Symptoms
- I want to find the resource(s) that have the
Owner
(orReferrer
) access to a resource with the given APS ID - I want to find the resource(s) that are accessble to the resource with given APS ID as
Owner
(orReferrer
)
Cause
This can be necessary when determining the cause of various access error that APSC may return in its REST HTTP response.
Resolution
This information can be obtained through OA database. To achieve access, enter this command on the management node:
# psql -h$(hostname) -Uplesk
The tables that contain this information had their structure changed after version 5.5. Therefore, requests for versions 6.0 and 5.5 are presented:
Version 5.5
Resources that have Owner
access to the resource specified in uid
:
\set uid '''6e920838-0276-431d-bb60-a71d4800cfaa'''
\set mask 2
SELECT *
FROM aps_resource r
JOIN aps_registry_object ro ON r.registry_object_id = ro.id
WHERE r.id IN
(SELECT source_resource_id
FROM aps_registry_object ro
JOIN aps_resource r ON ro.id = r.registry_object_id
JOIN aps_resource_link rl ON r.id = rl.target_resource_id
WHERE rl.role_mask = :mask
AND ro.uid = :uid);
Resources that can be accessed by resource specified in uid
with Owner
level:
\set uid '''58adccac-eccc-45e0-b00e-3eb61442a637'''
\set mask 2
SELECT *
FROM aps_resource r
JOIN aps_registry_object ro ON r.registry_object_id = ro.id
WHERE r.id IN
(SELECT target_resource_id
FROM aps_registry_object ro
JOIN aps_resource r ON ro.id = r.registry_object_id
JOIN aps_resource_link rl ON r.id = rl.source_resource_id
WHERE rl.role_mask = :mask
AND ro.uid = :uid);
Version 6.0
Resources that have Owner
access to the resource specified in uid
:
\set uid '''060362ff-0c61-4972-973d-abf67191105f'''
\set mask 2
SELECT *
FROM aps_resource
WHERE id IN
(SELECT source_resource_id
FROM aps_resource r
JOIN aps_resource_link rl ON r.id = rl.target_resource_id
WHERE rl.role_mask = :mask
AND r.uid = :uid);
Resources that can be accessed by resource specified in uid
with Owner
level:
\set uid '''060362ff-0c61-4972-973d-abf67191105f'''
\set mask 2
SELECT *
FROM aps_resource
WHERE id IN
(SELECT target_resource_id
FROM aps_resource r
JOIN aps_resource_link rl ON r.id = rl.source_resource_id
WHERE rl.role_mask = :mask
AND r.uid = :uid);
Note: In the above, in addition to uid
parameter (which is an APS ID of the target resource), mask
parameter can also be 1
(Referrer
) in addition to 2
(Owner
).
Resource IDs attained in the queries that return resource's owners can be used in impersonation mechanism.
Read more: