User rights API-Endpoint

Introduction

User rights log endpoint eases diagnosing problems with user permission. When user does not have permission to some entity it is hard to know what are actual right that user has and where the problems is. Fixing is always a bit of guessing game.

Endpoint uses cache so the rights should be the same as in running backend. If you suspect problem with caching - compare log returned before and after Backend restart.

To use the endpoint you have to have Security.RuleGroup.Api.User.GetUserRightsLog (245 rule group from CoreLogin module). It is by default added to Administrator only.

Request

/appcustomer/servicecorelogin/user/{user-id}/get-user-rights-log

UserId - id of the user for whom rights will be checked

Response

Text with all user rights grouped by roles.

Foreach right there is:

  • Role Name,

  • Type of entity where for which right is,

  • Mode

  • Right - serialized right

"Role = 44412350-d784-42d2-b8ec-4326bf52db8d Type = iTsense.Moving.Backend.Services.DmcoreService.DataInterfaces.Servicedmcore.IIdentity Mode = Read Right = { \"$type\": \"iTsense.Moving.Backend.DataHandling.Security.Role.ISecurityRight[], iTsense.Moving.Backend.DataHandling\", \"$values\": [ { \"$type\": \"iTsense.Moving.Backend.DataHandling.Security.Role.SecurityRight, iTsense.Moving.Backend.DataHandling\", \"Filter\": { \"$type\": \"iTsense.Moving.Backend.DataHandling.Security.Filter.GenericMyCoreIdentityFilter`1[[iTsense.Moving.Backend.Services.DmcoreService.DataInterfaces.Servicedmcore.IIdentity, iTsense.Moving.Backend.Services.DmcoreService]], iTsense.Moving.Backend.DataHandling\", \"NotContains\": false, \"PropertyChain\": { \"$type\": \"System.String[], mscorlib\", \"$values\": [ \"CoreIdentity\", \"Id\" ] } }, \"Mode\": 1, \"ContextBundles\": { \"$type\": \"iTsense.Moving.Backend.DataHandling.Security.Role.SecurityContextBundle[], iTsense.Moving.Backend.DataHandling\", \"$values\": [ { \"$type\": \"iTsense.Moving.Backend.DataHandling.Security.Role.SecurityContextBundle, iTsense.Moving.Backend.DataHandling\", \"Contexts\": { \"$type\": \"iTsense.Moving.Backend.DataHandling.Security.Role.ISecurityContext[], iTsense.Moving.Backend.DataHandling\", \"$values\": [] } } ] } } ] } Role = 44412350-d784-42d2-b8ec-4326bf52db8d Type = iTsense.Moving.Backend.Services.DmcoreService.DataInterfaces.Servicedmcore.IIdentity Mode = Update Right = { ...

© ITSENSE AG. Alle Rechte vorbehalten. ITSENSE und CoreOne sind eingetragene Marken der ITSENSE AG.