Security rule audit: Get audit rules

Note: LOCKED.
This API is extremely reliable and will not be broken unless absolutely necessary.

Method

POST

Path

/qrs/systemrule/security/audit

Description

Perform an audit of the access control system. The results of the audit include:

  • Information on all security rules
  • Descriptions of the access provided by each security rule
  • If there are any errors when evaluating the rules based on resource type, a selection of users, and a selection of resources

Body

AuditParameters:

{ "resourceType": "type [string]", "resourceFilter": "resource filter [string]", "userFilter": "user filter [string]", "environmentAttributes": "type1=value1;type2=value2 [string]" "userSkip": "count [integer]", "userTake": "count [integer]", "resourceSkip": "count [integer]", "resourceTake": "count [integer]" "includeNonGrantingRules": "type [bool]", }

The environmentAttributes type is one (or several, separated by “;”) of the following:

  • OS
  • Device
  • Browser
  • RequestType
  • IP

Return value

Note: The audit results for all objects are returned, not just for the objects that the auditor has access to. For each object, the name and GUID are returned.

AuditResult:

{ "users": { "[GUID]": { // A user object "userId": "…", "userDirectory": "…", "name": "…", … }, "[GUID]": { … } }, "resources": { "[GUID]": { // An object of arbitrary type "…", }, "[GUID]": { … } }, "rules": { "[GUID]": { // Security rule object "type": "…", "name": "…", "rule": "…", "resourceFilter": "…", … }, "[GUID]": { … } }, "ruleApplication": [ { "userID": "[GUID]", "resourceID": "[GUID]", "ruleID": "[GUID]", "allowed": boolean, "errorAt": integer, "errorMessage": "…", "evaluationState": "evaluated/parsefailure/evaluationfailure" }, { … } ] }

Optional parameters

-

Did this information help you?

Can you tell us why it did not help you and how we can improve it?