List a user's grants

get https://api.linode.com/{apiVersion}/account/users/{username}/grants

Returns the full grants structure for an account username you specify. This includes all entities on the account, and the level of access this user has to each of them.

This doesn't apply to the account owner or the current authenticated user. You can run the List grants operation to view those grants. However, this doesn't show the entities that they don't have access to.

📘
This operation can only be accessed by account users with unrestricted access.

OAuth scopes

account:read_only

Learn more...

Responses

Response body

object

database

array of objects

The grants this User has for each Database that is owned by this Account.

database

object

integer

The ID of the entity this grant applies to.

label

string

Read-only The current label of the entity this grant applies to, for display purposes.

permissions

string | null

The level of access this User has to this entity. If null, this User has no access.

read_only read_write

domain

array of objects

The grants this User has for each Domain that is owned by this Account.

domain

object

integer

The ID of the entity this grant applies to.

label

string

Read-only The current label of the entity this grant applies to, for display purposes.

permissions

string | null

The level of access this User has to this entity. If null, this User has no access.

read_only read_write

firewall

array of objects

The grants this User has for each Firewall that is owned by this Account.

firewall

object

integer

The ID of the entity this grant applies to.

label

string

Read-only The current label of the entity this grant applies to, for display purposes.

permissions

string | null

The level of access this User has to this entity. If null, this User has no access.

read_only read_write

global

object

A structure containing the Account-level grants a User has.

account_access

string | null

The level of access this User has to Account-level actions, like billing information. A restricted User will never be able to manage users.

Parent and child accounts

In a parent and child account environment, this grant can be added to a child account user, to give the user read-write access. This gives the child user unrestricted access to expected management operations, such as creating other child users. However, child users don't have write access to billing operations. The API issues a specific error message if a write operation is attempted by a child user.

read_only read_write

add_databases

boolean

If true, this User may add Managed Databases.

add_domains

boolean

If true, this User may add Domains.

add_firewalls

boolean

If true, this User may add Firewalls.

add_images

boolean

If true, this User may add Images.

add_linodes

boolean

If true, this User may create Linodes.

add_longview

boolean

If true, this User may create Longview clients and view the current plan.

add_nodebalancers

boolean

If true, this User may add NodeBalancers.

add_stackscripts

boolean

If true, this User may add StackScripts.

add_volumes

boolean

If true, this User may add Volumes.

add_vpcs

boolean

If true, this User may add VPCs.

cancel_account

boolean

If true, this User may cancel the entire Account.

child_account_access

boolean | null

In a parent and child account environment, this gives a parent account access to endpoints that can be used to manage child accounts. Unrestricted parent account users have access to this grant, while restricted parent users don't. An unrestricted parent user can set this to true to add this grant to a restricted parent user. Displayed as null for all non-parent accounts.

longview_subscription

boolean

If true, this User may manage the Account's Longview subscription.

image

array of objects

The grants this User has for each Image that is owned by this Account.

image

object

integer

The ID of the entity this grant applies to.

label

string

Read-only The current label of the entity this grant applies to, for display purposes.

permissions

string | null

The level of access this User has to this entity. If null, this User has no access.

read_only read_write

linode

array of objects

The grants this User has for each Linode that is owned by this Account.

linode

object

integer

The ID of the entity this grant applies to.

label

string

Read-only The current label of the entity this grant applies to, for display purposes.

permissions

string | null

The level of access this User has to this entity. If null, this User has no access.

read_only read_write

longview

array of objects

The grants this User has for each Longview Client that is owned by this Account.

longview

object

integer

The ID of the entity this grant applies to.

label

string

Read-only The current label of the entity this grant applies to, for display purposes.

permissions

string | null

The level of access this User has to this entity. If null, this User has no access.

read_only read_write

nodebalancer

array of objects

The grants this User has for each NodeBalancer that is owned by this Account.

nodebalancer

object

integer

The ID of the entity this grant applies to.

label

string

Read-only The current label of the entity this grant applies to, for display purposes.

permissions

string | null

The level of access this User has to this entity. If null, this User has no access.

read_only read_write

stackscript

array of objects

The grants this User has for each StackScript that is owned by this Account.

stackscript

object

integer

The ID of the entity this grant applies to.

label

string

Read-only The current label of the entity this grant applies to, for display purposes.

permissions

string | null

The level of access this User has to this entity. If null, this User has no access.

read_only read_write

volume

array of objects

The grants this User has for each Block Storage Volume that is owned by this Account.

volume

object

integer

The ID of the entity this grant applies to.

label

string

Read-only The current label of the entity this grant applies to, for display purposes.

permissions

string | null

The level of access this User has to this entity. If null, this User has no access.

read_only read_write

vpc

array of objects

The grants this User has for each VPC that is owned by this Account.

vpc

object

integer

The ID of the entity this grant applies to.

label

string

Read-only The current label of the entity this grant applies to, for display purposes.

permissions

string | null

The level of access this User has to this entity. If null, this User has no access.

read_only read_write

204

This is an unrestricted User, and therefore has no grants to return. This User may access everything on the Account and perform all actions.

Language

Credentials


xxxxxxxxxx
1
curl --request GET \
2
     --url https://api.linode.com/v4/account/users/username/grants \
3
     --header 'accept: application/json'


xxxxxxxxxx
88
}
1
{
2
  "database": [
3
    {
4
      "id": 123,
5
      "label": "example-entity",
6
      "permissions": "read_only"
7
    }
8
  ],
9
  "domain": [
10
    {
11
      "id": 123,
12
      "label": "example-entity",
13
      "permissions": "read_only"
14
    }
15
  ],
16
  "firewall": [
17
    {
18
      "id": 123,
19
      "label": "example-entity",
20
      "permissions": "read_only"
21
    }
22
  ],
23
  "global": {
24
    "account_access": "read_only",
25
    "add_databases": true,

200The User's grants.

defaultSee Errors for the range of possible error response codes.