Skip to main content
Version: 2026.03

Access control

Data types for permissions, access relationships, and control tags.

info

All data types support standard serialization methods (to_json, from_json, to_dict, from_dict, to_str) which are omitted from the tables below.

AccessRelation

PUBLIC: Relation types that can be assigned between a subject and a resource by a user of Istari.

Attributes:

NameTypeDescription
VIEWER
EDITOR
OWNER
ADMINISTRATOR
EXECUTOR
UPSTREAMREMOTEOWNER

AccessRelationship

PUBLIC: An access relationship that can be viewed/modified by a user of Istari.

Attributes:

NameTypeDescription
subject_typeAccessSubjectType
subject_idstr
relationAccessRelation
resource_typeAccessResourceType
resource_idstr
subject_infoOptional[SubjectInfo ]

AccessResourceType

Public: permission resource types that can the the target of API / UI user role assignments.

Attributes:

NameTypeDescription
MODEL
ARTIFACT
JOB
FILE
FILEREVISION
TOOL
FUNCTION
FUNCTIONVERSION
TENANT
SYSTEM
FUNCTIONAUTHSECRET
AUTHINTEGRATION

AccessSubjectType

Public: permission subject types that can be the subject of access role assignment in UI / API.

Attributes:

NameTypeDescription
USER

Permission

Permission types defined in permissions schema.

Attributes:

NameTypeDescription
MEMBER
MANAGE
VIEW
EDIT
EXECUTE
ARCHIVE
TENANT_ACCESS
CONTROLTAG_ACCESS
CONTROLTAG_MANAGE
ACCESS_MANAGE
ACCESS_VIEW_MANAGE
UPSTREAM_REMOTE_SYNC
ACCESS

PermissionResourceType

INTERNAL: Resource types that can have permissions assigned to them.

Attributes:

NameTypeDescription
MODEL
AGENT
AGENTPOOL
ARTIFACT
FILE
COMMENT
FILEREVISION
TOKEN
JOB
TOOL
FUNCTION
FUNCTIONVERSION
SYSTEM
TENANT
CONTROLTAG
FUNCTIONAUTHSECRET
UPSTREAMREMOTE
AUTHINTEGRATION

PermissionSubjectType

INTERNAL: Subject types that can have permissions assigned to them.

Attributes:

NameTypeDescription
USER
MODEL
AGENT
AGENTPOOL
ARTIFACT
FILE
COMMENT
FILEREVISION
TOKEN
JOB
TOOL
FUNCTION
FUNCTIONVERSION
SYSTEM
TENANT
CONTROLTAG
FUNCTIONAUTHSECRET
AUTHINTEGRATION
UPSTREAMREMOTE

Permissionship

Attributes:

NameTypeDescription
subject_typePermissionSubjectType
subject_idstr
permissionPermission
resource_typePermissionResourceType
resource_idstr

ControlTag

A control (essentially a tag) that is assigned to resource, files, and users. To have access to a resource or file that has one or more controls assigned, the user must have been assigned all the controls applied to the item.

Attributes:

NameTypeDescription
idstr
createddatetime.datetime
created_by_idstr
namestr
statusControlTagStatus
descriptionOptional[str]
display_colorOptional[str]
upstream_remote_infoOptional[UpstreamRemoteInfo]

ControlTagRevision

A control (essentially a tag) that is assigned to resource, files, and users. To have access to a resource or file that has one or more controls assigned, the user must have been assigned all the controls applied to the item.

Attributes:

NameTypeDescription
idstr
createddatetime.datetime
created_by_idstr
control_tag_idstr
namestr
statusControlTagStatus
descriptionOptional[str]
display_colorOptional[str]

ControlTagStatus

Attributes:

NameTypeDescription
ARCHIVED
ACTIVE

ControlTaggingObjectType

Attributes:

NameTypeDescription
MODEL
ARTIFACT
FILE
USER
SYSTEM
RESOURCE
UNKNOWN

ControlTaggingStatus

Attributes:

NameTypeDescription
ARCHIVED
ACTIVE

NewControlTag

Add a new control with optional description and display color.

Attributes:

NameTypeDescription
namestr
descriptionOptional[Annotated[str, Field(min_length=0, strict=True, max_length=255)]]
display_colorOptional[str]

UpdateControlTag

Update an existing control.

Attributes:

NameTypeDescription
idstr
nameOptional[str]
descriptionOptional[Annotated[str, Field(min_length=0, strict=True, max_length=255)]]
statusOptional[ControlTagStatus]
display_colorOptional[str]

BulkSharingAccessRelation

Access relation types for resource bulk sharing operations. This enum contains only the access relations needed for bulk sharing to avoid circular import issues with the permission module.

Attributes:

NameTypeDescription
VIEWER
EDITOR

UpdateAccessRelationship

Attributes:

NameTypeDescription
relationAccessRelation

UpdateAccessRelationshipList

Attributes:

NameTypeDescription
resourcesList[UpdateAccessRelationshipListItem]

UpdateAccessRelationshipListItem

Attributes:

NameTypeDescription
relationAccessRelation
resource_idstr

ResourceControlTagging

A control assignment on a resource.

Attributes:

NameTypeDescription
idstr
createddatetime.datetime
created_by_idstr
control_tagControlTag
statusControlTaggingStatus
reasonOptional[str]
object_typeControlTaggingObjectType
object_idstr
inherited_from_object_idOptional[str]
inherited_from_object_typeOptional[ControlTaggingObjectType]

UserControlTagging

A control assignment to a user.

Attributes:

NameTypeDescription
idstr
createddatetime.datetime
created_by_idstr
control_tagControlTag
statusControlTaggingStatus
reasonOptional[str]
user_idstr

SubjectInfo

Attributes:

NameTypeDescription
usernameOptional[str]
emailOptional[str]
cross_tenant_userOptional[bool]