概览
使用以下 URL 和方法列出作业、守护程序高级设置和守护程序访问的策略:
项 | 说明 | ||
---|---|---|---|
URL | /datamover/policies | ||
方法 | GET |
启用安全设置后,只有 Viewpoint 或命令行管理员才能检索守护程序高级和守护程序访问策略类型。非管理员用户只能检查特定作业的策略。
请求标头
- Authorization
- 说明:基本标头身份验证如果从 Viewpoint 调用,则用户必须是 dmcl_admin。
- Portlet-User
- 说明:Viewpoint 用户登录
- Portlet-Roles
- 说明:与 Viewpoint 用户登录关联的角色
请求参数
- resource_type
- 说明:与策略关联的资源类型。有效值为:
- tdrn:datamover:daemon_access
- tdrn:datamover:daemon_advanced
- tdrn:datamover:job
- resource_name
- 说明:与策略关联的资源名称。
响应参数
无需响应参数。
示例
下面是一个用于列出守护程序访问策略的请求示例:
/datamover/policies?resource_type=tdrn:datamover:daemon_access
下面是守护程序访问策略的成功响应示例:
[ { "service" : "datamover", "type" : "user", "principals" : [ "dn186008" ], "actions" : [ "read", "write", "execute" ], "resources" : [ "tdrn:datamover:daemon_access:*" ] }, { "service" : "datamover", "type" : "role", "principals" : [ "Administrator" ], "actions" : [ "read", "write", "execute" ], "resources" : [ "tdrn:datamover:daemon_access:*" ] }, { "service" : "datamover", "type" : "user", "principals" : [ "tester_002" ], "actions" : [ "read", "write" ], "resources" : [ "tdrn:datamover:daemon_access:*" ] }, { "service" : "datamover", "type" : "role", "principals" : [ "User" ], "actions" : [ "read" ], "resources" : [ "tdrn:datamover:daemon_access:*" ] }, { "service" : "datamover", "type" : "user", "principals" : [ "abcd" ], "actions" : [ "read", "write", "execute" ], "resources" : [ "tdrn:datamover:daemon_access:*" ] }, { "service" : "datamover", "type" : "user", "principals" : [ "admin" ], "actions" : [ "read", "write", "execute" ], "resources" : [ "tdrn:datamover:daemon_access:*" ] }, { "service" : "datamover", "type" : "user", "principals" : [ "tester_001" ], "actions" : [ "read" ], "resources" : [ "tdrn:datamover:daemon_access:*" ] }, { "service" : "datamover", "type" : "user", "principals" : [ "test_002" ], "actions" : [ "write" ], "resources" : [ "tdrn:datamover:daemon_access:*" ] } ]
下面是用户无权检索策略时的失败响应代码示例:
{ "message" : "When security is on, only commandline super user or viewpoint could retrieve policies for resource type.tdrn:datamover:daemon_access.The user does not have the permission to run GET_GLOBAL_ACCESS_PERMISSIONS command" }