/has/permission

URL: http://<db.host>:<db.port>/has/permission

Checks if the specified user has the specified permission on the specified object.

Input Parameter Description

Name

Type

Description

principal

string

Name of the user for which the permission is being checked. Must be an existing user. If blank, will use the current user. The default value is ''.

object

string

Name of object to check for the requested permission. It is recommended to use a fully-qualified name when possible.

object_type

string

The type of object being checked

Supported Values	Description
context	Context
credential	Credential
datasink	Data Sink
datasource	Data Source
directory	KiFS File Directory
graph	A Graph object
proc	UDF Procedure
schema	Schema
sql_proc	SQL Procedure
system	System-level access
table	Database Table
table_monitor	Table monitor

permission

string

Permission to check for.

Supported Values	Description
admin	Full read/write and administrative access on the object.
connect	Connect access on the given data source or data sink.
create	Ability to create new objects of this type.
delete	Delete rows from tables.
execute	Ability to Execute the Procedure object.
insert	Insert access to tables.
read	Ability to read, list and use the object.
update	Update access to the table.
user_admin	Access to administer users and roles that do not have system_admin permission.
write	Access to write, change and delete objects.

options

map of string to strings

Optional parameters. The default value is an empty map ( {} ).

Supported Parameters (keys)

Parameter Description

no_error_if_not_exists

If false will return an error if the provided input parameter object does not exist or is blank. If true then it will return false for output parameter has_permission. The default value is false. The supported values are:

true
false

Output Parameter Description

The GPUdb server embeds the endpoint response inside a standard response structure which contains status information and the actual response to the query. Here is a description of the various fields of the wrapper:

Name

Type

Description

status

String

'OK' or 'ERROR'

message

String

Empty if success or an error message

data_type

String

'has_permission_response' or 'none' in case of an error

data

String

Empty string

data_str

JSON or String

This embedded JSON represents the result of the /has/permission endpoint:

Name

Type

Description

principal

string

Value of input parameter principal

object

string

Fully-qualified value of input parameter object

object_type

string

Value of input parameter object_type

permission

string

Value of input parameter permission

has_permission

boolean

Indicates whether the specified user has the specified permission on the specified target.

Possible Values	Description
true	User has the effective queried permission
false	User does not have the queried permission

filters

map of string to strings

Map of column/filters that have been granted.

info

map of string to strings

Additional information.

Empty string in case of an error.