- Products ProductsLocation Services
Solve complex location problems from geofencing to custom routing
PlatformCloud environments for location-centric solution development, data exchange and visualization
Tracking & PositioningFast and accurate tracking and positioning of people and devices, indoors or outdoors
APIs & SDKsEasy to use, scaleable and flexible tools to get going quickly
Developer EcosystemsAccess Location Services on your favorite developer platform ecosystem
- Documentation
- Pricing
- Resources ResourcesTutorials TutorialsExamples ExamplesBlog & Release Announcements Blog & Release AnnouncementsChangelog ChangelogDeveloper Newsletter Developer NewsletterKnowledge Base Knowledge BaseFeature List Feature ListSupport Plans Support PlansSystem Status System StatusLocation Services Coverage Information Location Services Coverage InformationSample Map Data for Students Sample Map Data for Students
permission
The OLP CLI supports the following:
- list the associated application's authorization
- report permissions associated with a user, app, group, or realm
To list, grant or revoke permissions, use the following commands depending on the type of platform resource:
- list permissions on a catalog
- grant permissions on a catalog
- revoke permissions on a catalog
- grant permissions on a schema
- revoke permissions on a schema
permission list
Retrieves the application authorization associated with the Client Access Token.
olp permission list [HRN filter] [command options]
Optional parameters:
-
[HRN filter]Freeform text used to filter the permission list. The filter checks if thehrnfield contains thefilterstring. -
--credentials <path to credentials file>The name of a credentials file to use with the command. Credentials files are downloaded separately from the platform portal. -
--profile <profile name>The name of the credentials profile to use from theolpcli.inifile. -
--jsonDisplays the command result in JSON format. -
--quietDisplays the resource HRNs and permissions separated by space, each on a new line.
Note
The olp permission list command only returns direct permissions assigned to the app, and does not include indirect permissions that the app may have through group membership or realm-wide policies.
For more information on using credentials and profiles, see Credentials setup.
Example:
olp permission list
permission report
Lists the permissions assigned to the User, App, Group, or Realm identified by the HRN either directly or indirectly.
olp permission report <HRN> [command options]
Required parameters:
-
<HRN>The HRN of the User, App, Group, or Realm
Optional parameters:
-
--service-id <service id>Only include permissions associated with the service -
--match-action <action name>Only include permissions that match the action -
--match-resource <resource HRN>Only include permissions that match the resource -
--project <project HRN>Only include permissions that are effective for the User, App, or Group in the scope of the project -
--credentials <path to credentials file>The name of a credentials file to use with the command. Credentials files are downloaded separately from the platform portal. -
--profile <profile name>The name of the credentials profile to use from theolpcli.inifile. -
--jsonDisplays the command result in JSON format. -
--quietDisplays the resource HRNs and permissions separated by space, each on a new line.
For more information on using credentials and profiles, see Credentials setup.
Example:
olp permissions report hrn:here-cn:account::org:realm/org
hrn:here-cn:authorization::HERE:policy/some-default-policy
├─ allow someAction for hrn:here-cn:account::org:realm/org (via SOME-SERVICE)
├─ allow someOtherAction for hrn:here-cn:account::org:realm/org (via SOME-SERVICE)
└─ deny deniedAction for hrn:here-cn:account::org:realm/org (via SOME-SERVICE)
hrn:here-cn:authorization::HERE:policy/some-other-default-policy
└─ allow anotherAction for <no resource> (via SOME-OTHER-SERVICE)
hrn:here-cn:authorization::HERE:plan/PLAN-b0ae2f34-9044-47f5-8715-eb1ddbab5de9
└─hrn:here-cn:authorization::HERE:policy/POLICY-00e1fd16-d408-4ec0-94d7-7e8ffcaecb18
├─ allow readResource for hrn:here-cn:service::org:resource1:* (via SOME-SERVICE)
└─ allow writeResource for hrn:here-cn:service::other-org:resource2:* (via SOME-SERVICE)
