Feature #18182
Updated by Peter Amstutz over 2 years ago
We have a get_permissions API call which returns the direct permission links to an object. For auditing, it is desireable to be able to get a list of _all_ the users and groups that have permission to an object, through both direct and indirect permissions.
Proposal: add a parameter to get_permissions such as "indirect=true" that returns both direct and indirect permission grants in the form {uuid, permission_type}.
It would also be convenient to be able to return the user/group objects in an 'included' field, for those objects where the requesting user has read access. This would allow a single API response to include both the permission grants and the names of the users/groups that have the grant (instead of having to look up the users/groups separately).