Version 2.0

Get Cbac Marking Restrictions

GET/api/v2/admin/cbacMarkingRestrictions

Warning

This endpoint is in preview and may be modified or removed at any time. To use this endpoint, add preview=true to the request query parameters.

Returns disallowed, implied, and required markings for the given set of marking IDs.

Third-party applications using this endpoint via OAuth2 must request the following operation scope: api:admin-read.

Query parameters

markingIds

list<MarkingId>

optional

The marking IDs for which to get restrictions.

Show child attributes

preview

boolean

optional

Enables the use of preview functionality.

Response body

CbacMarkingRestrictions

object

Hide child attributes

disallowedMarkings

list<MarkingId>

optional

The union of all markings that are disallowed for each of the provided markings. This includes all disallowed markings, not just those present in the provided set.

Show child attributes

impliedMarkings

list<MarkingId>

optional

The union of all markings implied by each of the provided markings. If marking A implies marking B, then membership in A grants membership in B.

Show child attributes

requiredMarkings

list<array>

optional

The required markings for the provided markings. At least one marking from each inner list must be added to the provided markingIds to form a valid classification.

Show child attributes

userSatisfiesMarkings

boolean

True if the current user satisfies the provided markings. The user must be a member of all conjunctive markings. The provided disjunctive markings are grouped by category, and the user must be a member of at least one marking in each group.

isValid

boolean

True if the provided markings contain no disallowed markings and each list of required markings is satisfied by the provided markings.

Examples

Request

Copied!

curl \
\t-H "Authorization: Bearer $TOKEN" \
	"https://$HOSTNAME/api/v2/admin/cbacMarkingRestrictions?preview=true"

Response

Copied!

{
  "disallowedMarkings": [
    "18212f9a-0e63-4b79-96a0-aae04df23336"
  ],
  "requiredMarkings": [
    [
      "18212f9a-0e63-4b79-96a0-aae04df23336"
    ]
  ],
  "userSatisfiesMarkings": true,
  "isValid": true,
  "impliedMarkings": [
    "18212f9a-0e63-4b79-96a0-aae04df23336"
  ]
}

Error responses

Error Name
`GetCbacMarkingRestrictionInfoPermissionDenied`	Error Code	`PERMISSION_DENIED`
	Status Code	403
	Description	The provided token does not have permission to get the CBAC marking restrictions for the markings.
	Parameters	`markingIds`
`CbacUnavailable`	Error Code	`INVALID_ARGUMENT`
	Status Code	400
	Description	CBAC is not available.
	Parameters
`CbacMarkingRestrictionsNotFound`	Error Code	`NOT_FOUND`
	Status Code	404
	Description	The given CbacMarkingRestrictions could not be found.
	Parameters

See Errors for a general overview of errors in the platform.