|
|
# Entitlements Service
|
|
|
|
|
|
|
|
|
<a name="overview"></a>
|
|
|
## Overview
|
|
|
Entitlement Service handles user management and permissions within the Data Ecosystem.
|
|
|
|
|
|
|
|
|
### Version information
|
|
|
*Version* : 1.0.0
|
|
|
|
|
|
|
|
|
### Contact information
|
|
|
*Contact* : DELFI support
|
|
|
*Contact Email* : DELFI-DevPortal-Help@slb.com
|
|
|
|
|
|
|
|
|
### URI scheme
|
|
|
*Host* : api.evq.csp.slb.com
|
|
|
*BasePath* : /de/entitlements/v1
|
|
|
*Schemes* : HTTPS
|
|
|
|
|
|
|
|
|
### Tags
|
|
|
|
|
|
* Entitlements Auth Administration : Validates the JWT
|
|
|
* Entitlements Groups Administration : Group creation and Listing groups for a member.
|
|
|
* Entitlements Members Administration : Adding members, Getting member details and Getting members within a group
|
|
|
|
|
|
|
|
|
### Consumes
|
|
|
|
|
|
* `application/json`
|
|
|
|
|
|
|
|
|
### Produces
|
|
|
|
|
|
* `application/json`
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<a name="paths"></a>
|
|
|
## Paths
|
|
|
|
|
|
<a name="creategroup"></a>
|
|
|
### POST /groups
|
|
|
|
|
|
#### Description
|
|
|
Creates a new group with the original caller becoming the OWNER of the group being created. This API requires caller to have the service.entitlements.admin permission
|
|
|
|
|
|
|
|
|
#### Parameters
|
|
|
|
|
|
|Type|Name|Description|Schema|Default|
|
|
|
|---|---|---|---|---|
|
|
|
|**Header**|**slb-data-partition-id** <br>*required*|This value should be the desired data partition id.|string|`"common"`|
|
|
|
|**Body**|**body** <br>*required*|Payload|[InsertGroupBodyReq](#insertgroupbodyreq)||
|
|
|
|
|
|
|
|
|
#### Responses
|
|
|
|
|
|
|HTTP Code|Description|Schema|
|
|
|
|---|---|---|
|
|
|
|**200**|Group details|[GroupRes](#groupres)|
|
|
|
|**401**|User is unauthorized.|[AppError](#apperror)|
|
|
|
|**409**|Conflict. Failed to insert group. Entity already exists.|[AppError](#apperror)|
|
|
|
|
|
|
|
|
|
#### Consumes
|
|
|
|
|
|
* `application/json`
|
|
|
|
|
|
|
|
|
#### Produces
|
|
|
|
|
|
* `application/json`
|
|
|
|
|
|
|
|
|
#### Tags
|
|
|
|
|
|
* Entitlements Groups Administration
|
|
|
|
|
|
|
|
|
#### Security
|
|
|
|
|
|
|Type|Name|
|
|
|
|---|---|
|
|
|
|**apiKey**|**[bearer](#bearer)**|
|
|
|
|**apiKey**|**[appkey](#appkey)**|
|
|
|
|
|
|
|
|
|
#### Example HTTP request
|
|
|
|
|
|
##### Request body
|
|
|
```json
|
|
|
{
|
|
|
"name" : "users.example.viewers",
|
|
|
"description" : "This is an user group for example viewers."
|
|
|
}
|
|
|
```
|
|
|
|
|
|
|
|
|
#### Example HTTP response
|
|
|
|
|
|
##### Response 200
|
|
|
```json
|
|
|
{
|
|
|
"name" : "users.example.viewers,",
|
|
|
"email" : "users.datalake.viewers@common.{{$domain}},",
|
|
|
"description" : "This is an user group for example viewers."
|
|
|
}
|
|
|
```
|
|
|
|
|
|
|
|
|
<a name="groups"></a>
|
|
|
### GET /groups
|
|
|
|
|
|
#### Description
|
|
|
Lists all the groups that the user belongs to in the given data partition. This API requires caller to have the service.entitlements.user permission
|
|
|
|
|
|
|
|
|
#### Parameters
|
|
|
|
|
|
|Type|Name|Description|Schema|Default|
|
|
|
|---|---|---|---|---|
|
|
|
|**Header**|**slb-data-partition-id** <br>*required*|This value should be the desired data partition id.|string|`"common"`|
|
|
|
|
|
|
|
|
|
#### Responses
|
|
|
|
|
|
|HTTP Code|Description|Schema|
|
|
|
|---|---|---|
|
|
|
|**200**|List of groups|< [GroupsListRes](#groupslistres) > array|
|
|
|
|**401**|User is unauthorized.|[AppError](#apperror)|
|
|
|
|
|
|
|
|
|
#### Produces
|
|
|
|
|
|
* `application/json`
|
|
|
|
|
|
|
|
|
#### Tags
|
|
|
|
|
|
* Entitlements Groups Administration
|
|
|
|
|
|
|
|
|
#### Security
|
|
|
|
|
|
|Type|Name|
|
|
|
|---|---|
|
|
|
|**apiKey**|**[bearer](#bearer)**|
|
|
|
|**apiKey**|**[appkey](#appkey)**|
|
|
|
|
|
|
|
|
|
<a name="grantaccesstodatagroup"></a>
|
|
|
### POST /groups/data/{group_email}/members
|
|
|
|
|
|
#### Description
|
|
|
Grants access to the given data group of vendor partition to the given user group of the same vendor partition or any primary partition.
|
|
|
|
|
|
|
|
|
#### Parameters
|
|
|
|
|
|
|Type|Name|Description|Schema|Default|
|
|
|
|---|---|---|---|---|
|
|
|
|**Header**|**slb-data-partition-id** <br>*required*|This value should be the desired data partition id.|string|`"common"`|
|
|
|
|**Path**|**group_email** <br>*required*|group_email must be data group which has prefix 'data.'|string|`"data.ihs.viewers@common.{{$domain}}"`|
|
|
|
|**Body**|**member** <br>*required*|member|[InsertMemberBodyReqCrossPartition](#insertmemberbodyreqcrosspartition)||
|
|
|
|
|
|
|
|
|
#### Responses
|
|
|
|
|
|
|HTTP Code|Description|Schema|
|
|
|
|---|---|---|
|
|
|
|**200**|Add given user group into data group. It takes effect immediately.|[MemberResBody](#memberresbody)|
|
|
|
|**401**|User is unauthorized.|[AppError](#apperror)|
|
|
|
|
|
|
|
|
|
#### Produces
|
|
|
|
|
|
* `application/json`
|
|
|
|
|
|
|
|
|
#### Tags
|
|
|
|
|
|
* Entitlements Members Administration
|
|
|
|
|
|
|
|
|
#### Security
|
|
|
|
|
|
|Type|Name|
|
|
|
|---|---|
|
|
|
|**apiKey**|**[bearer](#bearer)**|
|
|
|
|**apiKey**|**[appkey](#appkey)**|
|
|
|
|
|
|
|
|
|
#### Example HTTP request
|
|
|
|
|
|
##### Request body
|
|
|
```json
|
|
|
{
|
|
|
"email" : "users@common.domain.com",
|
|
|
"role" : "MEMBER"
|
|
|
}
|
|
|
```
|
|
|
|
|
|
|
|
|
<a name="createmembers"></a>
|
|
|
### POST /groups/{group_email}/members
|
|
|
|
|
|
#### Description
|
|
|
Adds a member to an existing group. This API requires the service.entitlements.user permission and to be an OWNER of the requested group.
|
|
|
|
|
|
|
|
|
#### Parameters
|
|
|
|
|
|
|Type|Name|Description|Schema|Default|
|
|
|
|---|---|---|---|---|
|
|
|
|**Header**|**slb-data-partition-id** <br>*required*|This value should be the desired data partition id.|string|`"common"`|
|
|
|
|**Path**|**group_email** <br>*required*|group email|string|`"users.datalake.viewers@common.{{$domain}}"`|
|
|
|
|**Body**|**member** <br>*required*|member|[InsertMemberBodyReq](#insertmemberbodyreq)||
|
|
|
|
|
|
|
|
|
#### Responses
|
|
|
|
|
|
|HTTP Code|Description|Schema|
|
|
|
|---|---|---|
|
|
|
|**200**|Add member into a group. It take effect immediately.|[MemberResBody](#memberresbody)|
|
|
|
|**401**|User is unauthorized.|[AppError](#apperror)|
|
|
|
|
|
|
|
|
|
#### Produces
|
|
|
|
|
|
* `application/json`
|
|
|
|
|
|
|
|
|
#### Tags
|
|
|
|
|
|
* Entitlements Members Administration
|
|
|
|
|
|
|
|
|
#### Security
|
|
|
|
|
|
|Type|Name|
|
|
|
|---|---|
|
|
|
|**apiKey**|**[bearer](#bearer)**|
|
|
|
|**apiKey**|**[appkey](#appkey)**|
|
|
|
|
|
|
|
|
|
#### Example HTTP request
|
|
|
|
|
|
##### Request body
|
|
|
```json
|
|
|
{
|
|
|
"email" : "member@domain.com",
|
|
|
"role" : "MEMBER"
|
|
|
}
|
|
|
```
|
|
|
|
|
|
|
|
|
<a name="listmembers"></a>
|
|
|
### GET /groups/{group_email}/members
|
|
|
|
|
|
#### Description
|
|
|
This lists the direct members of a group. This API requires the service.entitlements.user permission and to be either a MEMBER/OWNER of the requested group
|
|
|
|
|
|
|
|
|
#### Parameters
|
|
|
|
|
|
|Type|Name|Description|Schema|Default|
|
|
|
|---|---|---|---|---|
|
|
|
|**Header**|**slb-data-partition-id** <br>*required*|This value should be the desired data partition id.|string|`"common"`|
|
|
|
|**Path**|**group_email** <br>*required*|group email|string|`"users.datalake.viewers@common.{{$domain}}"`|
|
|
|
|**Query**|**cursor** <br>*optional*|cursor|string||
|
|
|
|**Query**|**limit** <br>*optional*|limit|integer (int64)||
|
|
|
|**Query**|**role** <br>*optional*|role|enum (OWNER, MEMBER)|`"OWNER"`|
|
|
|
|
|
|
|
|
|
#### Responses
|
|
|
|
|
|
|HTTP Code|Description|Schema|
|
|
|
|---|---|---|
|
|
|
|**200**|List of members with in a group.|[MemberList](#memberlist)|
|
|
|
|**401**|User is unauthorized.|[AppError](#apperror)|
|
|
|
|
|
|
|
|
|
#### Produces
|
|
|
|
|
|
* `application/json`
|
|
|
|
|
|
|
|
|
#### Tags
|
|
|
|
|
|
* Entitlements Members Administration
|
|
|
|
|
|
|
|
|
#### Security
|
|
|
|
|
|
|Type|Name|
|
|
|
|---|---|
|
|
|
|**apiKey**|**[bearer](#bearer)**|
|
|
|
|**apiKey**|**[appkey](#appkey)**|
|
|
|
|
|
|
|
|
|
<a name="deletemember"></a>
|
|
|
### DELETE /groups/{group_email}/members/{member_email}
|
|
|
|
|
|
#### Description
|
|
|
Delete member from a group. This API requires the service.entitlements.user permission and be an OWNER in the group
|
|
|
|
|
|
|
|
|
#### Parameters
|
|
|
|
|
|
|Type|Name|Description|Schema|Default|
|
|
|
|---|---|---|---|---|
|
|
|
|**Header**|**slb-data-partition-id** <br>*required*|This value should be the desired data partition id.|string|`"common"`|
|
|
|
|**Path**|**group_email** <br>*required*|group email|string|`"users.datalake.viewers@common.{{$domain}}"`|
|
|
|
|**Path**|**member_email** <br>*required*|member email|string|`"member@domain.com"`|
|
|
|
|
|
|
|
|
|
#### Responses
|
|
|
|
|
|
|HTTP Code|Description|Schema|
|
|
|
|---|---|---|
|
|
|
|**200**|Delete member from a group. It takes effect immediately.|No Content|
|
|
|
|**401**|User is unauthorized.|[AppError](#apperror)|
|
|
|
|
|
|
|
|
|
#### Produces
|
|
|
|
|
|
* `application/json`
|
|
|
|
|
|
|
|
|
#### Tags
|
|
|
|
|
|
* Entitlements Members Administration
|
|
|
|
|
|
|
|
|
#### Security
|
|
|
|
|
|
|Type|Name|
|
|
|
|---|---|
|
|
|
|**apiKey**|**[bearer](#bearer)**|
|
|
|
|**apiKey**|**[appkey](#appkey)**|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<a name="definitions"></a>
|
|
|
## Definitions
|
|
|
|
|
|
<a name="apperror"></a>
|
|
|
### AppError
|
|
|
An error that occurs during normal application logic
|
|
|
|
|
|
|
|
|
|Name|Schema|
|
|
|
|---|---|
|
|
|
|**code** <br>*optional*|integer (int32)|
|
|
|
|**message** <br>*optional*|string|
|
|
|
|**name** <br>*optional*|string|
|
|
|
|
|
|
|
|
|
<a name="grouplist"></a>
|
|
|
### GroupList
|
|
|
GroupList contains a list of Groups
|
|
|
|
|
|
|
|
|
|Name|Schema|
|
|
|
|---|---|
|
|
|
|**Groups** <br>*optional*|< [GroupRes](#groupres) > array|
|
|
|
|
|
|
|
|
|
<a name="groupres"></a>
|
|
|
### GroupRes
|
|
|
GroupRes is the group details
|
|
|
|
|
|
|
|
|
|Name|Schema|
|
|
|
|---|---|
|
|
|
|**description** <br>*optional*|string|
|
|
|
|**email** <br>*optional*|string|
|
|
|
|**name** <br>*optional*|string|
|
|
|
|
|
|
|
|
|
<a name="insertgroupbodyreq"></a>
|
|
|
### InsertGroupBodyReq
|
|
|
InsertGroupBodyReq is the message format of the group
|
|
|
|
|
|
|
|
|
|Name|Description|Schema|
|
|
|
|---|---|---|
|
|
|
|**description** <br>*optional*|**Example** : `"This is an user group for example viewers."`|string|
|
|
|
|**name** <br>*optional*|**Example** : `"users.example.viewers"`|string|
|
|
|
|
|
|
|
|
|
<a name="insertmemberbodyreq"></a>
|
|
|
### InsertMemberBodyReq
|
|
|
InsertMemberBodyReq is the message format of the member.
|
|
|
|
|
|
|
|
|
|Name|Description|Schema|
|
|
|
|---|---|---|
|
|
|
|**email** <br>*optional*|**Example** : `"member@domain.com"`|string|
|
|
|
|**role** <br>*optional*|**Example** : `"MEMBER"`|enum (OWNER, MEMBER)|
|
|
|
|
|
|
|
|
|
<a name="insertmemberbodyreqcrosspartition"></a>
|
|
|
### InsertMemberBodyReqCrossPartition
|
|
|
InsertMemberBodyReqCrossPartition is the message format of the member. Email must be user group which has prefix 'users.'
|
|
|
|
|
|
|
|
|
|Name|Description|Schema|
|
|
|
|---|---|---|
|
|
|
|**email** <br>*optional*|**Example** : `"users@common.domain.com"`|string|
|
|
|
|**role** <br>*optional*|**Example** : `"MEMBER"`|enum (OWNER, MEMBER)|
|
|
|
|
|
|
|
|
|
<a name="memberlist"></a>
|
|
|
### MemberList
|
|
|
MemberList contains a list of members.
|
|
|
|
|
|
|
|
|
|Name|Schema|
|
|
|
|---|---|
|
|
|
|**members** <br>*optional*|< [MemberResBody](#memberresbody) > array|
|
|
|
|
|
|
|
|
|
<a name="memberresbody"></a>
|
|
|
### MemberResBody
|
|
|
MemberResBody is the body of the MemberRes response.
|
|
|
|
|
|
|
|
|
|Name|Description|Schema|
|
|
|
|---|---|---|
|
|
|
|**email** <br>*optional*|Email of the member.|string|
|
|
|
|**role** <br>*optional*|Role of the member in the group.|string|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<a name="securityscheme"></a>
|
|
|
## Security
|
|
|
|
|
|
<a name="bearer"></a>
|
|
|
### bearer
|
|
|
*Type* : apiKey
|
|
|
*Name* : Authorization
|
|
|
*In* : HEADER
|
|
|
|
|
|
|
|
|
<a name="appkey"></a>
|
|
|
### appkey
|
|
|
*Type* : apiKey
|
|
|
*Name* : appkey
|
|
|
*In* : HEADER
|
|
|
|
|
|
|
|
|
|