Symptoms

  • I want to find the resource(s) that have the Owner (or Referrer) access to a resource with the given APS ID
  • I want to find the resource(s) that are accessble to the resource with given APS ID as Owner (or Referrer)

Cause

This can be necessary when determining the cause of various access error that APSC may return in its REST HTTP response.

Resolution

This information can be obtained through OA database. To achieve access, enter this command on the management node:

# psql -h$(hostname) -Uplesk

The tables that contain this information had their structure changed after version 5.5. Therefore, requests for versions 6.0 and 5.5 are presented:

Version 5.5

Resources that have Owner access to the resource specified in uid:

\set uid '''6e920838-0276-431d-bb60-a71d4800cfaa'''
\set mask 2
SELECT *
FROM aps_resource r
JOIN aps_registry_object ro ON r.registry_object_id = ro.id
WHERE r.id IN
    (SELECT source_resource_id
     FROM aps_registry_object ro
     JOIN aps_resource r ON ro.id = r.registry_object_id
     JOIN aps_resource_link rl ON r.id = rl.target_resource_id
     WHERE rl.role_mask = :mask
       AND ro.uid = :uid);

Resources that can be accessed by resource specified in uid with Owner level:

\set uid '''58adccac-eccc-45e0-b00e-3eb61442a637'''
\set mask 2
SELECT *
FROM aps_resource r
JOIN aps_registry_object ro ON r.registry_object_id = ro.id
WHERE r.id IN
    (SELECT target_resource_id
     FROM aps_registry_object ro
     JOIN aps_resource r ON ro.id = r.registry_object_id
     JOIN aps_resource_link rl ON r.id = rl.source_resource_id
     WHERE rl.role_mask = :mask
       AND ro.uid = :uid);

Version 6.0

Resources that have Owner access to the resource specified in uid:

\set uid '''060362ff-0c61-4972-973d-abf67191105f'''
\set mask 2
SELECT *
FROM aps_resource
WHERE id IN
    (SELECT source_resource_id
     FROM aps_resource r
     JOIN aps_resource_link rl ON r.id = rl.target_resource_id
     WHERE rl.role_mask = :mask
       AND r.uid = :uid);

Resources that can be accessed by resource specified in uid with Owner level:

\set uid '''060362ff-0c61-4972-973d-abf67191105f'''
\set mask 2
SELECT *
FROM aps_resource
WHERE id IN
    (SELECT target_resource_id
     FROM aps_resource r
     JOIN aps_resource_link rl ON r.id = rl.source_resource_id
     WHERE rl.role_mask = :mask
       AND r.uid = :uid);

Note: In the above, in addition to uid parameter (which is an APS ID of the target resource), mask parameter can also be 1 (Referrer) in addition to 2 (Owner).

Resource IDs attained in the queries that return resource's owners can be used in impersonation mechanism.

Read more:

Internal content