KBEC-00283 - How to list acl of a project using script?

Article ID:360033191151
3 minute readKnowledge base

Summary

We have acl groups and projects. How do we generate list of acl related to a project in the following format (similar to Access Control UI under section Privileges for Project), 1 as allow, 0 inherit, etc.

For example,

Type Name Read Modify Execute Change Permissions

group

group1

1

0

1

0

group

group2

1

1

1

1

group

group3

1

0

0

0

project

Preflight Builds

1

1

1

1

Solution

CloudBees CD (CloudBees Flow) API "getAccess" retrieves ACL information (access control list) associated with an object, including inherited ACLs.

You must specify object locators to find the object where you need to verify access.

Object Locator Description

applicationName

The name of the application container of the property sheet which owns the property; must be unique among all projects.

applicationTierName

The name of the application tier container of the property sheet which owns the property.

artifactName

The name of the credential container of the property sheet which owns the property.The name of the artifact.

artifactVersionName

The name of the artifact version. Note: An artifact version name is interpreted by the server as the artifactVersionName attribute for theartifactVersion in question. This name is parsed and interpreted as"groupId:artifactKey:version" and the object is searched either way you specify its name—​the Flow server interprets either name form correctly.

componentName

The name of the component container of the property sheet which owns the property.

configName

The name of the emailConfig container that owns the property.

credentialName

The name of the credential container of the property sheet which owns the property.credentialName can be one of two forms: relative (for example, "cred1" ) - the credential is assumed to be in the project that contains the request target object. absolute (for example, "/projects/BuildProject/credentials/cred1") - the credential can be from any specified project, regardless of the target object’s project.

emulateRestoreInheritance

Whether or not to include one level of broken inheritance if it exists. Used for seeing what access would look like if the lowest level of broken inheritance was restored. <Boolean flag - 0|1|true|false> If set to 1, this argument returns ACL information to what it would be if inheritance were restored on this object.

environmentName

The name of the environment container of the property sheet which owns the property; must be unique among all projects.

environmentTierName

The name of the environment tier container of the property sheet which owns the property.

gatewayName

The name of the gateway container of the property sheet.

groupName

The name of the group container of the property sheet that owns the property.

jobId

The unique Flow-generated identifier (a UUID) for a job, assigned automatically when the job is created. Also accepts a job name assigned to the job by its name template.

jobStepId

The unique identifier for a job step, assigned automatically when the job step is created.

notifierName

The name of the email notifier that contains the ACL.

objectId

This is an object identifier returned by findObjects and getObjects.

path

Property path string.

pluginName

The name of the plugin that contains the ACL.

procedureName

The name of the procedure containing the ACL. *Also requires *projectName

processName

The name of the process, if the container is a process or process step.

processStepName

The name of the process step, if the container is a process step.

projectName

The name of the project that contains the ACL; must be unique among all projects.

propertySheetId

The unique identifier for a property sheet, assigned automatically when the property sheet is created.

repositoryName

The name of the repository for artifact management.

resourceName

The name of the resource that contains the ACL.

resourcePoolName

The name of a pool containing one or more resources.

scheduleName

The name of the schedule containing the ACL. *Also requires *projectName

stateDefinitionName

The name of the state definition.

stateName

The name of the state.

stepName

The name of the step containing the ACL. *Also requires *projectName and procedureName

systemObjectName

System objects include: admin|artifactVersions|directory|emailConfigs|log|plugins| server|session|workspaces

transitionDefinitionName

The name of the transition definition.

transitionName

The name of the transition.

userName

The name of the user that contains the ACL.

workflowDefinitionName

The name of the workflow definition.

workflowName

The name of the workflow.

workspaceName

The name of the workspace that contains the ACL.

zoneName

The name of the zone.

Positional arguments

Arguments to specify the object, beginning with the top-level object locator.

Response

One or more object elements, each consisting of one or more aclEntry` elements. Each object represents
an object in the ACL inheritance chain starting with the most specific object. Each aclEntry identifies a user or
group and the privileges granted or denied by the entry, and includes a breakInheritance element if applicable.

and you should parse the return values to any format you’d like to generate.

Examples

$cmdr-\>getAccess(
{projectName =\> "Sample Project"}

);

or

ectool getAccess --projectName "Sample Project"

See Also

Add links to other pages here.

Applies to

  • Product versions: 4.2.x, 5.x, 6.x

  • OS versions: All