Current user permission queries#
These endpoints are useful to check which customers and permissions are available for the current user, as well as query for current user group membership.
For 3rd party applications, integrated via OAuth2, these endpoints may
be used to query about the permissions of the user the session belongs
to.
This is useful to utilize the Argus permission system to query for
customers, permissions and roles if they should also apply for the 3rd
party application.
List customers available in session#
Invoking the session customers endpoint, lists all customers which are available to the current user (in the current session):
curl -XGET -H"Argus-API-Key: my/api/key" https://api.mnemonic.no/currentuser/v1/customers?keyword=test&limit=10
The response contains a list of “Customer Info” objects, each with the id, shortname and name of the customer.
Using the keyword
parameter, the result will be filtered to customers
where the name
or shortname
matches the keywords.
This is useful for autocompleters.
“Available customers” only means that the customer is somehow visible in the current session. The current user/session may have different permissions for each customer, so there is no guarantee that all customers returned are usable for specific operations.
To check for specific permissions, see the “permission” endpoint below
List groups which the current user is member of#
This endpoint lists all groups which the current user is member of.
Using the includeAncestors=true
option will also include ancestor
groups, i.e. groups which the current user is not direct member of, but
is a transitive member:
curl -XGET -H"Argus-API-Key: my/api/key" https://api.mnemonic.no/currentuser/v1/groups?includeAncestors=true
List functions available in session#
Invoking the session functions endpoint, lists all functions which are available to the current user (in the current session):
curl -XGET -H"Argus-API-Key: my/api/key" https://api.mnemonic.no/currentuser/v1/functions?onlyRoles=true&keywords=test
“Available functions” only means that the function is somehow visible in
the current session.
To know if a user has permission to a specific function for a specific
customer, use the “permission” endpoint below.
Secondly note, that users that have the viewAllFunctions
permission
will have access to list ALL functions in the system, even if the user
does not have any permission granted for that function.
Also note that “available functions” only shows functions which are
valid with the security level of the current session.
Functions requiring higher security level than the current session, will
not be visible.
Check for specific permission#
To check if the current session is granted permission for a specific function, for a specific customer, use the permission endpoint:
curl -XGET -H"Argus-API-Key: my/api/key" https://api.mnemonic.no/currentuser/v1/permission/myfunction/mycustomer
Endpoint will return 200 OK
if the current user is permitted the
function for the specified customer, or 403 Unauthorized
if not
permitted.
The permissions endpoint will respect the security level of the current session.