GET Certificates ID Security

The GET /Certificates/{id}/Security method is used to return details of permission granted to a specific certificate with the specified ID. This method returns HTTP 200 OK on a success with security details in the message body. Both global and collectionClosed The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports).-level permissions are included in the response.

Tip:  The following permissions (see Security Overview) are required to use this feature:

Certificates: Read
SecuritySettings: Read

Certificate permission can be granted at either the global or collection level. See note under CollectionId, below.

Table 189: GET Certificates {id} Security Input Parameters

Name In Description
id Path Required. The Keyfactor Command reference ID of the certificate for which to check security permissions.
CollectionId Query

An integer specifying an optional certificate collection identifier to validate that the user executing the request has sufficient permissions to do so. If a certificate collection ID is not supplied, the user must have global permissions to complete the action. Supplying a certificate collection ID allows for a check of the user's certificate collection-level permissions to determine whether the user has sufficient permissions at a collection level to complete the action. See Certificate Permissions in the Keyfactor Command Reference Guide for more information.

Table 190: GET Certificates {id} Security Response Data

Name Description
Roles

An array containing the certificate-specific permissions granted to the named security identity broken down by permission and defined by role. All roles are returned, including those that have no permissions. ClosedShow role details.

For example, the following return snippet shows the response for the "Power Users" security role:

{
   "Name": "Power Users",
   "Permissions": [
      "Read",
      "EditMetadata",
      "Recover"
   ]
}