This is an Access Control List for the user scope.
An ACL entry defines a permission (verb) granted or revoked for a subject over a resource. The permission is rejected by default, so you need to add ACL entries for granting accesses to Kii Cloud and your resources.
An ACL entry is composed of a resource, a subject, and a verb.
Subject: A subject can be either a user, a thing, or a group. Also, the following two "Special Users" can be set as a subject:
- ANONYMOUS_USER: Represent all users who are accessing anonymously. This user cannot be used for topics.
- ANY_AUTHENTICATED_USER: Represent any users who are authenticated.
Verb: These are the available verbs for an user scope:
- CREATE_NEW_BUCKET: Create a new bucket in the user scope.
- CREATE_NEW_TOPIC: Create a new topic in the user scope.
Request Headers (Applies to all methods)
GET
/api/apps/{appID}/users/{accountType}:{address}/acl
Retrieve all ACL entries.
The administrator can always perform this action.
For other users, actors who can perform this action depends on the target resource:
- User scope: the user.
- Group scope: the group owner.
- Thing scope: the thing or a thing owner.
- Bucket: the scope owner.
- Object: the scope owner and the object owner.
- Topic: the scope owner and the topic creator.
Content-Type application/vnd.kii.ACLRetrievalResponse+json
| Name | Type | Description | 
|---|---|---|
| CREATE_NEW_BUCKET | ACLSubject | Permitted subjects to create new buckets. | 
| An array of subjects to whom this action is permitted. Each subject is represented by a JSON object with the format `{ "userID": "{PERMITTED USER ID}" }` for the user permission or `{ "groupID": "{PERMITTED GROUP ID}" }` for the group permission. | ||
| CREATE_NEW_TOPIC | ACLSubject | Permitted subjects to create new topics. | 
| An array of subjects to whom this action is permitted. Each subject is represented by a JSON object with the format `{ "userID": "{PERMITTED USER ID}" }` for the user permission or `{ "groupID": "{PERMITTED GROUP ID}" }` for the group permission. | ||
| QUERY_OBJECTS_IN_BUCKET | ACLSubject | Permitted subjects to query objects in this bucket. | 
| An array of subjects to whom this action is permitted. Each subject is represented by a JSON object with the format `{ "userID": "{PERMITTED USER ID}" }` for the user permission or `{ "groupID": "{PERMITTED GROUP ID}" }` for the group permission. | ||
| READ_OBJECTS_IN_BUCKET | ACLSubject | Permitted subjects to read the content of the objects in this bucket. | 
| An array of subjects to whom this action is permitted. Each subject is represented by a JSON object with the format `{ "userID": "{PERMITTED USER ID}" }` for the user permission or `{ "groupID": "{PERMITTED GROUP ID}" }` for the group permission. | ||
| CREATE_OBJECTS_IN_BUCKET | ACLSubject | Permitted subjects to create objects in this bucket. | 
| An array of subjects to whom this action is permitted. Each subject is represented by a JSON object with the format `{ "userID": "{PERMITTED USER ID}" }` for the user permission or `{ "groupID": "{PERMITTED GROUP ID}" }` for the group permission. | ||
| DROP_BUCKET_WITH_ALL_CONTENT | ACLSubject | Permitted subjects to drop this bucket with all contents. | 
| An array of subjects to whom this action is permitted. Each subject is represented by a JSON object with the format `{ "userID": "{PERMITTED USER ID}" }` for the user permission or `{ "groupID": "{PERMITTED GROUP ID}" }` for the group permission. | ||
| READ_EXISTING_OBJECT | ACLSubject | Permitted subjects to read existing objects. | 
| An array of subjects to whom this action is permitted. Each subject is represented by a JSON object with the format `{ "userID": "{PERMITTED USER ID}" }` for the user permission or `{ "groupID": "{PERMITTED GROUP ID}" }` for the group permission. | ||
| WRITE_EXISTING_OBJECT | ACLSubject | Permitted subjects to write and update existing objects. | 
| An array of subjects to whom this action is permitted. Each subject is represented by a JSON object with the format `{ "userID": "{PERMITTED USER ID}" }` for the user permission or `{ "groupID": "{PERMITTED GROUP ID}" }` for the group permission. | ||
| SUBSCRIBE_TO_TOPIC | ACLSubject | Permitted subjects to subscribe to this topic. | 
| An array of subjects to whom this action is permitted. Each subject is represented by a JSON object with the format `{ "userID": "{PERMITTED USER ID}" }` for the user permission or `{ "groupID": "{PERMITTED GROUP ID}" }` for the group permission. | ||
| SEND_MESSAGE_TO_TOPIC | ACLSubject | Permitted subjects to send messages to this topic. | 
| An array of subjects to whom this action is permitted. Each subject is represented by a JSON object with the format `{ "userID": "{PERMITTED USER ID}" }` for the user permission or `{ "groupID": "{PERMITTED GROUP ID}" }` for the group permission. | ||
Content-Type application/vnd.kii.UserNotFoundException+json
| Name | Type | Description | 
|---|---|---|
| errorCode | string | Error code "USER_NOT_FOUND". | 
| message | string | The error message. | 
| field | string | The field used for searching the user. This can be the userID or address field. | 
| value | string | The field value used for searching the user. | 
| appID | string | The ID of the application. | 
Content-Type application/vnd.kii.UnauthorizedAccessException+json
| Name | Type | Description | 
|---|---|---|
| errorCode | string | Error code "UNAUTHORIZED". | 
| message | string | The error message. | 
| authenticatedAppID | string | The authenticated appID. | 
| authenticatedPrincipalID | string | The authenticated principal ID (userID or thingID). |