Skip to content

Batch Is Authorized

verifiedpermissions_batch_is_authorized R Documentation

Makes a series of decisions about multiple authorization requests for one principal or resource

Description

Makes a series of decisions about multiple authorization requests for one principal or resource. Each request contains the equivalent content of an is_authorized request: principal, action, resource, and context. Either the principal or the resource parameter must be identical across all requests. For example, Verified Permissions won't evaluate a pair of requests where bob views photo1 and alice views photo2. Authorization of bob to view photo1 and photo2, or bob and alice to view photo1, are valid batches.

The request is evaluated against all policies in the specified policy store that match the entities that you declare. The result of the decisions is a series of Allow or Deny responses, along with the IDs of the policies that produced each decision.

The entities of a batch_is_authorized API request can contain up to 100 principals and up to 100 resources. The requests of a batch_is_authorized API request can contain up to 30 requests.

The batch_is_authorized operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission verifiedpermissions:IsAuthorized in their IAM policies.

Usage

verifiedpermissions_batch_is_authorized(policyStoreId, entities,
  requests)

Arguments

policyStoreId

[required] Specifies the ID of the policy store. Policies in this policy store will be used to make the authorization decisions for the input.

entities

Specifies the list of resources and principals and their associated attributes that Verified Permissions can examine when evaluating the policies.

You can include only principal and resource entities in this parameter; you can't include actions. You must specify actions in the schema.

requests

[required] An array of up to 30 requests that you want Verified Permissions to evaluate.

Value

A list with the following syntax:

list(
  results = list(
    list(
      request = list(
        principal = list(
          entityType = "string",
          entityId = "string"
        ),
        action = list(
          actionType = "string",
          actionId = "string"
        ),
        resource = list(
          entityType = "string",
          entityId = "string"
        ),
        context = list(
          contextMap = list(
            list(
              boolean = TRUE|FALSE,
              entityIdentifier = list(
                entityType = "string",
                entityId = "string"
              ),
              long = 123,
              string = "string",
              set = list(
                list()
              ),
              record = list(
                list()
              )
            )
          )
        )
      ),
      decision = "ALLOW"|"DENY",
      determiningPolicies = list(
        list(
          policyId = "string"
        )
      ),
      errors = list(
        list(
          errorDescription = "string"
        )
      )
    )
  )
)

Request syntax

svc$batch_is_authorized(
  policyStoreId = "string",
  entities = list(
    entityList = list(
      list(
        identifier = list(
          entityType = "string",
          entityId = "string"
        ),
        attributes = list(
          list(
            boolean = TRUE|FALSE,
            entityIdentifier = list(
              entityType = "string",
              entityId = "string"
            ),
            long = 123,
            string = "string",
            set = list(
              list()
            ),
            record = list(
              list()
            )
          )
        ),
        parents = list(
          list(
            entityType = "string",
            entityId = "string"
          )
        )
      )
    )
  ),
  requests = list(
    list(
      principal = list(
        entityType = "string",
        entityId = "string"
      ),
      action = list(
        actionType = "string",
        actionId = "string"
      ),
      resource = list(
        entityType = "string",
        entityId = "string"
      ),
      context = list(
        contextMap = list(
          list(
            boolean = TRUE|FALSE,
            entityIdentifier = list(
              entityType = "string",
              entityId = "string"
            ),
            long = 123,
            string = "string",
            set = list(
              list()
            ),
            record = list(
              list()
            )
          )
        )
      )
    )
  )
)