0

Create document via API with same security as document created via GUI

Is there a way to have a document created via API, with the assignment of roles and groups matching that of an equivalent document created by user via the GUI? 

We will have an external system create a "Placeholder" documenting VVPM.  When doing that, the only role assigned is the external system account as 'Owner' of the document.  If a user creates an equivalent document via the GUI, our security assigns Roles to  approximately 40 groups (e.g. a 'Viewer' role is assigned to a group with access to view documents associated with the assigned Product on the document. 

Rather than have to program the external system to assign roles following same rules as VVPM would apply to a GUI created document, is there any way to have the API created document assigned the same roles?  It would be best if the assignment happened at document creation just as it would with a  GUI created document, but if we had to run a scheduled Job to reconcile that would be acceptable as well.  

2 comments

  • Avatar
    Jean Christophe Meriaux Official comment

    Document defaulting and overriding rules (defaulting roles on documents) are supported only in the user interface, and not applied when using the API.

    The recommendation is to use DAC for role assignments. DAC is enforced through all the touch points, including the API.

    Thanks,

    Jean-Christophe Meriaux

    Vault platform Product Management 

  • Avatar
    Jeff McMurter

    Thank you for your reply. 

    For now, our security model is a mix of classic security and dynamic security.  In order to assign the classic security roles correctly, we understand that there is no way to have Vault make the assignments.  We do have a followup question.

    Is it possible to make a query via API which would return the list of groups that would be assigned to a document?  If we can return these via a query, we can then assign them via the API.

     

Please sign in to leave a comment.