This is an Access Control List for the user scope.
An ACL entry defines a permission (verb) granted or revoked for a subject over a resource. The permission is rejected by default, so you need to add ACL entries for granting accesses to Kii Cloud and your resources.
An ACL entry is composed of a resource, a subject, and a verb.
Subject: A subject can be either a user, a thing, or a group. Also, the following two "Special Users" can be set as a subject:
- ANONYMOUS_USER: Represent all users who are accessing anonymously. This user cannot be used for topics.
- ANY_AUTHENTICATED_USER: Represent any users who are authenticated.
Verb: These are the available verbs for an user scope:
- CREATE_NEW_BUCKET: Create a new bucket in the user scope.
- CREATE_NEW_TOPIC: Create a new topic in the user scope.
Request Headers (Applies to all methods)
GET
/api/apps/{appID}/users/{accountType}:{address}/acl
Retrieve all ACL entries.
The administrator can always perform this action.
For other users, actors who can perform this action depends on the target resource:
- User scope: the user.
- Group scope: the group owner.
- Thing scope: the thing or a thing owner.
- Bucket: the scope owner.
- Object: the scope owner and the object owner.
- Topic: the scope owner and the topic creator.
Content-Type application/vnd.kii.ACLRetrievalResponse+json
Name | Type | Description |
---|---|---|
CREATE_NEW_BUCKET | ACLSubject | Permitted subjects to create new buckets. |
An array of subjects to whom this action is permitted. Each subject is represented by a JSON object with the format `{ "userID": "{PERMITTED USER ID}" }` for the user permission or `{ "groupID": "{PERMITTED GROUP ID}" }` for the group permission. | ||
CREATE_NEW_TOPIC | ACLSubject | Permitted subjects to create new topics. |
An array of subjects to whom this action is permitted. Each subject is represented by a JSON object with the format `{ "userID": "{PERMITTED USER ID}" }` for the user permission or `{ "groupID": "{PERMITTED GROUP ID}" }` for the group permission. | ||
QUERY_OBJECTS_IN_BUCKET | ACLSubject | Permitted subjects to query objects in this bucket. |
An array of subjects to whom this action is permitted. Each subject is represented by a JSON object with the format `{ "userID": "{PERMITTED USER ID}" }` for the user permission or `{ "groupID": "{PERMITTED GROUP ID}" }` for the group permission. | ||
READ_OBJECTS_IN_BUCKET | ACLSubject | Permitted subjects to read the content of the objects in this bucket. |
An array of subjects to whom this action is permitted. Each subject is represented by a JSON object with the format `{ "userID": "{PERMITTED USER ID}" }` for the user permission or `{ "groupID": "{PERMITTED GROUP ID}" }` for the group permission. | ||
CREATE_OBJECTS_IN_BUCKET | ACLSubject | Permitted subjects to create objects in this bucket. |
An array of subjects to whom this action is permitted. Each subject is represented by a JSON object with the format `{ "userID": "{PERMITTED USER ID}" }` for the user permission or `{ "groupID": "{PERMITTED GROUP ID}" }` for the group permission. | ||
DROP_BUCKET_WITH_ALL_CONTENT | ACLSubject | Permitted subjects to drop this bucket with all contents. |
An array of subjects to whom this action is permitted. Each subject is represented by a JSON object with the format `{ "userID": "{PERMITTED USER ID}" }` for the user permission or `{ "groupID": "{PERMITTED GROUP ID}" }` for the group permission. | ||
READ_EXISTING_OBJECT | ACLSubject | Permitted subjects to read existing objects. |
An array of subjects to whom this action is permitted. Each subject is represented by a JSON object with the format `{ "userID": "{PERMITTED USER ID}" }` for the user permission or `{ "groupID": "{PERMITTED GROUP ID}" }` for the group permission. | ||
WRITE_EXISTING_OBJECT | ACLSubject | Permitted subjects to write and update existing objects. |
An array of subjects to whom this action is permitted. Each subject is represented by a JSON object with the format `{ "userID": "{PERMITTED USER ID}" }` for the user permission or `{ "groupID": "{PERMITTED GROUP ID}" }` for the group permission. | ||
SUBSCRIBE_TO_TOPIC | ACLSubject | Permitted subjects to subscribe to this topic. |
An array of subjects to whom this action is permitted. Each subject is represented by a JSON object with the format `{ "userID": "{PERMITTED USER ID}" }` for the user permission or `{ "groupID": "{PERMITTED GROUP ID}" }` for the group permission. | ||
SEND_MESSAGE_TO_TOPIC | ACLSubject | Permitted subjects to send messages to this topic. |
An array of subjects to whom this action is permitted. Each subject is represented by a JSON object with the format `{ "userID": "{PERMITTED USER ID}" }` for the user permission or `{ "groupID": "{PERMITTED GROUP ID}" }` for the group permission. |
Content-Type application/vnd.kii.UserNotFoundException+json
Name | Type | Description |
---|---|---|
errorCode | string | Error code "USER_NOT_FOUND". |
message | string | The error message. |
field | string | The field used for searching the user. This can be the userID or address field. |
value | string | The field value used for searching the user. |
appID | string | The ID of the application. |
Content-Type application/vnd.kii.UnauthorizedAccessException+json
Name | Type | Description |
---|---|---|
errorCode | string | Error code "UNAUTHORIZED". |
message | string | The error message. |
authenticatedAppID | string | The authenticated appID. |
authenticatedPrincipalID | string | The authenticated principal ID (userID or thingID). |