Access control

Methods for sharing resources, managing permissions, and assigning control tags on the Istari Digital Platform.

All methods are available on the Client instance. Parameters marked (required) must be provided. See Enums for valid enum values and Pagination for page/size defaults.

Sharing

create_access()

Shares a resource or file with a user by updating the resource or file’s access.

• Parameters:

  • access_relationship (AccessRelationship) – (required)
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: AccessRelationship

update_access()

Updates access to a resource or file.

• Parameters:

  • subject_type (AccessSubjectType) – The type of the subject to update. Currently only user. (required)
  • subject_id (str) – The id of the subject to update. (required)
  • resource_type (AccessResourceType) – The type of the resource to update. One of: model, artifact, job, file, filerevision, tool, function, functionversion, tenant, system, functionauthsecret, authintegration, document. (required)
  • resource_id (str) – The id of the resource to update. (required)
  • update_access_relationship (UpdateAccessRelationship) – (required)
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: AccessRelationship

remove_access()

Removes access to a resource or file.

• Parameters:

  • subject_type (AccessSubjectType) – The type of the subject to remove. Currently only user. (required)
  • subject_id (str) – The id of the subject to remove. (required)
  • resource_type (AccessResourceType) – The type of the resource. One of: model, artifact, job, file, filerevision, tool, function, functionversion, tenant, system, functionauthsecret, authintegration, document. (required)
  • resource_id (str) – The id of the resource to remove access from. (required)
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: object

list_access()

Lists access for a resource or file.

• Parameters:

  • resource_type (AccessResourceType) – The type of the resource. One of: model, artifact, job, file, filerevision, tool, function, functionversion, tenant, system, functionauthsecret, authintegration, document. (required)
  • resource_id (str) – The id of the resource. (required)
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: List[AccessRelationship]

bulk_create_access()

Bulk method that shares resources with users by granting new access relationships.

• Parameters:

  • access_relationship (List [**AccessRelationship ]) – (required)
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: List[AccessRelationship]

create_access_by_email_for_other_tenants()

Shares a resource or file across tenants by the applicable user’s email.

• Parameters:

  • subject_type (AccessSubjectType) – The type of the subject. Currently only user. (required)
  • email (str) – The email of the subject to create access for. (required)
  • resource_type (AccessResourceType) – The type of the resource to create access for. One of: model, artifact, job, file, filerevision, tool, function, functionversion, tenant, system, functionauthsecret, authintegration, document. (required)
  • resource_id (str) – The id of the resource to create access for. (required)
  • access_relationship (AccessRelation) – The access relationship to create. One of: viewer, editor, owner, administrator, executor, upstreamremoteowner. (required)
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: AccessRelationship

update_access_for_resource_type()

Updates access to resources of a type.

• Parameters:

  • subject_type (AccessSubjectType) – The type of the subject to update. Currently only user. (required)
  • subject_id (str) – The id of the subject to update. (required)
  • resource_type (AccessResourceType) – The type of the resources to update. One of: model, artifact, job, file, filerevision, tool, function, functionversion, tenant, system, functionauthsecret, authintegration, document. (required)
  • update_access_relationship_list (UpdateAccessRelationshipList) – (required)
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: List[AccessRelationship]

list_resource_type_permissions()

Lists all permissions of a type for a user for all resources of a type.

• Parameters:

  • subject_type (PermissionSubjectType) – The type of the subject to get permissions for. See PermissionSubjectType for values. (required)
  • subject_id (str) – The id of the subject to get permissions for. (required)
  • resource_type (PermissionResourceType) – The type of the resources to get permissions for. See PermissionResourceType for values. (required)
  • permission (Permission) – The type of the permissions to list. See Permission for values. (required)
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: List[Permissionship]

Control tags

create_control_tag()

Creates a new control tag.

• Parameters:

  • new_control_tag (NewControlTag) – The control tag to create. The description field has a maximum length of 255 characters. (required)
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: ControlTag

get_control_tag()

Gets a control tag by id.

• Parameters:

  • control_tag_id (str) – The ID of the control tag to get.. (required)
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: ControlTag

update_control_tag()

Updates an existing control tag.

• Parameters:

  • update_control_tag (UpdateControlTag) – The updated control tag data. The description field has a maximum length of 255 characters. (required)
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: ControlTag

list_control_tags()

List all control tags

• Parameters: http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: List[ControlTag]

get_control_tag_revision_history()

Control tag revision history.

• Parameters:

  • control_tag_id (str) – (required)
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: List[ControlTagRevision]

get_object_control_tags()

Get the active control tag assignments for an object

• Parameters:

  • object_type (ControlTaggingObjectType) – Type of object to get control tags for. One of: model, artifact, file, user, system, resource, unknown. (required)
  • object_id (str) – ID of the object to get control tags for.. (required)
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: List[ControlTag]

Control tag assignments

add_user_control_taggings()

Assign one or more control tags to a user.

When a control tag is applied to a user, the access is propagated to related resources (e.g., models and their child artifacts). The returned list of resource control taggings may exceed the number of control tags assigned due to this propagation.

The calling user must be a customer admin of the tenant the target user belongs to; otherwise, the operation will fail with a permission denied error.

• Parameters:

  • user_id (str) – Unique identifier of the user to whom control tag access will be assigned.
  • control_tag_ids (Iterable [**str ]) – Identifiers of the control tags to assign.
  • reason (Optional [**str ]) – Optional reason for assigning the control tags.

• Return Type: list[UserControlTagging]

remove_user_control_taggings()

Remove (archive) one or more control tag access assignments from a user.

This method revokes a user’s access to the specified control tags. The calling user must be a customer admin on the tenant the target user belongs to; otherwise, the operation will fail with a permission denied error.

• Parameters:

  • user_id (str) – Unique identifier of the user whose control tag access will be removed.
  • control_tag_ids (Iterable [**str ]) – Identifiers of the control tags to revoke access from.
  • reason (Optional [**str ]) – Optional reason for removing the control tag access.

• Return Type: list[UserControlTagging]

get_user_control_tags()

Retrieve the list of control tags a user has been assigned access to.

This method returns all active control tags associated with the specified user.

• Parameters: user_id (str) – Unique identifier of the user to retrieve control tags for.

• Return Type: list[ControlTag]

get_user_control_tagging_history()

Gets the full history of control taggings added to and removed from a user.

• Parameters:

  • user_id (str) – The ID of the user to get.. (required)
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: List[UserControlTagging]

get_user_control_taggings()

Gets a user’s active control taggings.

• Parameters:

  • user_id (str) – The ID of the user to get.. (required)
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: List[UserControlTagging]

add_model_control_taggings()

Assign one or more control tags to a model.

When a control tag is applied to a model, the tagging is also applied to each of its child artifacts. As a result, the returned list of resource control taggings may include more entries than the number of control tags assigned.

The caller must have owner or administrator access to the model in order to modify control tag assignments.

• Parameters:

  • model_id (str) – Unique identifier of the model to which control tags will be assigned.
  • control_tag_ids (Iterable [**str ]) – Identifiers of the control tags to assign.
  • reason (Optional [**str ]) – Optional reason for assigning the control tags.

• Return Type: list[ResourceControlTagging]

remove_model_control_taggings()

Remove (archive) one or more control tag assignments from a model.

This method revokes control tag access from the specified model. Owner or administrator access to the model or its parent model is required to modify control tag assignments.

• Parameters:

  • model_id (str) – Unique identifier of the model from which control tags will be removed.
  • control_tag_ids (Iterable [**str ]) – Identifiers of the control tags to remove.
  • reason (Optional [**str ]) – Optional reason for removing the control tag assignments.

• Return Type: list[ResourceControlTagging]

get_model_control_tags()

Retrieve the list of control tags currently assigned to a model.

This method returns all active control tags associated with the specified model.

• Parameters: model_id (str) – Unique identifier of the model to retrieve control tags for.

• Return Type: list[ControlTag]

add_artifact_control_taggings()

Assign one or more control tags to an artifact.

This method applies control tags to the specified artifact. Owner or administrator access to the artifact’s parent model is required to modify control tag assignments.

• Parameters:

  • artifact_id (str) – Unique identifier of the artifact to which control tags will be assigned.
  • control_tag_ids (Iterable [**str ]) – Identifiers of the control tags to assign.
  • reason (Optional [**str ]) – Optional reason for assigning the control tags.

• Return Type: list[ResourceControlTagging]

remove_artifact_control_taggings()

Remove (archive) one or more control tag assignments from an artifact.

This method revokes control tag access from the specified artifact. Owner or administrator access to the artifact’s parent model is required to modify control tag assignments.

• Parameters:

  • artifact_id (str) – Unique identifier of the artifact from which control tags will be removed.
  • control_tag_ids (Iterable [**str ]) – Identifiers of the control tags to remove.
  • reason (Optional [**str ]) – Optional reason for removing the control tag assignments.

• Return Type: list[ResourceControlTagging]

get_artifact_control_tags()

Retrieve the list of control tags currently assigned to an artifact.

This method returns all active control tags associated with the specified artifact.

• Parameters: artifact_id (str) – Unique identifier of the artifact to retrieve control tags for.

• Return Type: list[ControlTag]

patch_artifact_control_taggings()

Adds or removes control tags on a artifact.

• Parameters:

  • artifact_id (str) – The ID of the artifact to get.. (required)
  • request_body (List [**str ]) – (required)
  • patch_op (PatchOp) – The operation to perform. One of: set, delete. (required)
  • reason (str) – The reason for the change. This is an optional field.
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: List[ResourceControlTagging]

patch_file_control_taggings()

Adds or removes control tags on a file.

• Parameters:

  • file_id (str) – The ID of the file to get.. (required)
  • request_body (List [**Optional [**str ] ]) – (required)
  • patch_op (PatchOp) – The operation to perform..
  • reason (str) – The reason for the change. This is an optional field.
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: List[FileControlTagging]

patch_model_control_taggings()

Adds or removes control tags on a model.

• Parameters:

  • model_id (str) – The ID of the model to add or remove taggings.. (required)
  • request_body (List [**str ]) – (required)
  • patch_op (PatchOp) – The operation to perform..
  • reason (str) – The reason for the change. This is an optional field.
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: List[ResourceControlTagging]

patch_user_control_taggings()

Adds or removes control tags on a user.

• Parameters:

  • user_id (str) – The ID of the user to get.. (required)
  • request_body (List [**str ]) – (required)
  • patch_op (PatchOp) – The operation to perform..
  • reason (str) – The reason for the change. This is an optional field.
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: List[UserControlTagging]

Deprecated

list_artifact_access()

Deprecated. Use list_access instead.

• Parameters:

  • artifact_id (str) – The id of the artifact to get access for.. (required)
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: List[AccessRelationship]

list_model_access()

Deprecated. Use list_access instead.

• Parameters:

  • model_id (str) – The id of the model to list access permissions for. (required)
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: List[AccessRelationship]

list_job_access()

Deprecated. Use list_access instead.

• Parameters:

  • job_id (str) – The id of the job to list access permissions for. (required)
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: List[AccessRelationship]

patch_artifact_access()

Deprecated. Use update_access instead.

• Parameters:

  • artifact_id (str) – The id of the artifact to update access for.. (required)
  • access_relationship (AccessRelationship) – (required)
  • patch_op (PatchOp) – The operation to perform. One of: set, delete. (required)
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: List[AccessRelationship]

patch_model_access()

Deprecated. Use update_access instead.

• Parameters:

  • model_id (str) – The id of the model to update access for. (required)
  • access_relationship (AccessRelationship) – (required)
  • patch_op (PatchOp) – The operation to perform. One of: set, delete.
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: List[AccessRelationship]

patch_job_access()

Deprecated. Use update_access instead.

• Parameters:

  • job_id (str) – The id of the job to modify access permissions on (required)
  • access_relationship (AccessRelationship) – (required)
  • patch_op (PatchOp) – The operation to perform. One of: set, delete.
  • http_request_timeout_secs (int , optional) – timeout setting for this request

• Return Type: List[AccessRelationship]