Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Salesforce Organization APIs

Granting Permissions to Users or Groups

search

Please Note:

printsuggest an editpdf paneldownload

Granting Permissions to Users or Groups

Use the post /v1/cckm/sfdc/organizations/{id}/update-acls API to grant permissions to users or groups to perform specified operations on a Salesforce organization on the CipherTrust Manager.

User ID and group are mutually exclusive – specify either. For the first time users or groups, actions are permitted as configured by the CCKM administrator. However, if the permissions of a user or group need to be modified later, for example, a new action is to be permitted or an existing action is to be revoked, the CCKM administrator needs to set that particular action to true or false.

For example, a user or group is permitted actions, keycreate, keyupload, and keyimport. Now, to permit one more action keydestroy to the user or group, set "permit":true and "actions": "keydestroy" and run the API. Similarly, now to deny permission to the action keycreate, set "permit":false, "actions": "keycreate", and run the API.

Refer to Actions for actions supported by different APIs.

copy link to clipboardSyntax

curl -k '<IP>/api/v1/cckm/sfdc/organizations/{id}/update-acls' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n  "acls": [\n    {\n      "group": "<group>",\n      "actions": [\n        "<action-1>", "<action-2>"\n      ],\n      "permit": <true|false>\n    }\n  ]\n}' --compressed

Here, {id} represents the ID of the Salesforce organization resource on the CipherTrust Manager.

copy link to clipboardRequest Parameters

ParameterTypeDescription
AUTHTOKENstringAuthorization token.
aclsarray of JSONsPermissions to be granted to users and groups. Refer to ACLs for details.

copy link to clipboardACLs

ParameterTypeDescription
actionsarray of stringsList of actions. Refer to Actions for details.
groupstringName of the user group to be granted permissions. User ID and group are mutually exclusive – specify either.
permitbooleanWhether to permit users to perform specific operations. Set true to permit, false to deny.
user_idstringID of the user to be granted permissions. User ID and group are mutually exclusive – specify either.

copy link to clipboardActions

The following table lists the accepted values:

APIsActionsDescription
CreatekeycreatePermission to create SFDC keys.
UploadkeyrotatetobyokPermission to upload keys to SFDC.
Destroy keykeydestroynativePermission to destroy native SFDC keys.
Destroy keykeydestroybyokPermission to destroy BYOK SFDC keys.
ImportkeyimportnativePermission to import a destroyed native SFDC keys.
ImportkeyimportbyokPermission to import a destroyed byok SFDC keys.
SynchronizekeysynchronizePermission to synchronize SFDC keyss.
CancelkeysynchronizePermission to cancel a synchronization job.
UpdatekeyupdatePermission to updates cache only key attributes (certificate and named credential).
ListviewPermission to view SFDC keys.
Get (SFDC Keys)viewPermission to get the details of an SFDC key with the given id.
List SFDC OrganizationviewPermission to view SFDC organizations.
Get (SFDC Organizations)viewPermission to get the details of SFDC Organization with given id.
Create cache only key endpointendpointcreatePermission to create cache only key endpoint.
Update cache only key endpointendpointupdatePermission to update cache only key endpoint.
Delete cache only key endpointendpointdeletePermission to delete cache only key endpoint.
Activate cache only keycacheonlykeyactivatePermission to activate cache only key.
Upload cache only keycacheonlykeyuploadPermission to upload cache only key.
Update cache only keycacheonlykeyupdatePermission to update cache only key.
Destroy cache only keycacheonlykeydestroyPermission to destroy cache only key.
Create certificatecertificatecreatePermission to create certificate to be used to encrypt tenant secret.
Delete certificatecertificatedeletePermission to delete certificate.
Synchronize certificatecertificatesyncPermission to synchronize certificate from SFDC to CM.
Delete BackupdeletebackupnativePermission to deletes a SFDC native key backup from CCKM.
Delete BackupdeletebackupbyokPermission to deletes a SFDC byok key backup from CCKM.
Create ReportreportcreatePermission to create a report.
Delete ReportreportdeletePermission to delete a report.
Download ReportreportdownloadPermission to download a report.
View ReportreportviewPermission to view the content of a report.

copy link to clipboardExample Request

curl -k 'https://127.0.0.1/api/v1/cckm/sfdc/organizations/2473e846-31a8-4ee6-8299-17025548b4e2/update-acls' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhOGY3N2IxZS1lOTY2LTQwMjEtODRjMC01YjZiNjAzMTBmOWEiLCJzdWIiOiJsb2NhbHwzM2Y5ZDFmNi04MjJiLTQ0NTItOGM4MC1mYzM0ZGYyZTI3OGQiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNjcyMjMzMDAtYjU2ZC00ZmVmLTkwMDEtZGE1NGY2ZDdiMzY4Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjNkNWM4OWYzLTM1OWYtNGZmYS04ZTMyLWMxZjk0NTIyMWYzNiIsImlhdCI6MTYyMDE5NTY0NCwiZXhwIjoxNjIwMTk1OTQ0fQ.NAHcbm9TIB3YmVg-i_nfXf0-B0wMbAoXMSTaAJ-Ke-U' -H 'Content-Type: application/json' --data-binary $'{\n  "acls": [\n    {\n      "group": "CCKM Users",\n      "actions": [\n        "view", "keycreate"\n      ],\n      "permit": true\n    }\n  ]\n}' --compressed

copy link to clipboardExample Response

{
    "id": "2473e846-31a8-4ee6-8299-17025548b4e2",
    "uri": "kylo:kylo:cckm:sfdc-organization:2473e846-31a8-4ee6-8299-17025548b4e2",
    "account": "kylo:kylo:admin:accounts:kylo",
    "application": "ncryptify:gemalto:admin:apps:kylo",
    "devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
    "createdAt": "2021-07-22T09:21:07.019666Z",
    "updatedAt": "2021-07-22T09:29:20.198938053Z",
    "name": "Thales",
    "organization_id": "00DB000000040bIMAQ",
    "connection": "sfdc-connection",
    "cloud_name": "sfdc",
    "type": "Regular",
    "acls": [
        {
            "group": "CCKM Users",
            "actions": [
                "view",
                "keycreate"
            ]
        }
    ]
}

The output shows the updated permissions for the Salesforce organization with ID 2473e846-31a8-4ee6-8299-17025548b4e2.

copy link to clipboardResponse Codes

Response CodeDescription
2xxSuccess
4xxClient errors
5xxServer errors

Refer to HTTP status codes for details.

On this page