api/v1/cckm/sap/ekm/keystores/213k/update-acls' -X POST -H 'Authorization: Bearer eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI2MDdmMDQ0My0xMTE2LTRkZDktODhkNC1hYTE5Yzk2N2VkYzMiLCJzdWIiOiJsb2NhbHw1MTAwODIzOS04MDkzLTRmM2YtODY0Ny1hMzI5NmM2ZmM2ODYiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJjbGllbnRfaWQiOiI4MzdjODQwZC03NWRkLTRiNGYtYTMxOC03OWNiMTZjYTI0OGQiLCJjbGllbnRfbmFtZSI6ImFwaS1wbGF5Z3JvdW5kIiwiY2xpZW50X3R5cGUiOiJwdWJsaWMiLCJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiODM3Yzg0MGQtNzVkZC00YjRmLWEzMTgtNzljYjE2Y2EyNDhkIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImY2NDdjYTE0LWIzYjEtNGFiMS1iNzEyLWVmNzBlNzI1MzVjNSIsImlhdCI6MTcyNDk0NDM3MiwiZXhwIjoxNzI0OTQ0NjcyfQ.iQ8c_AyGde0Ea_yZA6CjlD1MjLggnhNth_iGWhKzOjmwdrN13vqLq9IgdDfuvsyNKIYbkGwLVENtE31EVSSg3A' -H 'accept: application/json' --compressed

copy link to clipboardExample Response

{
    "id": "7cde72f5-dcf2-4b34-8398-0d85403c1c02",
    "uri": "kylo:kylo:cckm:sap-keystore:7cde72f5-dcf2-4b34-8398-0d85403c1c02",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2024-06-10T07:03:20.175147Z",
    "updatedAt": "2024-06-10T14:33:44.772115Z",
    "name": "sap-keystore",
    "description": "demo-sap-keystore",
    "acls": [
        {
            "group": "CCKM Users",
            "actions": [
                "viewhyokkey"
            ]
        }
    ],
    "keystore_url_hostname": "localhost:443",
    "keystore_url": "https://localhost:443/api/v1/cckm/sap/hyok/v1/keystores/7cde72f5-dcf2-4b34-8398-0d85403c1c02",
    "sap_tenant_id": "5e3d1d87-9502-42af-a946-3ffec9e71a44",
    "blocked": false,
    "state": "ACTIVE"
}

copy link to clipboardResponse Codes

Response CodeDescription
2xxSuccess
4xxClient errors
5xxServer errors

Refer to HTTP status codes for details.

On this page