Remove Resource ACL

Overview

This operation removes NamedResource.EXECUTE permissions on resources for the specified users and roles.

The following business rules can help you understand a particular response:
  • ResourceList contains one type of resource – all named maps or all named layers.
  • The removal of permission is always propagated up to parent resources and down to dependent resources. For example, named maps to named tiles while propagating up and named maps to named group layers to named layers to named label layers to named label sources while propagating down.
  • When removal of permission is being propagated down, the permissions will not be removed if a lower level resource needs the ACL for another high-level resource to work. For example, if a user has permission for two named maps that reference the same named layer, then removing permission from one named map will not propagate the change to the layer since the user is still able to render the second named map which references that layer.
  • If optional parameter recurseToData is true, then removal of EXECUTE permission is also propagated to the dependent named tables. If the table has any of the Dataset.DML CREATE, MODIY, or DELETE permissions, then these are also removed since the user would be unable to query the table if EXECUTE is not present.
  • For named WMTS tiles, removal of permission is not propagated to any dependent resources.
  • Permission is removed for all users and roles on the specified resources. It is not possible to specify different permissions for each user or role in a single request. The resources on which permissions are removed may be different for different users or roles depending on whether users or roles have permission on specified resources (and their dependent resources) or not.

ACL Authorization Flow

The user making this request will only be able to remove permission on resources within the repository folders (or subfolders) on which they have WRITE permissions.

HTTP POST URL Format

The following format is used for HTTP POST requests to delete a ACL from the specified resource:

HTTP POST URL:  /acl/resources/delete
POST DATA:  {
   "users":[
      "user1"
   ],
   "roles":[
      "role1"
   ],
   "resources":[
      "/Samples/NamedTiles/WorldTile"
   ],
   "permissions":[
      "EXECUTE"
   ]
}
POST HEADER: Content-Type:application/json 

Parameters

Parameter Type Required Description
users String Yes Specifies a list of users. Required only when roles are not given in the request.
roles String Yes Specifies a list of roles. Required only when users are not given in the request.
resources String Yes Specifies a list of resources.
permissions String Yes Specifies the permission to be removed from the resource. The permission can only be EXECUTE.
recursetoData String No Specifies whether the removal of ACL permissions is propagated to the dependent named tables.

Returns

A list of resources (and their dependent resources) on which the EXECUTE permission was removed for the specified users and roles.

Example for POST

Request URL
http://<server>:<port>/rest/Spatial/AccessControlService/acl/resources/delete

Request Body

{
   "users":[
      "user1"
   ],
   "roles":[
      "role1"
   ],
   "resources":[
      "/Samples/NamedTiles/WorldTile"
   ],
   "permissions":[
      "EXECUTE"
   ]
}

Response

{
   "users":[
      {
         "name":"user1",
         "resources":[
            "/Samples/NamedTiles/WorldTile",
            "/Samples/NamedLayers/WorldcapFeatureLayer",
            "/Samples/NamedLayers/WorldFeatureLayer",
            "/Samples/NamedMaps/WorldMap",
            "/Samples/NamedLayers/Grid15FeatureLayer",
            "/Samples/NamedLabelSources/WorldCountriesLabelSource",
            "/Samples/NamedLayers/OceanFeatureLayer",
            "/Samples/NamedTables/OceanTable",
            "/Samples/NamedTables/Grid15Table",
            "/Samples/NamedTables/WorldcapTable",
            "/Samples/NamedTables/WorldTable"
         ]
      }
   ],
   "roles":[
      {
         "name":"role1",
         "resources":[
            "/Samples/NamedTiles/WorldTile",
            "/Samples/NamedLayers/WorldcapFeatureLayer",
            "/Samples/NamedLayers/WorldFeatureLayer",
            "/Samples/NamedMaps/WorldMap",
            "/Samples/NamedLayers/Grid15FeatureLayer",
            "/Samples/NamedLabelSources/WorldCountriesLabelSource",
            "/Samples/NamedLayers/OceanFeatureLayer",
            "/Samples/NamedTables/OceanTable",
            "/Samples/NamedTables/Grid15Table",
            "/Samples/NamedTables/WorldcapTable",
            "/Samples/NamedTables/WorldTable"
         ]
      }
   ]
}