/has/permission

URL: http://GPUDB_IP_ADDRESS:GPUDB_PORT/has/permission

Checks if the specified user has the specified permission on the specified object.

Input Parameter Description

NameTypeDescription
principalstringName of the user for which the permission is being checked. Must be an existing user. If blank, will use the current user. The default value is ''.
objectstringName of object to check for the requested permission. It is recommended to use a fully-qualified name when possible.
object_typestring

The type of object being checked

Supported ValuesDescription
credentialCredential
datasinkData Sink
datasourceData Source
directoryKiFS File Directory
graphA Graph object
procUDF Procedure
schemaSchema
sql_procSQL Procedure
systemSystem-level access
tableDatabase Table
permissionstring

Permission to check for.

Supported ValuesDescription
adminFull read/write and administrative access on the object.
connectConnect access on the given data source or data sink.
deleteDelete rows from tables.
executeAbility to Execute the Procedure object.
insertInsert access to tables.
readAbility to read, list and use the object.
updateUpdate access to the table.
user_adminAccess to administer users and roles that do not have system_admin permission.
writeAccess to write, change and delete objects.
optionsmap of string to strings

Optional parameters. The default value is an empty map ( {} ).

Supported Parameters (keys)Parameter Description
no_error_if_not_exists

If false will return an error if the provided input parameter object does not exist or is blank. If true then it will return false for output parameter has_permission. The default value is false. The supported values are:

  • true
  • false

Output Parameter Description

The GPUdb server embeds the endpoint response inside a standard response structure which contains status information and the actual response to the query. Here is a description of the various fields of the wrapper:

NameTypeDescription
statusString'OK' or 'ERROR'
messageStringEmpty if success or an error message
data_typeString'has_permission_request' or 'none' in case of an error
dataStringEmpty string
data_strJSON or String

This embedded JSON represents the result of the /has/permission endpoint:

NameTypeDescription
principalstringValue of input parameter principal
objectstringFully-qualified value of input parameter object
object_typestringValue of input parameter object_type
permissionstringValue of input parameter permission
has_permissionboolean

Indicates whether the specified user has the specified permission on the specified target.

Possible ValuesDescription
trueUser has the effective queried permission
falseUser does not have the queried permission
filtersmap of string to stringsMap of column/filters that have been granted.
infomap of string to stringsAdditional information.

Empty string in case of an error.