- Products ProductsLocation Services
Solve complex location problems from geofencing to custom routing
PlatformCloud environments for location-centric solution development, data exchange and visualization
Tracking & PositioningFast and accurate tracking and positioning of people and devices, indoors or outdoors
APIs & SDKsEasy to use, scaleable and flexible tools to get going quickly
Developer EcosystemsAccess Location Services on your favorite developer platform ecosystem
- Documentation DocumentationOverview OverviewServices ServicesApplications ApplicationsDevelopment Enablers Development EnablersContent ContentHERE Studio HERE StudioHERE Workspace HERE WorkspaceHERE Marketplace HERE MarketplacePlatform Foundation and Policy Documents Platform Foundation and Policy Documents
- Pricing
- Resources ResourcesTutorials TutorialsExamples ExamplesBlog & Release Announcements Blog & Release AnnouncementsChangelog ChangelogDeveloper Newsletter Developer NewsletterKnowledge Base Knowledge BaseFeature List Feature ListSupport Plans Support PlansSystem Status System StatusLocation Services Coverage Information Location Services Coverage InformationSample Map Data for Students Sample Map Data for Students
- Help
project access
The OLP CLI supports the following:
- list all users, apps, and groups that have access to a project
- grant project access to a user, app, or group
- revoke project access from a user, app, or group
- show policies attached to a user, app, or group in the project
project access list
Retrieves all users, apps, and groups that have access to a project.
olp project access list <project HRN> [command options]
Required parameters:
-
<project HRN>The HRN of the project.
Optional parameters:
-
--policy <policy HRN>Specifies the HRN of the project policy. -
--limit <max number of entities>Specifies the maximum number of entities returned in the result (100 by default). -
--credentials <path to credentials file>The name of a credentials file to use with the command. Credentials files are downloaded separately from the platform portal. -
--profile <profile name>The name of the credentials profile to use from theolpcli.inifile. -
--jsonDisplays the command result in JSON format. -
--quietDisplays members' HRNs, each on a new line.
For more information on using credentials and profiles, see Credentials setup.
Example:
The command below lists all users, apps, and groups that have access to the project:
olp project access list hrn:here:authorization::org:project/my-project-1234 --json
Output:
{"members": [{
"identityType": "app",
"member": "hrn:here:account::org:app/F9p0HU3qCqtxnZ3KnH4z",
"project": "hrn:here:authorization::org:project/my-project-1234",
"info": {
"ownerHrn": "hrn:here:account::org:user/HERE-05966c89-aaf1-4ae2-b0e4-3676b3f8b8c3",
"clientId": "F9p0HU3qCqtxnZ3KnH4z",
"clientHrn": "hrn:here:account::org:app/F9p0HU3qCqtxnZ3KnH4z",
"name": "my-app",
"realm": "org",
"ownerId": "HERE-05966c89-aaf1-4ae2-b0e4-3676b3f8b8c3"
}
}]}
Any --policy specified has to be either one of the policies created for that project or a platform policy.
For more information on using policy listing, see the olp project policy list command.
Example:
The command below lists all users, apps, and groups that have access to the project policy:
Linux
Windows
olp project access list hrn:here:authorization::org:project/my-project-1234 \
--policy hrn:here:authorization::org:project/my-project-1234:policy/all-access-for-abc-catalog \
--jsonolp project access list hrn:here:authorization::org:project/my-project-1234 ^
--policy hrn:here:authorization::org:project/my-project-1234:policy/all-access-for-abc-catalog ^
--jsonOutput:
{"members": [{
"identityType": "app",
"member": "hrn:here:account::org:app/F9p0HU3qCqtxnZ3KnH4z",
"project": "hrn:here:authorization::org:project/my-project-1234",
"info": {
"ownerHrn": "hrn:here:account::org:user/HERE-05966c89-aaf1-4ae2-b0e4-3676b3f8b8c3",
"clientId": "F9p0HU3qCqtxnZ3KnH4z",
"clientHrn": "hrn:here:account::org:app/F9p0HU3qCqtxnZ3KnH4z",
"name": "my-app",
"realm": "org",
"ownerId": "HERE-05966c89-aaf1-4ae2-b0e4-3676b3f8b8c3"
}
}]}
project access grant
Grants project access to a user, app, or group.
olp project access grant <project HRN> [command options]
Required parameters:
-
<project HRN>The HRN of the project.
Optional parameters:
-
--policy <policyHRN1 policyHRN2 ...>The list of HRNs of policies to attach to the identity that is being granted access to the project, separated by space. -
--app <appID1 appID2 ...>The list of application IDs you want to grant project access to, separated by space. -
--user <userID1 userID2 ...>The list of user IDs you want to grant project access to, separated by space. This information can be found in the.here/credentials.propertiesfile, in the user's home directory, or via your profile. -
--group <groupID1 groupID2 ...>The list of group IDs you want to grant project access to, separated by space. -
--projectAttach the policies directly to the project, effectively attaching them to all current and future members. -
--credentials <path to credentials file>The name of a credentials file to use with the command. Credentials files are downloaded separately from the platform portal. -
--profile <profile name>The name of the credentials profile to use from theolpcli.inifile. -
--quietDisplays empty output with no additional information.
Note
- You must specify at least one of these options –
--app,--user,--group, or--project. - For the
--projectoption you must specify at least one--policy. The '--app', '--user', or '--group' options are not allowed to be used together with `--project``. - You can only attach a maximum of 5 policies for a project to an entity and separately a maximum of 5 policies directly to the project. To see existing attachments, execute the
olp project access showcommand.
For more information on using credentials and profiles, see Credentials setup.
Example:
The command below grants project access to a user, app, and group:
Linux
Windows
olp project access grant hrn:here:authorization::org:project/my-project-1234 \
--app F9p0HU3qCqtxnZ3KnH4z \
--user HERE-05966c89-aaf1-4ae2-b0e4-3676b3f8b8c3 \
--group GROUP-859ddd60-78f2-4ad2-865d-7351b01ff008olp project access grant hrn:here:authorization::org:project/my-project-1234 ^
--app F9p0HU3qCqtxnZ3KnH4z ^
--user HERE-05966c89-aaf1-4ae2-b0e4-3676b3f8b8c3 ^
--group GROUP-859ddd60-78f2-4ad2-865d-7351b01ff008Output:
User HERE-05966c89-aaf1-4ae2-b0e4-3676b3f8b8c3 has been granted access to the project hrn:here:authorization::org:project/my-project-1234
Application F9p0HU3qCqtxnZ3KnH4z has been granted access to the project hrn:here:authorization::org:project/my-project-1234
Group GROUP-859ddd60-78f2-4ad2-865d-7351b01ff008 has been granted access to the project hrn:here:authorization::org:project/my-project-1234
Any --policy specified has to be either one of the policies created for that project or a platform policy.
For more information on using policy listing, see the olp project policy list command.
Example:
The command below grants project policy access from a user, app, and group:
Linux
Windows
olp project access grant hrn:here:authorization::org:project/my-project-1234 \
--policy hrn:here:authorization::org:project/my-project-1234:policy/all-access-for-abc-catalog \
--app F9p0HU3qCqtxnZ3KnH4z \
--user HERE-05966c89-aaf1-4ae2-b0e4-3676b3f8b8c3 \
--group GROUP-859ddd60-78f2-4ad2-865d-7351b01ff008olp project access grant hrn:here:authorization::org:project/my-project-1234 ^
--policy hrn:here:authorization::org:project/my-project-1234:policy/all-access-for-abc-catalog ^
--app F9p0HU3qCqtxnZ3KnH4z ^
--user HERE-05966c89-aaf1-4ae2-b0e4-3676b3f8b8c3 ^
--group GROUP-859ddd60-78f2-4ad2-865d-7351b01ff008Output:
User HERE-05966c89-aaf1-4ae2-b0e4-3676b3f8b8c3 has been granted access to the project hrn:here:authorization::org:project/my-project-1234 with attached policy hrn:here:authorization::org:project/my-project-1234:policy/all-access-for-abc-catalog
Application F9p0HU3qCqtxnZ3KnH4z has been granted access to the project hrn:here:authorization::org:project/my-project-1234 with attached policy hrn:here:authorization::org:project/my-project-1234:policy/all-access-for-abc-catalog
Group GROUP-859ddd60-78f2-4ad2-865d-7351b01ff008 has been granted access to the project hrn:here:authorization::org:project/my-project-1234 with attached policy hrn:here:authorization::org:project/my-project-1234:policy/all-access-for-abc-catalog
Example:
The command below grants project policy access to all present and future members:
Linux
Windows
olp project access grant hrn:here:authorization::org:project/my-project-1234 \
--policy hrn:here:authorization::org:project/my-project-1234:policy/all-access-for-abc-catalog \
--projectolp project access grant hrn:here:authorization::org:project/my-project-1234 ^
--policy hrn:here:authorization::org:project/my-project-1234:policy/all-access-for-abc-catalog ^
--projectOutput:
Attached policy hrn:here:authorization::org:project/my-project-1234:policy/all-access-for-abc-catalog to the project hrn:here:authorization::org:project/my-project-1234
project access revoke
Revokes project access from a user, app, or group.
olp project access revoke <project HRN> [command options]
Required parameters:
-
<project HRN>The HRN of the project.
Optional parameters:
-
--policy <policyHRN1 policyHRN2 ...>The list of HRNs of policies to be revoked from the identity that is granted access to the project, separated by space. -
--app <appID1 appID2 ...>The list of application IDs you want to revoke project access from, separated by space. -
--user <userID1 userID2 ...>The list of user IDs you want to revoke project access from, separated by space. This information can be found in the.here/credentials.propertiesfile, in the user's home directory, or via your profile. -
--group <groupID1 groupID2 ...>The list of group IDs you want to revoke project access from, separated by space. -
--projectRevoke the policies that were previosly attached directly to the project. -
--credentials <path to credentials file>The name of a credentials file to use with the command. Credentials files are downloaded separately from the platform portal. -
--profile <profile name>The name of the credentials profile to use from theolpcli.inifile. -
--quietDisplays empty output with no additional information.
Note
- You must specify at least one of these options –
--app,--user,--groupor--project. - For the
--projectoption you must specify at least one--policy. The '--app', '--user', or '--group' options are not allowed to be used together with `--project``.
For more information on using credentials and profiles, see Credentials setup.
Example:
The command below revokes project access from a user, app, and group:
Linux
Windows
olp project access revoke hrn:here:authorization::org:project/my-project-1234 \
--app F9p0HU3qCqtxnZ3KnH4z \
--user HERE-05966c89-aaf1-4ae2-b0e4-3676b3f8b8c3 \
--group GROUP-859ddd60-78f2-4ad2-865d-7351b01ff008olp project access revoke hrn:here:authorization::org:project/my-project-1234 ^
--app F9p0HU3qCqtxnZ3KnH4z ^
--user HERE-05966c89-aaf1-4ae2-b0e4-3676b3f8b8c3 ^
--group GROUP-859ddd60-78f2-4ad2-865d-7351b01ff008Output:
User HERE-05966c89-aaf1-4ae2-b0e4-3676b3f8b8c3 has been revoked access to the project hrn:here:authorization::org:project/my-project-1234
Application F9p0HU3qCqtxnZ3KnH4z has been revoked access to the project hrn:here:authorization::org:project/my-project-1234
Group GROUP-859ddd60-78f2-4ad2-865d-7351b01ff008 has been revoked access to the project hrn:here:authorization::org:project/my-project-1234
The --policy parameter specified here has to be one of the policies attached to a member or to a project in case the --project parameter is used.
For more information on using policy listing, see the olp project access show command.
Example:
The command below revokes project policy access from a user, app, and group:
Linux
Windows
olp project access revoke hrn:here:authorization::org:project/my-project-1234 \
--policy hrn:here:authorization::org:project/my-project-1234:policy/all-access-for-abc-catalog \
--app F9p0HU3qCqtxnZ3KnH4z \
--user HERE-05966c89-aaf1-4ae2-b0e4-3676b3f8b8c3 \
--group GROUP-859ddd60-78f2-4ad2-865d-7351b01ff008olp project access revoke hrn:here:authorization::org:project/my-project-1234 ^
--policy hrn:here:authorization::org:project/my-project-1234:policy/all-access-for-abc-catalog ^
--app F9p0HU3qCqtxnZ3KnH4z ^
--user HERE-05966c89-aaf1-4ae2-b0e4-3676b3f8b8c3 ^
--group GROUP-859ddd60-78f2-4ad2-865d-7351b01ff008Output:
User HERE-05966c89-aaf1-4ae2-b0e4-3676b3f8b8c3 has been revoked access to the policy hrn:here:authorization::org:project/my-project-1234:policy/all-access-for-abc-catalog in the project hrn:here:authorization::org:project/my-project-1234
Application F9p0HU3qCqtxnZ3KnH4z has been revoked access to the policy hrn:here:authorization::org:project/my-project-1234:policy/all-access-for-abc-catalog in the project hrn:here:authorization::org:project/my-project-1234
Group GROUP-859ddd60-78f2-4ad2-865d-7351b01ff008 has been revoked access to the policy hrn:here:authorization::org:project/my-project-1234:policy/all-access-for-abc-catalog in the project hrn:here:authorization::org:project/my-project-1234
Example:
The command below revokes a policy that was previously attached directly to a project:
Linux
Windows
olp project access revoke hrn:here:authorization::org:project/my-project-1234 \
--policy hrn:here:authorization::org:project/my-project-1234:policy/all-access-for-abc-catalog \
--projectolp project access revoke hrn:here:authorization::org:project/my-project-1234 ^
--policy hrn:here:authorization::org:project/my-project-1234:policy/all-access-for-abc-catalog ^
--projectOutput:
Detached policy hrn:here:authorization::org:project/my-project-1234:policy/all-access-for-abc-catalog from the project hrn:here:authorization::org:project/my-project-1234
project access show
Policies attached to a user, app, or group in the project, or directly to the project itself.
olp project access show <project HRN> [command options]
Required parameters:
-
<project HRN>The HRN of the project.
Optional parameters:
-
--app <appID>Application ID you want to query attached project policies for. -
--user <userID>User ID you want to query attached project policies for. This information can be found in the.here/credentials.propertiesfile, in the user's home directory, or through your profile. -
--group <groupID>Group ID you want to query attached project policies for. -
--projectList the policies that were attached to the project directly. -
--credentials <path to credentials file>The name of a credentials file to use with the command. Credentials files are downloaded separately from the platform portal. -
--profile <profile name>The name of the credentials profile to use from theolpcli.inifile. -
--jsonDisplays the command result in JSON format. -
--quietDisplays empty output with no additional information.
Note
You must specify only one of these options – --app, --user, --group or --project.
For more information on using credentials and profiles, see Credentials setup.
Example:
The command below lists the policies attached to a user, app or group:
Linux
Windows
olp project access show hrn:here:authorization::org:project/my-project-1234 \
--app F9p0HU3qCqtxnZ3KnH4z \
--jsonolp project access show hrn:here:authorization::org:project/my-project-1234 ^
--app F9p0HU3qCqtxnZ3KnH4z ^
--jsonOutput:
{"policies": [
{
"id": "all-access-for-abc-catalog",
"hrn": "hrn:here:authorization::org:project/my-project-1234:policy/all-access-for-abc-catalog",
"name": "allAccessForAbcCatalog",
"description": "Read and write access to abc catalog.",
"type": "custom",
"permissions": [
{
"resource": "hrn:here:data::org:abc-catalog",
"resourceType": "catalog",
"allowedActions": [
"readResource", "writeResource"
]
}
]
},
{
"id": "read-only-access-to-all-catalogs",
"hrn": "hrn:here:authorization::org:platform:policy/read-only-access-to-all-catalogs",
"name": "readOnlyAccessToAllCatalogs",
"description": "Read access to all catalogs in project.",
"type": "here-platform",
"permissions": [
{
"resourceType": "catalog",
"allowedActions": [
"readResource"
]
}
]
}
]
}
Example:
The command below lists the policies attached directly to the project:
Linux
Windows
olp project access show hrn:here:authorization::org:project/my-project-1234 \
--project \
--jsonolp project access show hrn:here:authorization::org:project/my-project-1234 ^
--project ^
--jsonOutput:
{"policies": [
{
"id": "all-access-for-abc-catalog",
"hrn": "hrn:here:authorization::org:project/my-project-1234:policy/all-access-for-abc-catalog",
"name": "allAccessForAbcCatalog",
"description": "Read and write access to abc catalog.",
"type": "custom",
"permissions": [
{
"resource": "hrn:here:data::org:abc-catalog",
"resourceType": "catalog",
"allowedActions": [
"readResource", "writeResource"
]
}
]
}
]
}
