The security end points are only accessible by users that belong to the admin group.
This end point returns configured security groups.
HTTP Operation: GET
Path: /resources/admin/security/groups
This end point returns all security permissions.
HTTP Operation: GET
Path: /resources/admin/security/permissions
This end point returns access levels.
HTTP Operation: GET
Path: /resources/admin/security/accessLevels
This end point returns the security configuration for a schema.
HTTP Operation: GET
Path: /resources/admin/security/config/{schemaName}
This end point returns all security configurations.
HTTP Operation: GET
Path: /resources/admin/security/config
This end point returns all table level securities for a schema.
HTTP Operation: GET
Path: /resources/admin/security/table/{schemaName}
This end point returns table level security for a table in a schema.
HTTP Operation: GET
Path: /resources/admin/security/table/{schemaName}/{tableName}
This end point returns table level security for a table and group.
HTTP Operation: GET
Path: /resources/admin/security/table/{schemaName}/{tableName}/{groupName}
This end point returns column level security for a table and group.
HTTP Operation: GET
Path: /resources/admin/security/column/{schemaName}/{tableName}/{groupName}
This end point returns row level security for a table, group, and access level.
HTTP Operation: GET
Path: /resources/admin/security/row/{schemaName}/{tableName}/{groupName}/{accessLevel}
This end point creates an access level.
HTTP Operation: PUT
Path: /resources/admin/security/accessLevel
Sample Input
{ "accessLevelName":"testAccessLevel", "accessLevelPermissionVoList: [ "securityPermission":"DataCreatePermission" ] }
This end point updates an access level.
HTTP Operation: POST
Path: /resources/admin/security/accessLevel
Sample Input
{ "accessLevelName":"testAccessLevel", "accessLevelPermissionVoList: [ "securityPermission":"DataCreatePermission" "securityPermission":"DataDeletePermission" ] }
This end point deletes an access level.
HTTP Operation: DELETE
Path: /resources/admin/security/accessLevel/{accessLevelName}
This end point creates table level security.
HTTP Operation: PUT
Path: /resources/admin/security/table
Sample Input
{ "schemaName":"testSchema", "tableName":"TEST", "securityGroup":"DDSMonitorGroup", "accessLevelVo": { "accessLevelName":"testAccessLevel" } }
This end point creates table level securities.
HTTP Operation: PUT
Path: /resources/admin/security/tables
Sample Input
{ "tableLevelSecurityVoList": [ { "schemaName":"testSchema", "tableName":"TEST", "securityGroup":"DDSMonitorGroup", "accessLevelVo": { "accessLevelName":"testAccessLevel" } } ] }
This end point updates table level security.
HTTP Operation: POST
Path: /resources/admin/security/table
Sample Input
{ "schemaName":"testSchema", "tableName":"TEST", "securityGroup":"DDSMonitorGroup", "accessLevelVo": { "accessLevelName":"monitorAccessLevel" } }
This end point updates table level securities.
HTTP Operation: POST
Path: /resources/admin/security/tables
Sample Input
{ "tableLevelSecurityVoList": [ { "schemaName":"testSchema", "tableName":"TEST", "securityGroup":"DDSMonitorGroup", "accessLevelVo": { "accessLevelName":"monitorAccessLevel" } } ] }
This end point deletes table level security.
HTTP Operation: DELETE
Path: /resources/admin/security/table
Sample Input
{ "schemaName":"testSchema", "tableName":"TEST", "securityGroup":"DDSMonitorGroup", "accessLevelVo": { "accessLevelName":"testAccessLevel" } }
This end point deletes table level security by id.
HTTP Operation: DELETE
Path: /resources/admin/security/table/{id}
This end point deletes table level securities.
HTTP Operation: DELETE
Path: /resources/admin/security/table/bulk/{schemaName}?keys=<keys>&keyType=<keyType>
Valid KeyType values: table, securityGroup, accessLevel
If keyType is table, then a list of comma separated table names needs to be provided in the keys query parameter.
If keyType is securityGroup, then a list of comma separated security groups needs to be provided in the keys query parameter.
If keyType is accessLevel, then a list of comma separated access levels need to be provided in the keys query parameter.
This end point creates column level security.
HTTP Operation: PUT
Path: /resources/admin/security/column
Valid Column Permission Type values: ALLOW, DONT_ALLOW, MASK
Sample Input
{ "columnName":"testColumn", "columnPermissionType":"ALLOW", "securityGroup":"DDSOperatorGroup", "tableLevelSecurityVo": { "schemaName":"testSchema", "tableName":"TEST", "securityGroup":"DDSOperatorGroup", "accessLevelVo": { "accessLevelName":"testAccessLevel" } } }
This end point updates column level security.
HTTP Operation: POST
Path: /resources/admin/security/column
Valid Column Permission Type values: ALLOW, DONT_ALLOW, MASK
Sample Input
{ "columnName":"testColumn", "columnPermissionType":"MASK", "securityGroup":"DDSOperatorGroup", "tableLevelSecurityVo": { "schemaName":"testSchema", "tableName":"TEST", "securityGroup":"DDSOperatorGroup", "accessLevelVo": { "accessLevelName":"testAccessLevel" } } }
This end point deletes column level security.
HTTP Operation: DELETE
Path: /resources/admin/security/column
Sample Input
{ "columnName":"testColumn", "tableLevelSecurityVo": { "schemaName":"testSchema", "tableName":"TEST", "securityGroup":"DDSOperatorGroup", "accessLevelVo": { "accessLevelName":"testAccessLevel" } } }
This end point creates data security configuration.
HTTP Operation: PUT
Path: /resources/admin/security/config
Valid values for security type: WHITELIST, BLACKLIST
WHITELIST allows access only if security is setup (Table level security)
BLACKLIST denies access to entities (such as column level security) if it is set up and allows others.
Sample Input
{ "schemaName":"testSchema", "enableSecurity":"true", "tableLevelSecurityType":"WHITELIST", "columnLevelSecurityType":"BLACKLIST" }
This end point updates the data security configuration.
HTTP Operation: POST
Path: /resources/admin/security/config
Valid values for security type: WHITELIST, BLACKLIST
WHITELIST allows access only if security is setup (such as Table level security)
BLACKLIST denies access to entities (such as column level security) if it is set up and allows others.
Sample Input
{ "schemaName":"testSchema", "enableSecurity":"false", "tableLevelSecurityType":"WHITELIST", "columnLevelSecurityType":"BLACKLIST" }
This end point deletes the data security configuration for a schema.
HTTP Operation: DELETE
Path: /resources/admin/security/config/{schemaName}
This end point creates a security group.
HTTP Operation: PUT
Path: /resources/admin/security/groups
Sample Input
{ "groupName":"DDSAdminGroup", }
This end point deletes a security group.
HTTP Operation: DELETE
Path: /resources/admin/security/groups/{groupName}
This end point creates row level security.
Row level security can be enforced if there are user and group columns in the table.
HTTP Operation: PUT
Path: /resources/admin/security/row
Sample Input
{ "enableRowAccesss":"true", "userColumnName":"USER", "groupColumnName":"GROUP", "tableLevelSecurityVo": { "schemaName":"testSchema", "tableName":"TEST", "securityGroup":"DDSOperatorGroup", "accessLevelVo": { "accessLevelName":"testAccessLevel" } } }
This end point updates row level security for a table.
HTTP Operation: POST
Path: /resources/admin/security/row
Sample Input
{ "enableRowAccesss":"false", "tableLevelSecurityVo": { "schemaName":"testSchema", "tableName":"TEST", "securityGroup":"DDSOperatorGroup", "accessLevelVo": { "accessLevelName":"testAccessLevel" } } }
This end point deletes row level security.
HTTP Operation: DELETE
Path: /resources/admin/security/row/{schemaName}/{tableName}/{securityGroup}/{accessLevelName}
This end point creates default security setup for all tables in a schema. It creates the following.
Security Groups - DdsAdminGroup, DdsOperatorGroup, DdsMonitorGroup
Access Levels - DdsAdminAccessLevel, DdsOperatorAccessLevel, DdsMonitorAccessLevel
DdsAdminAccessLevel has permissions to all operations.
DDSOperatorAccessLevel has permissions to all operations except DataSecuritySetupPermission
DDSMonitorAccessLevel has permissions to read only operations
HTTP Operation: PUT
Path: /resources/admin/security/setup/{schemaName}