User rights API-Endpoint
Introduction
User rights log
endpoint eases diagnosing problems with user permission. When user does not have permission to some entity it is hard to know what are actual right that user has and where the problems is. Fixing is always a bit of guessing game.
Endpoint uses cache so the rights should be the same as in running backend. If you suspect problem with caching - compare log returned before and after Backend restart.
To use the endpoint you have to have Security.RuleGroup.Api.User.GetUserRightsLog (245 rule group from CoreLogin module). It is by default added to Administrator only.
Request
/appcustomer/servicecorelogin/user/{user-id}/get-user-rights-log
UserId - id of the user for whom rights will be checked
Response
Text with all user rights grouped by roles.
Foreach right there is:
Role Name
,Type
of entity where for which right is,Mode
Right
- serialized right
"Role = 44412350-d784-42d2-b8ec-4326bf52db8d
Type = iTsense.Moving.Backend.Services.DmcoreService.DataInterfaces.Servicedmcore.IIdentity
Mode = Read
Right = {
\"$type\": \"iTsense.Moving.Backend.DataHandling.Security.Role.ISecurityRight[], iTsense.Moving.Backend.DataHandling\",
\"$values\": [
{
\"$type\": \"iTsense.Moving.Backend.DataHandling.Security.Role.SecurityRight, iTsense.Moving.Backend.DataHandling\",
\"Filter\": {
\"$type\": \"iTsense.Moving.Backend.DataHandling.Security.Filter.GenericMyCoreIdentityFilter`1[[iTsense.Moving.Backend.Services.DmcoreService.DataInterfaces.Servicedmcore.IIdentity, iTsense.Moving.Backend.Services.DmcoreService]], iTsense.Moving.Backend.DataHandling\",
\"NotContains\": false,
\"PropertyChain\": {
\"$type\": \"System.String[], mscorlib\",
\"$values\": [
\"CoreIdentity\",
\"Id\"
]
}
},
\"Mode\": 1,
\"ContextBundles\": {
\"$type\": \"iTsense.Moving.Backend.DataHandling.Security.Role.SecurityContextBundle[], iTsense.Moving.Backend.DataHandling\",
\"$values\": [
{
\"$type\": \"iTsense.Moving.Backend.DataHandling.Security.Role.SecurityContextBundle, iTsense.Moving.Backend.DataHandling\",
\"Contexts\": {
\"$type\": \"iTsense.Moving.Backend.DataHandling.Security.Role.ISecurityContext[], iTsense.Moving.Backend.DataHandling\",
\"$values\": []
}
}
]
}
}
]
}
Role = 44412350-d784-42d2-b8ec-4326bf52db8d
Type = iTsense.Moving.Backend.Services.DmcoreService.DataInterfaces.Servicedmcore.IIdentity
Mode = Update
Right = {
...
© ITSENSE AG. Alle Rechte vorbehalten. ITSENSE und CoreOne sind eingetragene Marken der ITSENSE AG.