Documentation Suite v11.3

GET Security Audit Collections ID

The GET /Security/Audit/Collections/{id} method is used to return the list of security roles and permissions defined for the specified certificate collection The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports).. This method returns HTTP 200 OK on a success with details of the security roles and permissions for the collection.

See also GET Security Roles ID Permissions Collections to list permissions on certificate collections for a specified security role.

Tip: The following permissions (see Security Roles and Claims) are required to use this feature:

/security/read/

Table 578: GET Security Audit Collections {id} Input Parameters

Name	In	Description
id	Path	An integer indicating the Keyfactor Command reference ID of the certificate collection for which to retrieve permission information. Use the GET /CertificateCollections method (see GET Certificate Collections) to determine the ID of the certificate collection you wish to evaluate.

Name

Description

Path

An integer indicating the Keyfactor Command reference ID of the certificate collection for which to retrieve permission information.

Use the GET /CertificateCollections method (see GET Certificate Collections) to determine the ID of the certificate collection you wish to evaluate.

Table 579: GET Security Audit Collections {id} Response Data

Name Description

QueryId An integer indicating the Keyfactor Command reference ID of the certificate collection.

AccessControlList

An array of objects containing the permissions granted to the user in a comma-separated list of arrays. See Version One Permission Model for an overview of the possible permissions.

Name

Description

RoleId

An integer indicating the Keyfactor Command reference ID for the security role.

AreaPermissions

An array of comma-delimited integers indicating the collection permissions assigned to the role. System-Wide collection permissions set on a Role will not show as integers in the AreaPermission parameter. They will show as permissions in the Certificate > Collections section of the global permissions for that Role.

Integer	Area Permission
4	Collection Read
5	Collection Edit Metadata
7	Collection Download with Private Key
8	Collection Revoke
41	Collection Delete

For example:

Copy

 xml:space="preserve">"AccessControlList": [
   {
      "RoleId": "1",
      "AreaPermissions": [
         4,
         5,
         41
      ]
   },
   {
      "RoleId": "3",
      "AreaPermissions": [
         4,
         8,
         41
      ]
   }
],

AssignableRoles

An array of objects containing the security roles defined in Keyfactor Command. Show role details.

For example:

Copy

"AssignableRoles": [
   {
      "RoleId": "1",
      "Name": "Administrator"
   },
   {
      "RoleId": "2",
      "Name": "Reporting API Access"
   }
],

Tip: See the Keyfactor API Reference and Utility which provides a utility through which the Keyfactor API

A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflow

A workflow is a series of steps necessary to complete a process. In the context of Keyfactor Command, it refers to the workflow builder, which allows you automate event-driven tasks when a certificate is requested or revoked. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon (

) at the top of the Management Portal page next to the Log Out button.

Version v11.3

On this page: