IAM Access Policies matching Assets (v1)¶
Create the bearer_token and store in a file in a secure local directory with 0600 permissions.
See API Request Authorization and Authentication.
Note
The following example shows use of the API over curl in a bash terminal. The concepts are fully portable to any other REST client (eg PostMan or python requests)
Set the URL (for example):
$ export URL=https://synsation.1234-5678.nodes.archivist.jitsuin.io
IAM access policy records in Jitsuin Archivist are tokenized at creation time and referred to in all API calls and smart contracts throughout the system by a unique identity of the form:
access_policies/12345678-90ab-cdef-1234-567890abcdef.
If you do not know the access_policy’s identity you can fetch IAM access policy records using other information you do know, such as the access_policy’s name.
Fetch all Assets matching specific IAM access_policy (v1)¶
If you know the unique identity of the IAM access policy Record simply GET the resource:
$ curl -v -X GET \
-H "@$BEARER_TOKEN_FILE" \
$URL/archivist/iam/v1/access_policies/6a951b62-0a26-4c22-a886-1082297b063b/assets
Each of these calls returns a list of matching Asset records in the form:
{
"assets": [
{
"identity": "assets/6a951b62-0a26-4c22-a886-1082297b063b",
"behaviours": [
"Firmware",
"Maintenance",
"RecordEvidence",
"LocationUpdate",
"Attachments"
],
"attributes": {
"arc_display_type": "Pump",
"arc_firmware_version": "1.0",
"arc_home_location_identity": "locations/866790d8-4ed6-4cc9-8f60-07672609b331",
"arc_serial_number": "vtl-x4-07",
"arc_description": "Pump at A603 North East",
"arc_display_name": "tcl.ccj.003",
"some_custom_attribute": "value",
"arc_attachments": [
{
"arc_display_name": "arc_primary_image",
"arc_attachment_identity": "blobs/87b1a84c-1c6f-442b-923e-a97516f4d275",
"arc_hash_alg": "SHA256",
"arc_hash_value": "246c316e2cd6971ce5c83a3e61f9880fa6e2f14ae2976ee03500eb282fd03a60"
}
]
},
"confirmation_status": "CONFIRMED",
"tracked": "TRACKED"
}
]
}
Fetch all IAM access_policies matching specific Asset (v1)¶
If you know the unique identity of the Asset Record simply GET matching policies:
$ curl -v -X GET \
-H "@$BEARER_TOKEN_FILE" \
$URL/archivist/iam/v1/assets/6a951b62-0a26-4c22-a886-1082297b063b/access_policies
Each of these calls returns a list of matching IAM access_policies records in the form:
{
"access_policies": [
{
"identity": "access_policies/6a951b62-0a26-4c22-a886-1082297b063b",
"display_name": "Some description",
"filters": [
{ "or": [
"attributes.arc_home_location_identity=locations/5ea815f0-4de1-4a84-9377-701e880fe8ae",
"attributes.arc_home_location_identity=locations/27eed70b-9e2b-4db1-b8c4-e36505350dcc",
]},
{ "or": [
"attributes.arc_display_type=Valve",
"attributes.arc_display_type=Pump"
]},
{ "or": [
"attributes.ext_vendor_name=SynsationIndustries"
]}
],
"access_permissions": [
{
"subjects": [
"subjects/6a951b62-0a26-4c22-a886-1082297b063b",
"subjects/a24306e5-dc06-41ba-a7d6-2b6b3e1df48d"
],
"behaviours": [ "Attachments", "Firmware", "Maintenance", "RecordEvidence" ],
"include_attributes": [ "arc_display_name", "arc_display_type", "arc_firmware_version" ],
"user_attributes": [
{"or": ["group:maintainers", "group:supervisors"]}
]
}
]
},
{
"identity": "access_policies/12345678-0a26-4c22-a886-1082297b063b",
"display_name": "Some other description",
"filters": [
{ "or": ["attributes.arc_display_type=door_access_reader"]}
],
"access_permissions": [
{
"subjects": [
"subjects/6a951b62-0a26-4c22-a886-1082297b063b",
"subjects/a24306e5-dc06-41ba-a7d6-2b6b3e1df48d"
],
"behaviours": [ "Attachments", "Maintenance", "RecordEvidence" ],
"include_attributes": [ "arc_display_name", "arc_display_type" ],
"user_attributes": [
{"or": ["group:maintainers", "group:supervisors"]}
]
}
]
}
]
}
Note
The number of records returned has a maximum limit. If this limit is too small then one must use API Request Paging.
A full API reference is available in Swagger GET API