Add Resource ACL

Overview

This operation adds NamedResource.EXECUTE permissions to the specified resources for the specified users and roles.

The following business rules can help you understand a particular response:
  • ResourceList contains one type of resource – all named maps or all named layers.

  • Permissions are propagated down to the dependent resources. For example, named tiles > named maps > named group layers > named layers > named label layers > named label sources.
  • If optional parameter recurseToData is true, then EXECUTE permission is also propagated to the dependent named tables.
  • For named WMTS tiles, no propagation takes place to any dependent resources.
  • All users or roles are given permission on the specified resources. It is not possible to specify different permissions for each user or role in a single request.
Note: When viewed in the Spectrum Management Console, EXECUTE permissions are added to the entity NamedResource override for specified resources along with their dependent resources. If recurseToData is true, then the EXECUTE permission is added to the dependent named table also. In this case, the EXECUTE permission is added to the NamedResource entity.

ACL Authorization Flow

The user making this request will only be able to add permission on resources within the repository folders (or subfolders) on which they have WRITE permissions.

HTTP PUT URL Format

The following format is used for HTTP PUT requests to add resource ACL:

HTTP PUT URL: /acl/resources
PUT DATA:{
   "users":[
      "user1"
   ],
   "roles":[
      "role1"
   ],
   "resources":[
      "/Samples/NamedTiles/WorldTile"
   ],
   "permissions":[
      "EXECUTE"
   ],
   "recurseToData":"true"
}
PUT HEADER: Content-Type:application/json

Parameters

Parameter Type Required Description
users String Yes Specifies a list of users. Required only when roles are not given in the request.
roles String Yes Specifies a list of roles. Required only when users are not given in the request.
resources String Yes Specifies a list of resources.
permissions String Yes Specifies the permission the resource needs to be given. The permission can only be EXECUTE.
recursetoData String No Specifies whether the ACL permissions are propagated to dependent named tables or not.

Returns

Returns a list of resources (and their dependent resources) on which the EXECUTE permission was given for the specified users and roles.

Example for PUT

Request URL
http://<server>:<port>/rest/Spatial/AccessControlService/acl/resources

Request Body

{
   "users":[
      "user1"
   ],
   "roles":[
      "role1"
   ],
   "resources":[
      "/Samples/NamedTiles/WorldTile"
   ],
   "permissions":[
      "EXECUTE"
   ],
   "recurseToData":"true"
}

Response

{
   "users":[
      "user1"
   ],
   "roles":[
      "role1"
   ],
   "resources":[
      "/Samples/NamedLayers/WorldcapFeatureLayer",
      "/Samples/NamedLayers/WorldFeatureLayer",
      "/Samples/NamedMaps/WorldMap",
      "/Samples/NamedLayers/Grid15FeatureLayer",
      "/Samples/NamedLabelSources/WorldCountriesLabelSource",
      "/Samples/NamedLayers/OceanFeatureLayer",
      "/Samples/NamedTables/OceanTable",
      "/Samples/NamedTables/Grid15Table",
      "/Samples/NamedTables/WorldcapTable",
      "/Samples/NamedTables/WorldTable",
      "/Samples/NamedTiles/WorldTile"
   ]
}