GET /permitted/<object-type>/<action>

For a specific object_type and action, get a list of instance IDs that the current authenticated user is permitted to take the specified action on. Authentication is required.

Request format

When Forming RBAC API requests to this endpoint, the URI path must include the name of an object_type and applicable action for that object type. For example, this request refers to the node_groups type and the view action:

curl "https://$(puppet config print server):4433/rbac-api/v1/permitted/node_groups/view" \
-H "X-Authentication:$(puppet-access show)"

This endpoint checks permissions for the current authenticated user. If you want to check permissions for another user, use the GET /permitted/<object-type>/<action>/<uuid> endpoint.

Response format

A valid request returns 200 OK and an array of instance IDs that the authenticated user is permitted to perform the supplied action on. For example, this response has one instance:

["00000000-0000-4000-8000-000000000000"]

If the user does not have permission to act on any instance, an empty array is returned.

Error responses

Returns 404 Not Found if:

The supplied object_type does not map to a known object_type. Make sure your request used the type's system name, not the display name. System names are listed in Reference: User permissions and names.
The supplied action does not exist for the given object_type. You can use the GET /types endpoint to get a list of actions for each object_type.

For other errors, refer to RBAC service errors .