The ShowPermissions action returns information on whether a specified IP address is allowed to send query actions or administrative actions to the action port.

For users that belong to the Admin standard role (see Authorization Roles Configuration Parameters), the ShowPermissions response also includes information about the rules that are used to define whether a particular client IP address has particular permissions.



This action checks whether the machine with the IP address is allowed to send actions to the port. If you send the action as a user that belongs to the Admin standard role, the action returns the following information:

  <?xml version="1.0" encoding="UTF-8" ?>
- <autnresponse xmlns:autn="">      <action>SHOWPERMISSIONS</action>      <response>SUCCESS</response>    - <responsedata> - <autn:rules> - <autn:queryclient> <autn:enabled>true</autn:enabled> <autn:origin>*</autn:origin> </autn:queryclient> - <autn:adminclient> <autn:enabled>true</autn:enabled> <autn:origin>*</autn:origin> </autn:adminclient> - <autn:allowedproxy> <autn:enabled>true</autn:enabled> <autn:origin></autn:origin> <autn:origin>::1</autn:origin> <autn:origin></autn:origin> </autn:allowedproxy> - <autn:servicestatusclient> <autn:enabled>true</autn:enabled> <autn:origin>*</autn:origin> </autn:servicestatusclient> - <autn:servicecontrolclient> <autn:enabled>true</autn:enabled> <autn:origin>*</autn:origin> </autn:servicecontrolclient> - <autn:indexclient> <autn:enabled>true</autn:enabled> <autn:origin>::1</autn:origin> <autn:origin></autn:origin> </autn:indexclient> - <autn:allowedindexproxy> <autn:enabled>true</autn:enabled> <autn:origin></autn:origin> <autn:origin>::1</autn:origin> <autn:origin></autn:origin> </autn:allowedindexproxy> </autn:rules>     - <autn:requested>         <autn:ip></autn:ip>         <autn:ipvalid>true</autn:ipvalid>         <autn:queryclient>true</autn:queryclient>         <autn:adminclient>true</autn:adminclient>         <autn:allowedproxy>true</autn:allowedproxy>         <autn:servicestatusclient>true</autn:servicestatusclient>         <autn:servicecontrolclient>true</autn:servicecontrolclient>         <autn:indexclient>false</autn:indexclient>         <autn:allowedindexproxy>true</autn:allowedindexproxy>         <autn:cors>            <autn:enabled>true</autn:enabled>            <autn:origin>*</autn:origin>         </autn:cors>       </autn:requested>      </responsedata>   </autnresponse>

If you send the action as a user that does not belong to the Admin role, the action does not return the <autn:rules> section of the response.

Alternatively you can specify the action without an IP address, in which case Controller returns the permissions information for the referring IP address.

Action Parameters

Parameter Description Required
IP the IP address (in numeric format) that you want to show permissions for.  

This action accepts the following standard ACI action parameters.

Parameter Description
ActionID A string to use to identify an ACI action.
EncryptResponse Encrypt the output.
FileName The file to write output to.
ForceTemplateRefresh Forces the server to load the template from disk.
Output Writes output to a file.
ResponseFormat The format of the action output.
Template The template to use for the action output.
TemplateParamCSVs A list of variables to use for the specified template.