Page tree
Skip to end of metadata
Go to start of metadata

The operations shown here are used to set, list, or update your permissions policies through the Treasure Data REST API. You might not see the same behavior if your administrator has not enabled granular permissions for authentication. Contact your Customer Support Engineer to upgrade to the latest version.


API CallDescription

GET /v3/access_control/policies

Retrieves a list of policies.

POST /v3/access_control/policies

Creates a policy.

GET /v3/access_control/policies/:policy_id

Retrieve information about a policy.

PATCH /v3/access_control/policies/:policy_id

Update information related to a policy.

DELETE /v3/access_control/policies/:policy_id

Delete a policy.

GET /v3/access_control/users/:user_id/policies

List policies per user.

PATCH /v3/access_control/users/:user_id/policies

Update a user’s policies.

POST /v3/access_control/users/:user_id/policies/:policy_id

Attach a policy to a user.

DELETE /v3/access_control/users/:user_id/policies/:policy_id

Delete a user’s policies.

POST /v3/access_control/policies/:policy_id/users/:user_id

Attach a user to a specific policy.

DELETE /v3/access_control/policies/:policy_id/users/:user_id

Detach a user from policies.

GET /v3/access_control/permissions

List all permissions.

GET /v3/access_control/policies/:policy_id/permissions

List the permissions for a specific policy.

PATCH /v3/access_control/policies/:policy_id/permissions

Update the permissions for a specific policy.

GET /v3/access_control/policies/:policy_id/users

Retrieve a list of users and their permissions.

GET /v3/access_control/users/:user_id

Retrieve a specific user by ID.

PATCH /v3/access_control/users/:user_id/permissions

Update permissions for a specific user.

GET /v3/access_control/policies/:policy_id/users

Retrieve a list of users associated with a specific policy.

PATCH /v3/access_control/policies/:policy_id/users

Update a list of users associated with a specific policy.

GET /v3/access_control/policies/{policy_id}/column_permissions

Retrieve information related to a column-level access control policy. 

GET /v3/access_control/policies?column_permissions_tag={tag}

Retrieve information related to policies that contain column tags.

PATCH /v3/access_control/policies/{policy_id}/column_permissions

Update information related to a column-level access control policy. 

GET /v3/access_control/policies

Retrieves a list of policies.

HTTP Verb

Resource

Description

GET

/v3/access_control/policies

Gets a list of policies

Request Body

Property Name

Value

Description

policy

object

Name of the policy

Sample Response  

Status: 200 OK

[
  {
    "id": 67,
    "account_id": 123,
    "name": "some_policy",
    "description": "written about the policy",
    "user_count": 3
  }
]

POST /v3/access_control/policies

Creates a policy.

HTTP Verb

Resource

Description

POST

/v3/access_control/policies

Creates a policy

URI Parameters

Parameter Name

Required

Type

Description

policy

Yes

object

Example:

{"policy": { "name": "name of policy", "description": "Description of policy" }

name

Yes

string

Policy's name

description


string

Policy's description

Sample Request

{
  "policy": {
    "name": "some_policy",
    "description": "written about the policy"
  }
}

Sample Response

Status: 200 OK

{
  "id": 67,
  "account_id": 123,
  "name": "some_policy",
  "description": "written about the policy",
  "user_count": 3
}

GET /v3/access_control/policies/:policy_id

Retrieve information about a policy.

HTTP Verb

Resource

Description

GET

/v3/access_control/policies/:policy_id

Gets a specific policy

URI Parameters

Parameter Name

Required

Type

Description

policy_id

Yes

Integer

AccessControlPolicyId

Example: 67

Sample Response

Status: 200 OK

{
  "id": 67,
  "account_id": 123,
  "name": "some_policy",
  "description": "written about the policy",
  "user_count": 3
}

PATCH /access_control/policies/:policy_id

Update information related to a policy.

HTTP Verb

Resource

Description

PATCH

/v3/access_control/policies/:policy_id

Updates a specific policy

URI Parameters

Parameter Name

Required

Type

Description

policy_id

Yes

Integer

AccessControlPolicyId

Example: 67

policy

Yes

Object

TBD

Request Body

Property Name

Value

Description

policy

object

Name of the policy

Sample Request

{
  "policy": {
    "name": "some_policy",
    "description": "written about the policy"
  }
}

Sample Response

Status: 200 OK

{
  "id": 67,
  "account_id": 123,
  "name": "some_policy",
  "description": "written about the policy",
  "user_count": 3
}

DELETE /v3/access_control/policies/:policy_id

Delete a policy.

HTTP Verb

Resource

Description

DELETE

/v3/access_control/policies/:policy_id

Deletes a specific policy

URI Parameters

Parameter Name

Required

Type

Description

policy_id

Yes

Integer

AccessControlPolicyId

Example: 67

Sample Response

{
  "id": 67,
  "account_id": 123,
  "name": "some_policy",
  "description": "written about the policy",
  "user_count": 3
}

GET /v3/access_control/users/:user_id/policies

List policies per user.

HTTP Verb

Resouce

Description

GET

/v3/access_control/users/:user_id/policies

Gets a list of policies by user

URI Parameters

Parameter Name

Required

Type

Description

user_id

Yes

integer

UserId

Example: 123

Sample Response

Status: 200 OK

[
  {
    "id": 67,
    "account_id": 123,
    "name": "some_policy",
    "description": "written about the policy",
    "user_count": 3
  }
]

PATCH /v3/access_control/users/:user_id/policies

Update a user’s policies.

HTTP Verb

Resource

Description

PATCH

/v3/access_control/users/:user_id/policies

Updates a user’s policies

URI Parameters

Parameter Name

Required

Type

Description

user_id

Yes

integer

UserId

Example: 123

Request Body

Property Name

Value

Description

policy_ids

array of string

List of policies

Sample Request

{
  "policy_ids": [
    "1",
    "2",
    "42"
  ]
}

Sample Response

Status: 200 OK

[
  {
    "id": 67,
    "account_id": 123,
    "name": "some_policy",
    "description": "written about the policy",
    "user_count": 3
  }
]

POST /v3/access_control/users/:user_id/policies/:policy_id

Attach a policy to a user.

HTTP Verb

Resource

Description

POST

/v3/access_control/users/:user_id/policies/:policy_id

Attaches a policy to a user

URI Parameters

Parameter Name

Required

Type

Description

user_id

Yes

integer

UserId

Example: 123

policy_id

Yes

integer

Example: 67

Sample Response

Status: 200 OK

{
  "id": 67,
  "account_id": 123,
  "name": "some_policy",
  "description": "written about the policy",
  "user_count": 3
}

DELETE /v3/access_control/users/:user_id/policies/:policy_id

Delete a user’s policies.

HTTP Verb

Resource

Description

DELETE

/v3/access_control/users/:user_id/policies/:policy_id

Deletes a user’s policies

URI Parameters

Parameter Name

Required

Type

Description

user_id

Yes

integer

UserId

Example: 123

policy_id

Yes

integer

Example: 67

Sample Response

{
  "id": 67,
  "account_id": 123,
  "name": "some_policy",
  "description": "written about the policy",
  "user_count": 3
}

POST /v3/access_control/policies/:policy_id/users/:user_id

Attach a user to a specific policy.

HTTP Verb

Resource

Description

POST

/v3/access_control/policies/:policy_id/users/:user_id

Attaches a user to a policy.

URI Parameters

Parameter Name

Required

Type

Description

policy_id

Yes

integer

AccessControlPolicyId

Example: 67

user_id

Yes

Integer

Userid

Example: 123

Sample Response

Status: 200 OK

{
  "id": 67,
  "account_id": 123,
  "name": "some_policy",
  "description": "written about the policy",
  "user_count": 3
}

DELETE /v3/access_control/policies/:policy_id/users/:user_id

Detach a user from a specific policy.

HTTP Verb

Resource

Description

DELETE

/v3/access_control/policies/:policy_id/users/:user_id

Deletes a user from a policy

URI Parameters

Parameter Name

Required

Type

Description

policy_id

Yes

integer

AccessControlPolicyId

Example: 67

user_id

Yes

Integer

Userid

Example: 123

Sample Response

Status: 200 OK

{
  "id": 67,
  "account_id": 123,
  "name": "some_policy",
  "description": "written about the policy",
  "user_count": 3
}

GET /v3/access_control/permissions

List all permissions.

HTTP Verb

Resource

Description

GET

/v3/access_control/permissions

Lists all permissions

Sample Response

Status: 200 OK

[
  {
    "id": 0,
    "permission_set_id": 0,
    "resource_type": "string",
    "filter_expression": "string",
    "filter_operator": "string",
    "filter_value": "string",
    "can_create": true,
    "can_read": true,
    "can_update": true,
    "can_delete": true,
    "can_execute": true,
    "custom_operation": "string"
  }
]

GET /v3/access_control/policies/:policy_id/permissions

List the permissions for a specific policy.

HTTP Verb

Resource

Description

GET

/v3/access_control/policies/:policy_id/permissions

Lists permissions for a policy

Parameter Name

Required

Type

Description

policy_id

Yes

integer

AccessControlPolicyId

Example: 67

Sample Response

Status: 200 OK

{
  "WorkflowProject": [
    {
      "operation": "view"
    }
  ],
  "WorkflowProjectLevel": [
    {
      "operation": "view",
      "name": "my_wf"
    }
  ],
  "Segmentation": [
    {
      "operation": "full"
    }
  ],
  "MasterSegmentConfigs": [
    {
      "operation": "view"
    }
  ],
  "MasterSegmentConfig": [
    {
      "operation": "view",
      "id": "42"
    }
  ],
  "SegmentAllFolders": [
    {
      "operation": "view",
      "audience_id": "42"
    }
  ],
  "SegmentFolder": [
    {
      "operation": "view",
      "id": "42"
    }
  ],
  "Authentications": [
    {
      "operation": "use"
    }
  ],
  "Sources": [
    {
      "operation": "restricted"
    }
  ],
  "Destinations": [
    {
      "operation": "restricted"
    }
  ]
}

PATCH /v3/access_control/policies/:policy_id/permissions

Update the permissions for a specific policy.

HTTP Verb

Resource

Description

PATCH

/v3/access_control/policies/:policy_id/permission

Updates permissions for a policy

URI Parameter

Parameter Name

Required

Type

Description

policy_id

Yes

integer

AccessControlPolicyId

Example: 67

Available Body Request Fields

Parameter Name

Value

Description

Example

WorkflowProject

Array of object

Designates "view", "run", or "edit" access to all workflows.

Example:

operation (string)

enum: "view" "run" "edit"

name (string)

WorkflowProjectLevel

Array of object

Designates "view", "run", or "edit" access to a specific workflow project.

Example:

operation (string)

enum: "view" "run" "edit"

name (string)

Segmentation

Array of object

Grants "full" access to all segmentations.

Example:

operation (string)

value: "full"

MasterSegmentConfigs

Array of object

Grants "view" or "edit" access to all master segment configs, or "full" access to all CDP generated workflows.

Example:

operation (string)

enum: "view" "edit"

MasterSegmentConfig

Array of object

Grants "view" or "edit" access to specific master segment config, or "full" access to specific CDP generated workflows.

Example:

operation (string)

enum: "view" "edit"

id (string)

SegmentAllFolders

Array of object

Grants "view" or "edit" access to all segment folders.

Example:

operation (string)

enum: "view" "edit"

audience_id (string)

SegmentFolder

Array of object

Grants "view" or "edit" access to a specific segment folder.

Example:

operation (string)

enum: "view" "edit"

id (string)

Databases

Array of object

Grants “manage” access to all databases.

Grants “owner_manage” access to owned databases.

Grants “edit”, “query” and “import” to access specific databases with “ids”.

Grants “download” to allow downloads of databases that have read permissions.

Example:

operation (string)

enum: “manage” “owner_manage” “edit” “query” “import”

ids: (string, required when operation is “edit” “query” “import”)

“1,2,3”

Authentications

Array of object

Grants "use" or "full" access to all authentications. Where "use" designates permissions to view authentications.

Example:

 operation (string)
    enum: "use" "full" "owner_manage" "use_limited"   ## Order is up to you
  ids (string, required when `operation` is "use_limited")
    "1, 2, 3"

Sources

Array of object

Sets "restricted" access to all sources.

Example: Describes what authority you have (only one type may be selected)

Example: 
  operation (string)
    enum: "restricted"   

Destinations

Array of object

Grants "restricted" access to using destinations for result export.

Example: 
  operation (string)
    enum: "restricted"

Sample Request

{
    "Authentications": [
        {
            "operation": "full"
        }
    ],
    "Sources": [
        {
            "operation": "restricted"
        }
    ],
    "Destinations": [
        {
            "operation": "restricted"
        }
    ]
}

Sample Response

Status: 200 OK

{
    "Authentications": [
        {
            "operation": "full"
        }
    ],
    "Sources": [
        {
            "operation": "restricted"
        }
    ],
    "Destinations": [
        {
            "operation": "restricted"
        }
    ]
}

GET /v3/access_control/users

Retrieve a list of users and their permissions.

HTTP Verb

Resource

Description

GET

/v3/access_control/users

Gets a list of users and their permissions

Sample Response

Status: 200 OK

[
  {
    "user_id": 123,
    "account_id": 123,
    "permissions": {
      "WorkflowProject": [
        {
          "operation": "view"
        }
      ],
      "WorkflowProjectLevel": [
        {
          "operation": "view",
          "name": "my_wf"
        }
      ],
      "Segmentation": [
        {
          "operation": "full"
        }
      ],
      "MasterSegmentConfigs": [
        {
          "operation": "view"
        }
      ],
      "MasterSegmentConfig": [
        {
          "operation": "view",
          "id": "42"
        }
      ],
      "SegmentAllFolders": [
        {
          "operation": "view",
          "audience_id": "42"
        }
      ],
      "SegmentFolder": [
        {
          "operation": "view",
          "id": "42"
        }
      ],
      "Authentications": [
        {
          "operation": "use"
        }
      ],
      "Sources": [
        {
          "operation": "restricted"
        }
      ],
      "Destinations": [
        {
          "operation": "restricted"
        }
      ]
    },
    "policies": [
      {
        "id": 67,
        "account_id": 123,
        "name": "some_policy",
        "description": "written about the policy",
        "user_count": 3
      }
    ]
  }
]

GET /v3/access_control/users/:user_id

Retrieve a specific user by ID.

HTTP Verb

Resource

Description

GET

/v3/access_control/users/:user_id

Gets a user

URI Parameter

Parameter Name

Required

Type

Description

policy_id

Yes

integer

AccessControlPolicyId

Example: 67

Sample Response

Status: 200 OK

{
  "user_id": 123,
  "account_id": 123,
  "permissions": {
    "WorkflowProject": [
      {
        "operation": "view"
      }
    ],
    "WorkflowProjectLevel": [
      {
        "operation": "view",
        "name": "my_wf"
      }
    ],
    "Segmentation": [
      {
        "operation": "full"
      }
    ],
    "MasterSegmentConfigs": [
      {
        "operation": "view"
      }
    ],
    "MasterSegmentConfig": [
      {
        "operation": "view",
        "id": "42"
      }
    ],
    "SegmentAllFolders": [
      {
        "operation": "view",
        "audience_id": "42"
      }
    ],
    "SegmentFolder": [
      {
        "operation": "view",
        "id": "42"
      }
    ],
    "Authentications": [
      {
        "operation": "use"
      }
    ],
    "Sources": [
      {
        "operation": "restricted"
      }
    ],
    "Destinations": [
      {
        "operation": "restricted"
      }
    ]
  },
  "policies": [
    {
      "id": 67,
      "account_id": 123,
      "name": "some_policy",
      "description": "written about the policy",
      "user_count": 3
    }
  ]
}

PATCH /v3/access_control/users/:user_id/permissions

Update permissions for a specific user.

HTTP Verb

Resource

Description

PATCH

/v3/access_control/users/:user_id/permissions

Updates permissions

URI Parameters

Parameter Name

Required

Type

Description

user_id

Yes

Integer

Userid

Example: 123

Request Body

Property Name

Value

Description

WorkflowProject

array of object

Example:

operation (string)

enum:"view" "run" "edit"

property name (any)

WorkflowProjectLevel

array of object

Example:

operation (string)

enum:"view" "run" "edit"

name (string)

property name (any)

Sample Request

{
  "WorkflowProject": [
    {
      "operation": "view"
    }
  ],
  "WorkflowProjectLevel": [
    {
      "operation": "view",
      "name": "my_wf"
    }
  ]
}

Sample Response

Status: 200 OK

{
  "user_id": 123,
  "permissions": {
    "WorkflowProject": [
      {
        "operation": "view"
      }
    ],
    "WorkflowProjectLevel": [
      {
        "operation": "view",
        "name": "my_wf"
      }
    ],
    "Segmentation": [
      {
        "operation": "full"
      }
    ],
    "MasterSegmentConfigs": [
      {
        "operation": "view"
      }
    ],
    "MasterSegmentConfig": [
      {
        "operation": "view",
        "id": "42"
      }
    ],
    "SegmentAllFolders": [
      {
        "operation": "view",
        "audience_id": "42"
      }
    ],
    "SegmentFolder": [
      {
        "operation": "view",
        "id": "42"
      }
    ],
    "Authentications": [
      {
        "operation": "use"
      }
    ],
    "Sources": [
      {
        "operation": "restricted"
      }
    ],
    "Destinations": [
      {
        "operation": "restricted"
      }
    ]
  }
}

GET /v3/access_control/policies/:policy_id/users

Retrieve a list of users associated with a specific policy.

HTTP Verb

Resource

Description

GET

/v3/access_control/policies/:policy_id/users

Gets a list of users of a policy

URI Parameters

Parameter Name

Required

Type

Description

policy_id

Yes

integer

AccessControlPolicyId

Example: 67

Sample Response

Status: 200 OK

[
  {
    "user_id": 123,
    "account_id": 123,
    "email": "jake@gmail.com",
    "name": "Jake Becker"
  }
]

PATCH /v3/access_control/policies/:policy_id/users

Update a list of users associated with a specific policy.

HTTP Verb

Resource

Description

PATCH

/v3/access_control/policies/:policy_id/users

Updates a list of users with a policy

URI Parameters

Parameter Name

Required

Type

Description

policy_id

Yes

integer

AccessControlPolicyId

Example: 67

Request Body

Property Name

Value

Description

user_ids

array of integer

List of user IDs

Sample Request

{
  "user_ids": [
    123
  ]
}

Sample Response

Status: 200 OK

[
  {
    "user_id": 123,
    "account_id": 123,
    "permissions": {
      "WorkflowProject": [
        {
          "operation": "view"
        }
      ],
      "WorkflowProjectLevel": [
        {
          "operation": "view",
          "name": "my_wf"
        }
      ],
      "Segmentation": [
        {
          "operation": "full"
        }
      ],
      "MasterSegmentConfigs": [
        {
          "operation": "view"
        }
      ],
      "MasterSegmentConfig": [
        {
          "operation": "view",
          "id": "42"
        }
      ],
      "SegmentAllFolders": [
        {
          "operation": "view",
          "audience_id": "42"
        }
      ],
      "SegmentFolder": [
        {
          "operation": "view",
          "id": "42"
        }
      ],
      "Authentications": [
        {
          "operation": "use"
        }
      ],
      "Sources": [
        {
          "operation": "restricted"
        }
      ],
      "Destinations": [
        {
          "operation": "restricted"
        }
      ]
    },
    "policies": [
      {
        "id": 67,
        "account_id": 123,
        "name": "some_policy",
        "description": "written about the policy",
        "user_count": 3
      }
    ]
  }
]

GET /v3/access_control/policies/{policy_id}/column_permissions

Retrieve information related to a policy that contains column-level permissions.

HTTP Verb

Resource

Description

GET

/access_control/policies/{policy_id}/column-permissions

Retrieve information related to a policy that contains column-level permissions.

URI Parameters 

Parameter Name

Required

Type

Description

policy_id

Yes

integer

AccessControlPolicyId

Example: 67

Sample Response

{
  "tags": [
    "string"
  ],
  "except": true,
  "masking" : "hash" 
}

GET /v3/access_control/policies?column_permissions_tag={tag}

Retrieve all policies that contain column tags.

HTTP Verb

Resource

Description

GET

/v3/access_control/policies?column_permission_tag={tag}

Retrieve all policies that contain column tags.

Sample Response

[
  {
    "id": 67,
    "account_id": 123,
    "name": "some_policy",
    "description": "written about the policy",
    "user_count": 3
  }
]


PATCH /v3/access_control/policies/{policy_id}/column_permissions

Update information related to a column-level access control policy. 

Control Type

Description

Allow

A policy that allows access with “xxx, yyy, zzz” tags

Allow - Except

A policy that allows access to all columns with the exception of “aaa, bbb, ccc” tags

Mask

A policy that hides specified columns using modified content.

ALLOW

HTTP Verb

Resource

Description

PATCH

/v3/access_control/policies/:policy_id/column_permissions

Updates a specific policy to allow access to specific tags.

URI Parameters

Parameter Name

Required

Type

Description

policy_id

Yes

integer

policy_id

Example: 6196842

Sample Request

curl -X PATCH 
     -H "Authorization: TD1 ${TD1_KEY}" 
     -H "Content-Type: application/json" \
     -d '{"column_permissions":[ {"tags":["home-address"]} ]}' 

Sample Response

[
  {
    "tags": [
      "home-address"
    ]
  }
]

ALLOW Except

HTTP Verb

Resource

Description

PATCH

/v3/access_control/policies/:policy_id/column_permissions

Updates a specific policy to allow access to specific tags.

URI Parameters

Parameter Name

Required

Type

Description

policy_id

Yes

integer

policy_id

Example: 6196842

Sample Request

curl -X PATCH 
     -H "Authorization: TD1 ${TD1_KEY}" 
     -H "Content-Type: application/json" \
     -d '{"column_permissions":[ {"tags":["email-raw"], "except":true} ]}' 

Sample Response

[
  {
    "tags": [
      "email-raw"
    ],
    “except”: true
  }
]

MASKING

HTTP Verb

Resource

Description

PATCH

/v3/access_control/policies/:policy_id/column_permissions

Updates a specific policy to allow access to specific tags.

URI Parameters

Parameter Name

Required

Type

Description

policy_id

Yes

integer

policy_id

Example: 6196842

Sample Request

curl -X PATCH 
     -H "Authorization: TD1 ${TD1_KEY}" 
     -H "Content-Type: application/json" \
     -d '{"column_permissions":[ {"tags":["home-address"], "masking":"hash"} ]}' 

Sample Response

[
  {
    "tags": [
      "home-address”
    ],
    “masking”: “hash”
  }
]

  • No labels