Batch Is Authorized
| verifiedpermissions_batch_is_authorized | R Documentation |
Makes a series of decisions about multiple authorization requests for one principal or resource¶
Description¶
Makes a series of decisions about multiple authorization requests for
one principal or resource. Each request contains the equivalent content
of an is_authorized request: principal, action, resource, and context.
Either the principal or the resource parameter must be identical
across all requests. For example, Verified Permissions won't evaluate a
pair of requests where bob views photo1 and alice views photo2.
Authorization of bob to view photo1 and photo2, or bob and
alice to view photo1, are valid batches.
The request is evaluated against all policies in the specified policy
store that match the entities that you declare. The result of the
decisions is a series of Allow or Deny responses, along with the IDs
of the policies that produced each decision.
The entities of a batch_is_authorized API request can contain up to
100 principals and up to 100 resources. The requests of a
batch_is_authorized API request can contain up to 30 requests.
The batch_is_authorized operation doesn't have its own IAM permission.
To authorize this operation for Amazon Web Services principals, include
the permission verifiedpermissions:IsAuthorized in their IAM policies.
Usage¶
Arguments¶
policyStoreId[required] Specifies the ID of the policy store. Policies in this policy store will be used to make the authorization decisions for the input.
entitiesSpecifies the list of resources and principals and their associated attributes that Verified Permissions can examine when evaluating the policies.
You can include only principal and resource entities in this parameter; you can't include actions. You must specify actions in the schema.
requests[required] An array of up to 30 requests that you want Verified Permissions to evaluate.
Value¶
A list with the following syntax:
list(
results = list(
list(
request = list(
principal = list(
entityType = "string",
entityId = "string"
),
action = list(
actionType = "string",
actionId = "string"
),
resource = list(
entityType = "string",
entityId = "string"
),
context = list(
contextMap = list(
list(
boolean = TRUE|FALSE,
entityIdentifier = list(
entityType = "string",
entityId = "string"
),
long = 123,
string = "string",
set = list(
list()
),
record = list(
list()
)
)
)
)
),
decision = "ALLOW"|"DENY",
determiningPolicies = list(
list(
policyId = "string"
)
),
errors = list(
list(
errorDescription = "string"
)
)
)
)
)
Request syntax¶
svc$batch_is_authorized(
policyStoreId = "string",
entities = list(
entityList = list(
list(
identifier = list(
entityType = "string",
entityId = "string"
),
attributes = list(
list(
boolean = TRUE|FALSE,
entityIdentifier = list(
entityType = "string",
entityId = "string"
),
long = 123,
string = "string",
set = list(
list()
),
record = list(
list()
)
)
),
parents = list(
list(
entityType = "string",
entityId = "string"
)
)
)
)
),
requests = list(
list(
principal = list(
entityType = "string",
entityId = "string"
),
action = list(
actionType = "string",
actionId = "string"
),
resource = list(
entityType = "string",
entityId = "string"
),
context = list(
contextMap = list(
list(
boolean = TRUE|FALSE,
entityIdentifier = list(
entityType = "string",
entityId = "string"
),
long = 123,
string = "string",
set = list(
list()
),
record = list(
list()
)
)
)
)
)
)
)