### GET /iam/tenants/{id} Source: https://connhex.com/api/iam/latest/policies/api.json Returns the details for a tenant. Required Permission: - Resource: ```iam:tenants:{id}``` - Action: ```iam:tenants:get``` ```markdown ### Parameters - **id** (string, path, required): ID of the tenant. ### Responses #### 200 - A successful response. **compiuta.api.iam.v2.GetTenantResp** - **tenant** (object) - **name** (string): Name for the tenant. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") #### default - An unexpected error response. **google.rpc.Status** - **code** (integer (int32)) - **message** (string) - **details** (array (google.protobuf.Any)) Array items: - **@type** (string) ### Example Usage ```bash curl -X GET "https://apis./iam/tenants/{id}" ``` ``` -------------------------------- ### POST /iam/policies Source: https://connhex.com/api/iam/latest/policies/api.json Creates a custom IAM policy used to control permissions. A policy is composed of one or more statements that grant permissions to a set of members. Each statement contains a role as well as a list of tenants. The role defines a set of actions that the statement is scoped to. The tenant list defines the set of resources that the statement is scoped to. Pass `"tenants": ["*"]` to scope a statement to every tenant. A policy's *top-level* tenants list defines which tenants the policy belongs to (for filtering policies by their tenants), whereas the *statement-level* tenants list defines which tenants the statement applies to. The example creates a new policy not associated with any tenant (because the top-level `tenants` property is empty) that grants the `viewer` role on a few tenants for all local teams and a custom role `myRole` on a specific tenant. Required Permission: - Resource: ```iam:policies``` - Action: ```iam:policies:create``` ```markdown ### Request Body **Content-Type:** application/json - **id** (string) (required): Unique ID. Cannot be changed. - **name** (string) (required): Name for the policy. - **members** (array (string)): Members affected by this policy. - **statements** (array (compiuta.api.iam.v2.Statement)) (required): Statements for the policy. Array items: - **effect** (string (ALLOW|DENY)) ("ALLOW"|"DENY") - **actions** (array (string)): Actions defined inline. May be empty. Best practices recommend that you use custom roles rather than inline actions where practical. - **role** (string): The role defines a set of actions that the statement is scoped to. - **resources** (array (string)): Resources defined inline. - **tenants** (array (string)): The tenant list defines the set of resources that the statement is scoped to. May be empty. - **tenants** (array (string)): List of tenants this policy belongs to. ### Responses #### 200 - A successful response. **compiuta.api.iam.v2.CreatePolicyResp** - **policy** (object) - **name** (string): Name for the policy. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") - **members** (array (string)): Members affected by this policy. May be empty. - **statements** (array (compiuta.api.iam.v2.Statement)): Statements for the policy. Will contain one or more. Array items: - **effect** (string (ALLOW|DENY)) ("ALLOW"|"DENY") - **actions** (array (string)): Actions defined inline. May be empty. Best practices recommend that you use custom roles rather than inline actions where practical. - **role** (string): The role defines a set of actions that the statement is scoped to. - **resources** (array (string)): Resources defined inline. - **tenants** (array (string)): The tenant list defines the set of resources that the statement is scoped to. May be empty. - **tenants** (array (string)): List of tenants this policy belongs to. May be empty. #### default - An unexpected error response. **google.rpc.Status** - **code** (integer (int32)) - **message** (string) - **details** (array (google.protobuf.Any)) Array items: - **@type** (string) ### Example Usage ```bash curl -X POST "https://apis./iam/policies" \ -H "Content-Type: application/json" \ -d '{ "name": "My Viewer Policy", "id": "custom-viewer-policy", "members": [ "team:local:*" ], "statements": [ { "role": "viewer", "tenants": [ "tenant1", "tenant2" ], "effect": "ALLOW" }, { "role": "myRole", "tenants": [ "exampleTenant" ], "effect": "ALLOW" } ], "tenants": [] }' ``` ``` -------------------------------- ### GET /iam/roles Source: https://connhex.com/api/iam/latest/policies/api.json Lists all *compiuta-managed* and *custom* roles. Required Permission: - Resource: ```iam:roles``` - Action: ```iam:roles:list``` ```markdown ### Responses #### 200 - A successful response. **compiuta.api.iam.v2.ListRolesResp** - **roles** (array (compiuta.api.iam.v2.Role)) Array items: - **name** (string): Name for the role. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") - **actions** (array (string)): List of actions this role scopes to. Will contain one or more. - **tenants** (array (string)): List of tenants this role belongs to. May be empty. #### default - An unexpected error response. **google.rpc.Status** - **code** (integer (int32)) - **message** (string) - **details** (array (google.protobuf.Any)) Array items: - **@type** (string) ### Example Usage ```bash curl -X GET "https://apis./iam/roles" ``` ``` -------------------------------- ### GET /iam/roles/{id} Source: https://connhex.com/api/iam/latest/policies/api.json Returns the details for a role. Required Permission: - Resource: ```iam:roles:{id}``` - Action: ```iam:roles:get``` ```markdown ### Parameters - **id** (string, path, required): ID of the role. ### Responses #### 200 - A successful response. **compiuta.api.iam.v2.GetRoleResp** - **role** (object) - **name** (string): Name for the role. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") - **actions** (array (string)): List of actions this role scopes to. Will contain one or more. - **tenants** (array (string)): List of tenants this role belongs to. May be empty. #### default - An unexpected error response. **google.rpc.Status** - **code** (integer (int32)) - **message** (string) - **details** (array (google.protobuf.Any)) Array items: - **@type** (string) ### Example Usage ```bash curl -X GET "https://apis./iam/roles/{id}" ``` ``` -------------------------------- ### GET /iam/tenants Source: https://connhex.com/api/iam/latest/policies/api.json Lists all tenants. Required Permission: - Resource: ```iam:tenants``` - Action: ```iam:tenants:list``` ```markdown ### Responses #### 200 - A successful response. **compiuta.api.iam.v2.ListTenantsResp** - **tenants** (array (compiuta.api.iam.v2.Tenant)) Array items: - **name** (string): Name for the tenant. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") #### default - An unexpected error response. **google.rpc.Status** - **code** (integer (int32)) - **message** (string) - **details** (array (google.protobuf.Any)) Array items: - **@type** (string) ### Example Usage ```bash curl -X GET "https://apis./iam/tenants" ``` ``` -------------------------------- ### GET /iam/policies/{id} Source: https://connhex.com/api/iam/latest/policies/api.json Returns the details for a policy. Required Permission: - Resource: ```iam:policies:{id}``` - Action: ```iam:policies:get``` ```markdown ### Parameters - **id** (string, path, required): ID of the policy. ### Responses #### 200 - A successful response. **compiuta.api.iam.v2.GetPolicyResp** - **policy** (object) - **name** (string): Name for the policy. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") - **members** (array (string)): Members affected by this policy. May be empty. - **statements** (array (compiuta.api.iam.v2.Statement)): Statements for the policy. Will contain one or more. Array items: - **effect** (string (ALLOW|DENY)) ("ALLOW"|"DENY") - **actions** (array (string)): Actions defined inline. May be empty. Best practices recommend that you use custom roles rather than inline actions where practical. - **role** (string): The role defines a set of actions that the statement is scoped to. - **resources** (array (string)): Resources defined inline. - **tenants** (array (string)): The tenant list defines the set of resources that the statement is scoped to. May be empty. - **tenants** (array (string)): List of tenants this policy belongs to. May be empty. #### default - An unexpected error response. **google.rpc.Status** - **code** (integer (int32)) - **message** (string) - **details** (array (google.protobuf.Any)) Array items: - **@type** (string) ### Example Usage ```bash curl -X GET "https://apis./iam/policies/{id}" ``` ``` -------------------------------- ### GET /iam/policies Source: https://connhex.com/api/iam/latest/policies/api.json Lists all policies. Required Permission: - Resource: ```iam:policies``` - Action: ```iam:policies:list``` ```markdown ### Responses #### 200 - A successful response. **compiuta.api.iam.v2.ListPoliciesResp** - **policies** (array (compiuta.api.iam.v2.Policy)) Array items: - **name** (string): Name for the policy. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") - **members** (array (string)): Members affected by this policy. May be empty. - **statements** (array (compiuta.api.iam.v2.Statement)): Statements for the policy. Will contain one or more. Array items: - **effect** (string (ALLOW|DENY)) ("ALLOW"|"DENY") - **actions** (array (string)): Actions defined inline. May be empty. Best practices recommend that you use custom roles rather than inline actions where practical. - **role** (string): The role defines a set of actions that the statement is scoped to. - **resources** (array (string)): Resources defined inline. - **tenants** (array (string)): The tenant list defines the set of resources that the statement is scoped to. May be empty. - **tenants** (array (string)): List of tenants this policy belongs to. May be empty. #### default - An unexpected error response. **google.rpc.Status** - **code** (integer (int32)) - **message** (string) - **details** (array (google.protobuf.Any)) Array items: - **@type** (string) ### Example Usage ```bash curl -X GET "https://apis./iam/policies" ``` ``` -------------------------------- ### GET /iam/policy_version Source: https://connhex.com/api/iam/latest/policies/api.json Returns the major and minor version of IAM that is running. Required Permission: - Resource: ```iam:policies``` - Action: ```iam:policies:get``` ```markdown ### Responses #### 200 - A successful response. **compiuta.api.iam.v2.GetPolicyVersionResp** - **version** (object) - **major** (string (V0|V1|V2)) ("V0"|"V1"|"V2") - **minor** (string (V0|V1|V2)) ("V0"|"V1"|"V2") #### default - An unexpected error response. **google.rpc.Status** - **code** (integer (int32)) - **message** (string) - **details** (array (google.protobuf.Any)) Array items: - **@type** (string) ### Example Usage ```bash curl -X GET "https://apis./iam/policy_version" ``` ``` -------------------------------- ### GET /iam/policies/{id}/members Source: https://connhex.com/api/iam/latest/policies/api.json Lists all members of a specific policy. Required Permission: - Resource: ```iam:policies:{id}``` - Action: ```iam:policyMembers:get``` ```markdown ### Parameters - **id** (string, path, required): ID of the policy. ### Responses #### 200 - A successful response. **compiuta.api.iam.v2.ListPolicyMembersResp** - **members** (array (string)): List of policy members. #### default - An unexpected error response. **google.rpc.Status** - **code** (integer (int32)) - **message** (string) - **details** (array (google.protobuf.Any)) Array items: - **@type** (string) ### Example Usage ```bash curl -X GET "https://apis./iam/policies/{id}/members" ``` ``` -------------------------------- ### Schema: google.protobuf.Any Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for google.protobuf.Any ```markdown ## Schema: google.protobuf.Any Schema definition for google.protobuf.Any **Type:** object - **@type** (string) ``` -------------------------------- ### POST /iam/tenants Source: https://connhex.com/api/iam/latest/policies/api.json Creates a new tenant to be used in the policies that control permissions. A tenant defines the scope of resources in a policy statement. Resources can be in more than one tenant. When a tenant is created, the system also creates three policies associated with the new tenant, one for each of the following roles: editor, viewer, and tenant admin. You can optionally pass the `skip_policies` flag set to `true` to skip the creation of these policies. Required Permission: - Resource: ```iam:tenants``` - Action: ```iam:tenants:create``` ```markdown ### Request Body **Content-Type:** application/json - **id** (string) (required): Unique ID. Cannot be changed. - **name** (string) (required): Name for the new tenant. - **skipPolicies** (boolean): Boolean flag to skip adding policies associated with the tenant. Set to false by default. ### Responses #### 200 - A successful response. **compiuta.api.iam.v2.CreateTenantResp** - **tenant** (object) - **name** (string): Name for the tenant. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") #### default - An unexpected error response. **google.rpc.Status** - **code** (integer (int32)) - **message** (string) - **details** (array (google.protobuf.Any)) Array items: - **@type** (string) ### Example Usage ```bash curl -X POST "https://apis./iam/tenants" \ -H "Content-Type: application/json" \ -d '{ "name": "My Custom Tenant", "id": "custom-tenant", "skip_policies": true }' ``` ``` -------------------------------- ### Schema: compiuta.api.iam.v2.Tenant Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.Tenant ```markdown ## Schema: compiuta.api.iam.v2.Tenant Schema definition for compiuta.api.iam.v2.Tenant **Type:** object - **name** (string): Name for the tenant. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") ``` -------------------------------- ### Schema: compiuta.api.iam.v2.CreatePolicyReq Source: https://connhex.com/api/iam/latest/policies/api.json Does not contain type as the enduser can only create 'custom' policies. ```markdown ## Schema: compiuta.api.iam.v2.CreatePolicyReq Does not contain type as the enduser can only create 'custom' policies. **Type:** object - **id** (string) (required): Unique ID. Cannot be changed. - **name** (string) (required): Name for the policy. - **members** (array (string)): Members affected by this policy. - **statements** (array (compiuta.api.iam.v2.Statement)) (required): Statements for the policy. Array items: - **effect** (string (ALLOW|DENY)) ("ALLOW"|"DENY") - **actions** (array (string)): Actions defined inline. May be empty. Best practices recommend that you use custom roles rather than inline actions where practical. - **role** (string): The role defines a set of actions that the statement is scoped to. - **resources** (array (string)): Resources defined inline. - **tenants** (array (string)): The tenant list defines the set of resources that the statement is scoped to. May be empty. - **tenants** (array (string)): List of tenants this policy belongs to. ``` -------------------------------- ### Schema: compiuta.api.iam.v2.CreateRoleReq Source: https://connhex.com/api/iam/latest/policies/api.json Does not contain type as the enduser can only create 'custom' roles. ```markdown ## Schema: compiuta.api.iam.v2.CreateRoleReq Does not contain type as the enduser can only create 'custom' roles. **Type:** object - **id** (string) (required): Unique ID. Cannot be changed. - **name** (string) (required): Name for the role. - **actions** (array (string)) (required): List of actions that this role scopes to. - **tenants** (array (string)): List of tenants this role belongs to. ``` -------------------------------- ### Schema: compiuta.api.iam.v2.CreateTenantResp Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.CreateTenantResp ```markdown ## Schema: compiuta.api.iam.v2.CreateTenantResp Schema definition for compiuta.api.iam.v2.CreateTenantResp **Type:** object - **tenant** (object) - **name** (string): Name for the tenant. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") ``` -------------------------------- ### Schema: compiuta.api.iam.v2.CreateTenantReq Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.CreateTenantReq ```markdown ## Schema: compiuta.api.iam.v2.CreateTenantReq Schema definition for compiuta.api.iam.v2.CreateTenantReq **Type:** object - **id** (string) (required): Unique ID. Cannot be changed. - **name** (string) (required): Name for the new tenant. - **skipPolicies** (boolean): Boolean flag to skip adding policies associated with the tenant. Set to false by default. ``` -------------------------------- ### Schema: compiuta.api.iam.v2.CreateRoleResp Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.CreateRoleResp ```markdown ## Schema: compiuta.api.iam.v2.CreateRoleResp Schema definition for compiuta.api.iam.v2.CreateRoleResp **Type:** object - **role** (object) - **name** (string): Name for the role. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") - **actions** (array (string)): List of actions this role scopes to. Will contain one or more. - **tenants** (array (string)): List of tenants this role belongs to. May be empty. ``` -------------------------------- ### API Overview: policy Source: https://connhex.com/api/iam/latest/policies/api.json OpenAPI specification version 2.0.0 ```yaml # policy # Version: 2.0.0 OpenAPI specification # Base URL: https://apis. ``` -------------------------------- ### Schema: google.rpc.Status Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for google.rpc.Status ```markdown ## Schema: google.rpc.Status Schema definition for google.rpc.Status **Type:** object - **code** (integer (int32)) - **message** (string) - **details** (array (google.protobuf.Any)) Array items: - **@type** (string) ``` -------------------------------- ### Schema: compiuta.api.iam.v2.CreatePolicyResp Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.CreatePolicyResp ```markdown ## Schema: compiuta.api.iam.v2.CreatePolicyResp Schema definition for compiuta.api.iam.v2.CreatePolicyResp **Type:** object - **policy** (object) - **name** (string): Name for the policy. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") - **members** (array (string)): Members affected by this policy. May be empty. - **statements** (array (compiuta.api.iam.v2.Statement)): Statements for the policy. Will contain one or more. Array items: - **effect** (string (ALLOW|DENY)) ("ALLOW"|"DENY") - **actions** (array (string)): Actions defined inline. May be empty. Best practices recommend that you use custom roles rather than inline actions where practical. - **role** (string): The role defines a set of actions that the statement is scoped to. - **resources** (array (string)): Resources defined inline. - **tenants** (array (string)): The tenant list defines the set of resources that the statement is scoped to. May be empty. - **tenants** (array (string)): List of tenants this policy belongs to. May be empty. ``` -------------------------------- ### Schema: compiuta.api.iam.v2.ListTenantsResp Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.ListTenantsResp ```markdown ## Schema: compiuta.api.iam.v2.ListTenantsResp Schema definition for compiuta.api.iam.v2.ListTenantsResp **Type:** object - **tenants** (array (compiuta.api.iam.v2.Tenant)) Array items: - **name** (string): Name for the tenant. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") ``` -------------------------------- ### Schema: compiuta.api.iam.v2.Version.VersionNumber Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.Version.VersionNumber ```markdown ## Schema: compiuta.api.iam.v2.Version.VersionNumber Schema definition for compiuta.api.iam.v2.Version.VersionNumber **Type:** string ``` -------------------------------- ### Schema: compiuta.api.iam.v2.GetRoleResp Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.GetRoleResp ```markdown ## Schema: compiuta.api.iam.v2.GetRoleResp Schema definition for compiuta.api.iam.v2.GetRoleResp **Type:** object - **role** (object) - **name** (string): Name for the role. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") - **actions** (array (string)): List of actions this role scopes to. Will contain one or more. - **tenants** (array (string)): List of tenants this role belongs to. May be empty. ``` -------------------------------- ### Security: chx_auth_session Source: https://connhex.com/api/iam/latest/policies/api.json Security scheme: chx_auth_session ```markdown ## Security: chx_auth_session **Description:** Security scheme: chx_auth_session **Type:** apiKey ``` -------------------------------- ### Schema: compiuta.api.iam.v2.AddPolicyMembersResp Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.AddPolicyMembersResp ```markdown ## Schema: compiuta.api.iam.v2.AddPolicyMembersResp Schema definition for compiuta.api.iam.v2.AddPolicyMembersResp **Type:** object - **members** (array (string)) ``` -------------------------------- ### Schema: compiuta.api.iam.v2.GetTenantResp Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.GetTenantResp ```markdown ## Schema: compiuta.api.iam.v2.GetTenantResp Schema definition for compiuta.api.iam.v2.GetTenantResp **Type:** object - **tenant** (object) - **name** (string): Name for the tenant. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") ``` -------------------------------- ### Schema: compiuta.api.iam.v2.ListRolesResp Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.ListRolesResp ```markdown ## Schema: compiuta.api.iam.v2.ListRolesResp Schema definition for compiuta.api.iam.v2.ListRolesResp **Type:** object - **roles** (array (compiuta.api.iam.v2.Role)) Array items: - **name** (string): Name for the role. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") - **actions** (array (string)): List of actions this role scopes to. Will contain one or more. - **tenants** (array (string)): List of tenants this role belongs to. May be empty. ``` -------------------------------- ### Schema: compiuta.api.iam.v2.GetPolicyVersionResp Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.GetPolicyVersionResp ```markdown ## Schema: compiuta.api.iam.v2.GetPolicyVersionResp Schema definition for compiuta.api.iam.v2.GetPolicyVersionResp **Type:** object - **version** (object) - **major** (string (V0|V1|V2)) ("V0"|"V1"|"V2") - **minor** (string (V0|V1|V2)) ("V0"|"V1"|"V2") ``` -------------------------------- ### Schema: compiuta.api.iam.v2.GetPolicyResp Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.GetPolicyResp ```markdown ## Schema: compiuta.api.iam.v2.GetPolicyResp Schema definition for compiuta.api.iam.v2.GetPolicyResp **Type:** object - **policy** (object) - **name** (string): Name for the policy. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") - **members** (array (string)): Members affected by this policy. May be empty. - **statements** (array (compiuta.api.iam.v2.Statement)): Statements for the policy. Will contain one or more. Array items: - **effect** (string (ALLOW|DENY)) ("ALLOW"|"DENY") - **actions** (array (string)): Actions defined inline. May be empty. Best practices recommend that you use custom roles rather than inline actions where practical. - **role** (string): The role defines a set of actions that the statement is scoped to. - **resources** (array (string)): Resources defined inline. - **tenants** (array (string)): The tenant list defines the set of resources that the statement is scoped to. May be empty. - **tenants** (array (string)): List of tenants this policy belongs to. May be empty. ``` -------------------------------- ### Schema: compiuta.api.iam.v2.ListPolicyMembersResp Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.ListPolicyMembersResp ```markdown ## Schema: compiuta.api.iam.v2.ListPolicyMembersResp Schema definition for compiuta.api.iam.v2.ListPolicyMembersResp **Type:** object - **members** (array (string)): List of policy members. ``` -------------------------------- ### Schema: compiuta.api.iam.v2.Statement Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.Statement ```markdown ## Schema: compiuta.api.iam.v2.Statement Schema definition for compiuta.api.iam.v2.Statement **Type:** object - **effect** (string (ALLOW|DENY)) ("ALLOW"|"DENY") - **actions** (array (string)): Actions defined inline. May be empty. Best practices recommend that you use custom roles rather than inline actions where practical. - **role** (string): The role defines a set of actions that the statement is scoped to. - **resources** (array (string)): Resources defined inline. - **tenants** (array (string)): The tenant list defines the set of resources that the statement is scoped to. May be empty. ``` -------------------------------- ### Schema: compiuta.api.iam.v2.Role Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.Role ```markdown ## Schema: compiuta.api.iam.v2.Role Schema definition for compiuta.api.iam.v2.Role **Type:** object - **name** (string): Name for the role. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") - **actions** (array (string)): List of actions this role scopes to. Will contain one or more. - **tenants** (array (string)): List of tenants this role belongs to. May be empty. ``` -------------------------------- ### PUT /iam/tenants/{id} Source: https://connhex.com/api/iam/latest/policies/api.json Updates the name of an existing tenant. Required Permission: - Resource: ```iam:tenants:{id}``` - Action: ```iam:tenants:update``` ```markdown ### Parameters - **id** (string, path, required): Unique ID. Cannot be changed. ### Request Body **Content-Type:** application/json - **name** (string) (required): Name for the tenant. ### Responses #### 200 - A successful response. **compiuta.api.iam.v2.UpdateTenantResp** - **tenant** (object) - **name** (string): Name for the tenant. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") #### default - An unexpected error response. **google.rpc.Status** - **code** (integer (int32)) - **message** (string) - **details** (array (google.protobuf.Any)) Array items: - **@type** (string) ### Example Usage ```bash curl -X PUT "https://apis./iam/tenants/{id}" \ -H "Content-Type: application/json" \ -d '{ "name": "My Custom Tenant" }' ``` ``` -------------------------------- ### Schema: compiuta.api.iam.v2.ListPoliciesResp Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.ListPoliciesResp ```markdown ## Schema: compiuta.api.iam.v2.ListPoliciesResp Schema definition for compiuta.api.iam.v2.ListPoliciesResp **Type:** object - **policies** (array (compiuta.api.iam.v2.Policy)) Array items: - **name** (string): Name for the policy. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") - **members** (array (string)): Members affected by this policy. May be empty. - **statements** (array (compiuta.api.iam.v2.Statement)): Statements for the policy. Will contain one or more. Array items: - **effect** (string (ALLOW|DENY)) ("ALLOW"|"DENY") - **actions** (array (string)): Actions defined inline. May be empty. Best practices recommend that you use custom roles rather than inline actions where practical. - **role** (string): The role defines a set of actions that the statement is scoped to. - **resources** (array (string)): Resources defined inline. - **tenants** (array (string)): The tenant list defines the set of resources that the statement is scoped to. May be empty. - **tenants** (array (string)): List of tenants this policy belongs to. May be empty. ``` -------------------------------- ### Schema: compiuta.api.iam.v2.Policy Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.Policy ```markdown ## Schema: compiuta.api.iam.v2.Policy Schema definition for compiuta.api.iam.v2.Policy **Type:** object - **name** (string): Name for the policy. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") - **members** (array (string)): Members affected by this policy. May be empty. - **statements** (array (compiuta.api.iam.v2.Statement)): Statements for the policy. Will contain one or more. Array items: - **effect** (string (ALLOW|DENY)) ("ALLOW"|"DENY") - **actions** (array (string)): Actions defined inline. May be empty. Best practices recommend that you use custom roles rather than inline actions where practical. - **role** (string): The role defines a set of actions that the statement is scoped to. - **resources** (array (string)): Resources defined inline. - **tenants** (array (string)): The tenant list defines the set of resources that the statement is scoped to. May be empty. - **tenants** (array (string)): List of tenants this policy belongs to. May be empty. ``` -------------------------------- ### Schema: compiuta.api.iam.v2.Type Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.Type ```markdown ## Schema: compiuta.api.iam.v2.Type Schema definition for compiuta.api.iam.v2.Type **Type:** string ``` -------------------------------- ### Schema: compiuta.api.iam.v2.UpdateTenantResp Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.UpdateTenantResp ```markdown ## Schema: compiuta.api.iam.v2.UpdateTenantResp Schema definition for compiuta.api.iam.v2.UpdateTenantResp **Type:** object - **tenant** (object) - **name** (string): Name for the tenant. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") ``` -------------------------------- ### Schema: the only values that may be returned by GetPolicyVersion Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.Version ```markdown ## Schema: the only values that may be returned by GetPolicyVersion Schema definition for compiuta.api.iam.v2.Version **Type:** object - **major** (string (V0|V1|V2)) ("V0"|"V1"|"V2") - **minor** (string (V0|V1|V2)) ("V0"|"V1"|"V2") ``` -------------------------------- ### Schema: compiuta.api.iam.v2.UpdateRoleResp Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.UpdateRoleResp ```markdown ## Schema: compiuta.api.iam.v2.UpdateRoleResp Schema definition for compiuta.api.iam.v2.UpdateRoleResp **Type:** object - **role** (object) - **name** (string): Name for the role. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") - **actions** (array (string)): List of actions this role scopes to. Will contain one or more. - **tenants** (array (string)): List of tenants this role belongs to. May be empty. ``` -------------------------------- ### Schema: compiuta.api.iam.v2.ReplacePolicyMembersResp Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.ReplacePolicyMembersResp ```markdown ## Schema: compiuta.api.iam.v2.ReplacePolicyMembersResp Schema definition for compiuta.api.iam.v2.ReplacePolicyMembersResp **Type:** object - **members** (array (string)): Resulting list of policy members. ``` -------------------------------- ### POST /iam/roles Source: https://connhex.com/api/iam/latest/policies/api.json Creates a new role to be used in the policies that control permissions. A role defines the scope of actions in a policy statement. Required Permission: - Resource: ```iam:roles``` - Action: ```iam:roles:create``` ```markdown ### Request Body **Content-Type:** application/json - **id** (string) (required): Unique ID. Cannot be changed. - **name** (string) (required): Name for the role. - **actions** (array (string)) (required): List of actions that this role scopes to. - **tenants** (array (string)): List of tenants this role belongs to. ### Responses #### 200 - A successful response. **compiuta.api.iam.v2.CreateRoleResp** - **role** (object) - **name** (string): Name for the role. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") - **actions** (array (string)): List of actions this role scopes to. Will contain one or more. - **tenants** (array (string)): List of tenants this role belongs to. May be empty. #### default - An unexpected error response. **google.rpc.Status** - **code** (integer (int32)) - **message** (string) - **details** (array (google.protobuf.Any)) Array items: - **@type** (string) ### Example Usage ```bash curl -X POST "https://apis./iam/roles" \ -H "Content-Type: application/json" \ -d '{ "id": "custom-role", "name": "My Custom Application Manager Role", "actions": [ "applications:*", "iam:tenants:list" ] }' ``` ``` -------------------------------- ### Schema: compiuta.api.iam.v2.Statement.Effect Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.Statement.Effect ```markdown ## Schema: compiuta.api.iam.v2.Statement.Effect Schema definition for compiuta.api.iam.v2.Statement.Effect **Type:** string ``` -------------------------------- ### Schema: compiuta.api.iam.v2.UpdatePolicyResp Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.UpdatePolicyResp ```markdown ## Schema: compiuta.api.iam.v2.UpdatePolicyResp Schema definition for compiuta.api.iam.v2.UpdatePolicyResp **Type:** object - **policy** (object) - **name** (string): Name for the policy. - **id** (string): Unique ID. Cannot be changed. - **type** (string (COMPIUTA_MANAGED|CUSTOM)) ("COMPIUTA_MANAGED"|"CUSTOM") - **members** (array (string)): Members affected by this policy. May be empty. - **statements** (array (compiuta.api.iam.v2.Statement)): Statements for the policy. Will contain one or more. Array items: - **effect** (string (ALLOW|DENY)) ("ALLOW"|"DENY") - **actions** (array (string)): Actions defined inline. May be empty. Best practices recommend that you use custom roles rather than inline actions where practical. - **role** (string): The role defines a set of actions that the statement is scoped to. - **resources** (array (string)): Resources defined inline. - **tenants** (array (string)): The tenant list defines the set of resources that the statement is scoped to. May be empty. - **tenants** (array (string)): List of tenants this policy belongs to. May be empty. ``` -------------------------------- ### Security: bearer Source: https://connhex.com/api/iam/latest/policies/api.json Security scheme: bearer ```markdown ## Security: bearer **Description:** Security scheme: bearer **Type:** http **Scheme:** bearer ``` -------------------------------- ### Schema: compiuta.api.iam.v2.DeleteRoleResp Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.DeleteRoleResp ```markdown ## Schema: compiuta.api.iam.v2.DeleteRoleResp Schema definition for compiuta.api.iam.v2.DeleteRoleResp **Type:** object ``` -------------------------------- ### DELETE /iam/tenants/{id} Source: https://connhex.com/api/iam/latest/policies/api.json Deletes a tenant from any resources tagged with it. Also deletes this tenant from any tenant list in any policy statements. If the resulting tenant list for a given statement is empty, it is deleted. If the resulting policy has no statements, it is also deleted. Required Permission: - Resource: ```iam:tenants:{id}``` - Action: ```iam:tenants:delete``` ```markdown ### Parameters - **id** (string, path, required): ID of the tenant. ### Responses #### 200 - A successful response. **compiuta.api.iam.v2.DeleteTenantResp** #### default - An unexpected error response. **google.rpc.Status** - **code** (integer (int32)) - **message** (string) - **details** (array (google.protobuf.Any)) Array items: - **@type** (string) ### Example Usage ```bash curl -X DELETE "https://apis./iam/tenants/{id}" ``` ``` -------------------------------- ### Schema: compiuta.api.iam.v2.DeleteTenantResp Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.DeleteTenantResp ```markdown ## Schema: compiuta.api.iam.v2.DeleteTenantResp Schema definition for compiuta.api.iam.v2.DeleteTenantResp **Type:** object ``` -------------------------------- ### Schema: compiuta.api.iam.v2.DeletePolicyResp Source: https://connhex.com/api/iam/latest/policies/api.json Schema definition for compiuta.api.iam.v2.DeletePolicyResp ```markdown ## Schema: compiuta.api.iam.v2.DeletePolicyResp Schema definition for compiuta.api.iam.v2.DeletePolicyResp **Type:** object ``` -------------------------------- ### DELETE /iam/policies/{id} Source: https://connhex.com/api/iam/latest/policies/api.json Deletes a specified custom policy. You cannot delete compiuta-managed policies. Required Permission: - Resource: ```iam:policies:{id}``` - Action: ```iam:policies:delete``` ```markdown ### Parameters - **id** (string, path, required): ID of the policy. ### Responses #### 200 - A successful response. **compiuta.api.iam.v2.DeletePolicyResp** #### default - An unexpected error response. **google.rpc.Status** - **code** (integer (int32)) - **message** (string) - **details** (array (google.protobuf.Any)) Array items: - **@type** (string) ### Example Usage ```bash curl -X DELETE "https://apis./iam/policies/{id}" ``` ```