GET /permitted/<object-type>/<action>/<uuid>

For a specific object_type and action, get a list of instance IDs that the specific user (identified by UUID) is permitted to take the specified action on. Authentication is required.

Request format

When Forming RBAC API requests to this endpoint, the URI path must include the name of an object_type, an applicable action for that object type, and a user's UUID. For example, this request checks if a specific user can take the view action on node groups:

curl "https://$(puppet config print server):4433/rbac-api/v1/permitted/node_groups/view/42bf351c-e976fec7f4bd" \
-H "X-Authentication:$(puppet-access show)"

Response format

A valid request returns 200 OK and an array of instance IDs that the specified user is permitted to perform the supplied action on. For example, this response has one instance:

["00000000-0000-4000-8000-000000000000"]

If the user does not have permission to act on any instance, an empty array is returned.

Error responses

Returns 404 Not Found if:

• The supplied object_type does not map to a known object_type. Make sure your request used the type's system name, not the display name. System names are listed in Reference: User permissions and names.
• The supplied action does not exist for the given object_type. You can use the GET /types endpoint to get a list of actions for each object_type.
• The uuid does not map to a known user.

For other errors, refer to RBAC service errors .