Feature #18182
open
Parameter on get_permissions API to return every user and group with permissions
Description
We have a get_permissions API call which returns the direct permission links to an object. For auditing, it is desireable to be able to get a list of all the users and groups that have permission to an object, through both direct and indirect permissions.
Should also be able to apply filters (e.g. to search for a specific user or group by name).
Proposal: add a parameter to get_permissions such as "indirect=true" that returns both direct and indirect permission grants in the form {uuid, permission_type}.
It would also be convenient to be able to return the user/group objects in an 'included' field, for those objects where the requesting user has read access. This would allow a single API response to include both the permission grants and the names of the users/groups that have the grant (instead of having to look up the users/groups separately).
Related issues
Updated by Peter Amstutz over 2 years ago
- Related to Feature #18463: Sharing dialog shows all permissions including indirect and allows searching for users by name added