Enterprise Authorization

Updated: 2022-12-7

To enable authorization for enterprise applications, you can call the following APIs: Departments and Members Operations, Library Operations, and Single Sign-On.

Required: Enable Development Authorization Feature

• Log in to the Enterprise Management Console:

https://passport.fileshow.com/login#ent

• Add authorization in the Development Authorization section:

Authorization Scope

You can set the authorization scope for enabled enterprise authorizations.

Built-in Authorization Actions

Departments and Members Operations

• Departments and Members - Query, Action: ent-common-query, includes the following interfaces:
  • Member List
  • Department List
  • List Members in a Department
  • Role List
  • Get Member Information
  • Get Member Information by External Account
  • Get Department Information by External Department ID
• Departments and Members - Add and Modify, Action: ent-common-update, includes the following interfaces:
  • Add or Modify Synchronized Member
  • Remove Members from Synchronized Department
  • Add Members to Synchronized Department
  • Add Member
  • Modify Member
  • Add Department
  • Modify Department
  • Add Department Member
• Departments and Members - Remove, Action: ent-common-delete, includes the following interfaces:
  • Remove Synchronized Member
  • Remove Members from Synchronized Department
  • Remove Synchronized Department
  • Remove Department from Synchronized Member
  • Remove Member
  • Remove Department
  • Remove Member from Department
  • Remove Member’s Department
• Add Administrator, Action: ent-admin-update, includes the following interface:
  • Add Administrator
• Management Logs - Query, Action: ent-log-query, includes the following interface:
  • Management Logs

Library Operations

• File Library - Query, Action: org-common-query, includes the following interfaces:
  • Get Library Information
  • Get Library List
  • Get Personal Library Information
• File Library - Add and Modify, Action: org-common-update, includes the following interfaces:
  • Create Library
  • Modify Library
  • Set Personal Library
  • Set Library Owner
• File Library - Delete, Action: org-common-delete, includes the following interface:
  • Delete Library
• File Library - Members and Departments - Query, Action: org-member-query, includes the following interfaces:
  • Get Library Members List
  • Query Library Member Information
  • Get Library Departments List
• File Library - Members and Departments - Add and Modify, Action: org-member-update, includes the following interfaces:
  • Add Library Member
  • Modify Library Member Role
  • Add Department to Library
  • Modify Library Department Role
• File Library - Members and Departments - Remove, Action: org-member-delete, includes the following interfaces:
  • Remove Library Member
  • Remove Department from Library
• File Library - Development Authorization - Generate, Action: org-client-update, includes the following interface:
  • Get Library Authorization
• File Library - Development Authorization - Cencel, Action: org-client-delete, includes the following interface:
  • Cencel Library Authorization
• File Library - Logs - Query, Action: org-log-query, includes the following interface:
  • Library Logs

Single Sign-On (SSO)

• SSO - Login to Web Version, Action: sso-login, allows logging in to the web version without the format parameter
• SSO - Get Token, Action: sso-token, allows obtaining gkkey (used to get the user token), with format parameter set to json

IP Restrictions

You can restrict the IP addresses allowed to call the interfaces. This can be specified as individual IP addresses or CIDR notation, separated by newlines.

10.11.213.145
10.11.0.0/16

Custom Configuration

{
  "Version": "2016-09-23",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "openapi:1:org:ls",
      "Resource": "*",
      "Condition": {
        "IpAddress": [
          "10.11.213.145",
          "10.11.0.0/16"
        ]
      }
    }
  ]
}

Configuration Explanation: