Categories
Does the updateACL method on the OAC REST API support "execute" permissions
According to documentation REST API for Oracle Analytics Cloud - Update a catalog item ACL and REST API for Oracle Analytics Cloud - Get catalog item ACL,
The permissions structure should support specifying "execute" permission type, however it does seem to actually work. Nor does the the "execute" permission type get returned from a call to getACL, which does return the other permissions listed in documentation.
Just for sake of testing I specified a non-existent permission name, and got an error back stating my request was invalid as I would expect. However if i put "execute":true, the request is successful, but when going in through GUI the permission "Run Publisher Report" is not added. In fact, for sake of testing I went through GUI to add "Run Publisher Report", and when rerunning the API request that specified "execute":true, the "Run Publisher Report" gets removed, So does the API actually support "execute" and if so, hoping some can help identify the cause of the behavior.
I will note that even though "execute" is listed as a permission type, the example responses in the documentation does not list "execute" either.
Thank you.
Answers
-
Hi,
Do you have a value for "list" in your permissions?
Historically the "execute" ACL had a double meaning: execute on objects supporting that, or traverse, for a directory for example,
When I look at the doc you linked, the permission attributes, there is the "list" permission that I can't really map to the historical ACLs structure ( ).
Therefore I'm guessing if maybe that method does use "execute" or "list" depending on the objects, but at the end of the day, they could be the same entry in the ACL itself.
But I must also say that this "new" webservice method is missing a number of ACL attributes compared to the historical one (it was encoded over 16 bits, and not all were used, but 9 of them were used, more than the 7 listed in the doc you linked).
0 -
Gianni, are you referring to the "older" SOAP API for OBI Publisher? I might have overlooked a method on the SOAP based SecurityService that supports setting the permissions on an object.
If not the SOAP API , then is the historical API you are referring to still available in the OAC?
0 -
I mean the SOAP API that is being in the product for 10+ years. It was there already in OBIEE 11g, 12c and it is still there in OAS and OAC. It isn't a Publisher API.
It does cover various service in the product, including the catalog.
The link I posted above is for the data structure, and is the list of services and methods. There isn't an OAC doc for now, they "forgot" to copy it over (but should be work in progress), but that SOAP API didn't really change for a number of years (I believe one of the changes is that you can now bypass login by using a token).
Oracle then did started writing a new REST API included in OAC and OAS, and that's the one you are trying to use.
1 -
Thanks for your query, I've sent you a DM to clarify a few points and try and assist.
Mike
1 -
To @Gianni Ceresa 's point about the SOAP API doc, we are indeed working on an update that will appear in the Developer's Guide soon, and he is correct that you can use an OAuth2 access token as a header to the logon endpoint to get a session ID.
Mike
0
