Access Control Lists - Query
傳回指定之安全性命名空間和權杖的存取控制清單清單。 如果未提供選擇性參數,則會擷取安全性命名空間中的所有 ACL。
GET https://dev.azure.com/{organization}/_apis/accesscontrollists/{securityNamespaceId}?api-version=7.1-preview.1GET https://dev.azure.com/{organization}/_apis/accesscontrollists/{securityNamespaceId}?token={token}&descriptors={descriptors}&includeExtendedInfo={includeExtendedInfo}&recurse={recurse}&api-version=7.1-preview.1URI 參數
| 名稱 | 位於 | 必要 | 類型 | Description |
|---|---|---|---|---|
|
security
|
path | True |
string uuid |
安全性命名空間識別碼。 |
|
organization
|
path |
string |
Azure DevOps 組織的名稱。 |
|
|
api-version
|
query | True |
string |
要使用的 API 版本。 這應該設定為 '7.1-preview.1' 以使用此版本的 API。 |
|
descriptors
|
query |
string |
選擇性篩選字串,其中包含應該擷取其 ACE 的識別描述項清單,並以 ',' 分隔。 如果保留 null,則會傳回整個 ACL。 |
|
|
include
|
query |
boolean |
如果為 true,請針對傳回清單中包含的存取控制專案填入擴充資訊屬性。 |
|
|
recurse
|
query |
boolean |
如果為 true 且這是階層命名空間,則傳回指定權杖的子 ACL。 |
|
|
token
|
query |
string |
安全性權杖 |
回應
| 名稱 | 類型 | Description |
|---|---|---|
| 200 OK |
成功作業 |
安全性
accessToken
個人存取權杖。 針對使用者名稱和權杖使用任何值作為密碼。
Type:
basic
範例
| All ACLs in a security namespace |
| Filter by descriptors |
| Filter by token |
| Include child ACLs |
| Include extended info properties |
All ACLs in a security namespace
Sample Request
GET https://dev.azure.com/fabrikam/_apis/accesscontrollists/5a27515b-ccd7-42c9-84f1-54c998f03866?api-version=7.1-preview.1
Sample Response
{
"count": 5,
"value": [
{
"inheritPermissions": true,
"token": "1ba198c0-7a12-46ed-a96b-f4e77554c6d4",
"acesDictionary": {
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1",
"allow": 31,
"deny": 0
},
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-2": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-2",
"allow": 31,
"deny": 0
},
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-3": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-3",
"allow": 1,
"deny": 0
}
}
},
{
"inheritPermissions": true,
"token": "1ba198c0-7a12-46ed-a96b-f4e77554c6d4\\846cd9c3-56ba-4158-b6d2-23a3a73244e5",
"acesDictionary": {
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-1-2": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-1-2",
"allow": 8,
"deny": 0
}
}
},
{
"inheritPermissions": true,
"token": "28b9bb88-a513-4115-9b5c-8be39ce1f1ba",
"acesDictionary": {
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-2294004008-329585985-2606533603-2632053178-0-0-0-0-1": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-2294004008-329585985-2606533603-2632053178-0-0-0-0-1",
"allow": 31,
"deny": 0
},
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-2294004008-329585985-2606533603-2632053178-0-0-0-0-2": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-2294004008-329585985-2606533603-2632053178-0-0-0-0-2",
"allow": 31,
"deny": 0
},
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-2294004008-329585985-2606533603-2632053178-0-0-0-0-3": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-2294004008-329585985-2606533603-2632053178-0-0-0-0-3",
"allow": 1,
"deny": 0
}
}
},
{
"inheritPermissions": false,
"token": "token1",
"acesDictionary": {
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1",
"allow": 31,
"deny": 0
}
}
},
{
"inheritPermissions": false,
"token": "token2",
"acesDictionary": {
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1",
"allow": 1,
"deny": 0
},
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-2": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-2",
"allow": 8,
"deny": 0
}
}
}
]
}Filter by descriptors
Sample Request
GET https://dev.azure.com/fabrikam/_apis/accesscontrollists/5a27515b-ccd7-42c9-84f1-54c998f03866?descriptors=Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1&api-version=7.1-preview.1
Sample Response
{
"count": 5,
"value": [
{
"inheritPermissions": true,
"token": "1ba198c0-7a12-46ed-a96b-f4e77554c6d4",
"acesDictionary": {
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1",
"allow": 31,
"deny": 0
}
}
},
{
"inheritPermissions": true,
"token": "1ba198c0-7a12-46ed-a96b-f4e77554c6d4\\846cd9c3-56ba-4158-b6d2-23a3a73244e5",
"acesDictionary": {
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1",
"allow": 0,
"deny": 0
}
}
},
{
"inheritPermissions": true,
"token": "28b9bb88-a513-4115-9b5c-8be39ce1f1ba",
"acesDictionary": {
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1",
"allow": 0,
"deny": 0
}
}
},
{
"inheritPermissions": false,
"token": "token1",
"acesDictionary": {
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1",
"allow": 31,
"deny": 0
}
}
},
{
"inheritPermissions": false,
"token": "token2",
"acesDictionary": {
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1",
"allow": 1,
"deny": 0
}
}
}
]
}Filter by token
Sample Request
GET https://dev.azure.com/fabrikam/_apis/accesscontrollists/5a27515b-ccd7-42c9-84f1-54c998f03866?token=1ba198c0-7a12-46ed-a96b-f4e77554c6d4&api-version=7.1-preview.1
Sample Response
{
"count": 1,
"value": [
{
"inheritPermissions": true,
"token": "1ba198c0-7a12-46ed-a96b-f4e77554c6d4",
"acesDictionary": {
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1",
"allow": 31,
"deny": 0
},
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-2": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-2",
"allow": 31,
"deny": 0
},
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-3": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-3",
"allow": 1,
"deny": 0
}
}
}
]
}Include child ACLs
Sample Request
GET https://dev.azure.com/fabrikam/_apis/accesscontrollists/5a27515b-ccd7-42c9-84f1-54c998f03866?token=1ba198c0-7a12-46ed-a96b-f4e77554c6d4&includeExtendedInfo=False&recurse=True&api-version=7.1-preview.1
Sample Response
{
"count": 2,
"value": [
{
"inheritPermissions": true,
"token": "1ba198c0-7a12-46ed-a96b-f4e77554c6d4",
"acesDictionary": {
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1",
"allow": 31,
"deny": 0
},
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-2": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-2",
"allow": 31,
"deny": 0
},
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-3": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-3",
"allow": 1,
"deny": 0
}
}
},
{
"inheritPermissions": true,
"token": "1ba198c0-7a12-46ed-a96b-f4e77554c6d4\\846cd9c3-56ba-4158-b6d2-23a3a73244e5",
"acesDictionary": {
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-1-2": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-1-2",
"allow": 8,
"deny": 0
}
}
}
]
}Include extended info properties
Sample Request
GET https://dev.azure.com/fabrikam/_apis/accesscontrollists/5a27515b-ccd7-42c9-84f1-54c998f03866?token=1ba198c0-7a12-46ed-a96b-f4e77554c6d4&includeExtendedInfo=True&api-version=7.1-preview.1
Sample Response
{
"count": 1,
"value": [
{
"inheritPermissions": true,
"token": "1ba198c0-7a12-46ed-a96b-f4e77554c6d4",
"acesDictionary": {
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1",
"allow": 31,
"deny": 0,
"extendedInfo": {
"effectiveAllow": 31
}
},
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-2": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-2",
"allow": 31,
"deny": 0,
"extendedInfo": {
"effectiveAllow": 31
}
},
"Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-3": {
"descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-3",
"allow": 1,
"deny": 0,
"extendedInfo": {
"effectiveAllow": 1
}
}
},
"includeExtendedInfo": true
}
]
}定義
| 名稱 | Description |
|---|---|
|
Access |
用於封裝指定 IdentityDescriptor 之允許和拒絕許可權的類別。 |
|
Access |
AccessControlList 類別旨在建立一組 AccessControlEntries 與安全性權杖及其繼承設定的關聯。 |
|
Ace |
保留指定 AccessControlEntry 的繼承有效許可權資訊。 |
|
Identity |
身分識別描述元是 Windows SID、Passport) 身分識別 (類型的包裝函式,以及 SID 或 PUID 等唯一識別碼。 |
AccessControlEntry
用於封裝指定 IdentityDescriptor 之允許和拒絕許可權的類別。
| 名稱 | 類型 | Description |
|---|---|---|
| allow |
integer |
一組許可權位,表示允許執行相關聯描述元的動作。 |
| deny |
integer |
一組許可權位,表示不允許執行相關聯描述元的動作。 |
| descriptor |
此 AccessControlEntry 適用于使用者的描述項。 |
|
| extendedInfo |
當設定時,這個值會報告相關聯描述項的繼承和有效資訊。 只有在 QueryAccessControlList 傳回的 AccessControlEntries 上設定這個值, (s) 呼叫其 includeExtendedInfo 參數設定為 true 時。 |
AccessControlList
AccessControlList 類別旨在建立一組 AccessControlEntries 與安全性權杖及其繼承設定的關聯。
| 名稱 | 類型 | Description |
|---|---|---|
| acesDictionary |
<string,
Access |
在許可權所在的身分識別上,儲存金鑰的許可權。 |
| includeExtendedInfo |
boolean |
如果這個 ACL 保留具有擴充資訊的 ACE,則為 True。 |
| inheritPermissions |
boolean |
如果指定的權杖繼承父代的許可權,則為 True。 |
| token |
string |
此 AccessControlList 的權杖。 |
AceExtendedInformation
保留指定 AccessControlEntry 的繼承有效許可權資訊。
| 名稱 | 類型 | Description |
|---|---|---|
| effectiveAllow |
integer |
這是此權杖上此身分識別的所有明確和繼承許可權的組合。 這些是判斷指定使用者是否有權執行動作時所使用的許可權。 |
| effectiveDeny |
integer |
這是此權杖上此身分識別的所有明確和繼承許可權的組合。 這些是判斷指定使用者是否有權執行動作時所使用的許可權。 |
| inheritedAllow |
integer |
這些是在此權杖上針對此身分識別繼承的許可權。 如果權杖未繼承許可權,這將會是 0。 請注意,此身分識別在此權杖上明確設定的任何許可權,或此身分識別所屬的任何群組,都不包含在此。 |
| inheritedDeny |
integer |
這些是在此權杖上針對此身分識別繼承的許可權。 如果權杖未繼承許可權,這將會是 0。 請注意,此身分識別在此權杖上明確設定的任何許可權,或此身分識別所屬的任何群組,都不包含在此。 |
IdentityDescriptor
身分識別描述元是 Windows SID、Passport) 身分識別 (類型的包裝函式,以及 SID 或 PUID 等唯一識別碼。
| 名稱 | 類型 | Description |
|---|---|---|
| identifier |
string |
此身分識別的唯一識別碼,不超過 256 個字元,將會保存。 |
| identityType |
string |
描述項的類型 (例如 Windows、Passport 等) 。 |