UnregisterObject "unshare" a Object.
A caveat is that after removing the Relationships, a record of the original Object owner is maintained to prevent an "ownership hijack" attack.
Suppose Bob owns object Foo, which is shared with Bob but not Eve. Eve wants to access Foo but was not given permission to, they could "hijack" Bob's object by waiting for Bob to Unregister Foo, then submitting a RegisterObject Msg, effectively becoming Foo's new owner. If Charlie has a copy of the object, Eve could convince Charlie to share his copy, granting Eve access to Foo. The previous scenario where an unauthorized user is able to claim ownership to data previously unaccessible to them is an "ownership hijack".
Request Body — REQUIRED | ||
---|---|---|
creator string | ||
policy_id string | ||
object objectObject represents an entity which must be access controlled within a Policy.
|
Responses | ||||
---|---|---|---|---|
200 A successful response.
| ||||
default An unexpected error response.
|