Add Resource ACL
Overview
This operation adds NamedResource.EXECUTE permissions to the specified resources for the specified users and roles.
The following business rules can help you understand a particular response:
-
ResourceList contains one type of resource – all named maps or all named layers.
- Permissions are propagated down to the dependent resources. For example, named tiles > named maps > named group layers > named layers > named label layers > named label sources.
- If optional parameter recurseToData is true, then EXECUTE permission is also propagated to the dependent named tables.
- For named WMTS tiles, no propagation takes place to any dependent resources.
- All users or roles are given permission on the specified resources. It is not possible to specify different permissions for each user or role in a single request.
Note: When viewed in the Spectrum Management Console, EXECUTE permissions are added
to the entity NamedResource override for specified resources along with their
dependent resources. If recurseToData is true, then the
EXECUTE permission is added to the dependent named table also. In this case, the
EXECUTE permission is added to the NamedResource entity.
ACL Authorization Flow
The user making this request will only be able to add permission on resources within the repository folders (or subfolders) on which they have WRITE permissions.
HTTP PUT URL Format
The following format is used for HTTP PUT requests to add resource ACL:
HTTP PUT URL: /acl/resources PUT DATA:{ "users":[ "user1" ], "roles":[ "role1" ], "resources":[ "/Samples/NamedTiles/WorldTile" ], "permissions":[ "EXECUTE" ], "recurseToData":"true" } PUT HEADER: Content-Type:application/json
Parameters
Parameter | Type | Required | Description |
---|---|---|---|
users | String | Yes | Specifies a list of users. Required only when roles are not given in the request. |
roles | String | Yes | Specifies a list of roles. Required only when users are not given in the request. |
resources | String | Yes | Specifies a list of resources. |
permissions | String | Yes | Specifies the permission the resource needs to be given. The permission can only be EXECUTE. |
recursetoData | String | No | Specifies whether the ACL permissions are propagated to dependent named tables or not. |
Returns
Returns a list of resources (and their dependent resources) on which the EXECUTE permission was given for the specified users and roles.
Example for PUT
Request URL
http://<server>:<port>/rest/Spatial/AccessControlService/acl/resources
Request Body
{ "users":[ "user1" ], "roles":[ "role1" ], "resources":[ "/Samples/NamedTiles/WorldTile" ], "permissions":[ "EXECUTE" ], "recurseToData":"true" }
Response
{ "users":[ "user1" ], "roles":[ "role1" ], "resources":[ "/Samples/NamedLayers/WorldcapFeatureLayer", "/Samples/NamedLayers/WorldFeatureLayer", "/Samples/NamedMaps/WorldMap", "/Samples/NamedLayers/Grid15FeatureLayer", "/Samples/NamedLabelSources/WorldCountriesLabelSource", "/Samples/NamedLayers/OceanFeatureLayer", "/Samples/NamedTables/OceanTable", "/Samples/NamedTables/Grid15Table", "/Samples/NamedTables/WorldcapTable", "/Samples/NamedTables/WorldTable", "/Samples/NamedTiles/WorldTile" ] }