Roles This set of APIs can be used to manage user roles. They require that the user_role_scope_management capability be associated with the API key. These APIs are only available to site admins and owners of root scopes. Note • Role Object, on page 1 • Get Roles, on page 1 • Create A Role, on page 2 • Get A Specific Role, on page 2 • Update A Role, on page 3 • Give A Role Access to A Scope, on page 3 • Delete A Specific Role, on page 4 Role Object The role object attributes are: Description Type Attribute Unique identifier for the role. string id Application for which the scope is defined, maybe empty for “Service Provider Roles.” string app_scope_id User-specified name for the role. string name User-specified description for the role. string description Get Roles This endpoint returns a list of roles accessible to the current user. Roles can be filtered to a given root scope. If no scope is provided, all roles, for all scopes the user has access to, are returned. Service provider roles will only be returned if the user is a site admin. Roles 1
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Roles
This set of APIs can be used to manage user roles. They require that the user_role_scope_managementcapability be associated with the API key.
These APIs are only available to site admins and owners of root scopes.Note
• Role Object, on page 1• Get Roles, on page 1• Create A Role, on page 2• Get A Specific Role, on page 2• Update A Role, on page 3• Give A Role Access to A Scope, on page 3• Delete A Specific Role, on page 4
Role ObjectThe role object attributes are:
DescriptionTypeAttribute
Unique identifier for the role.stringid
Application for which the scope is defined, maybeempty for “Service Provider Roles.”
stringapp_scope_id
User-specified name for the role.stringname
User-specified description for the role.stringdescription
Get RolesThis endpoint returns a list of roles accessible to the current user. Roles can be filtered to a given root scope.If no scope is provided, all roles, for all scopes the user has access to, are returned. Service provider roles willonly be returned if the user is a site admin.
Roles1
GET /openapi/v1/roles
Parameters:
DescriptionTypeName
(Optional) ID of a root scope, to return roles onlyassigned to that scope.
stringapp_scope_id
Response object: Returns a list of user role objects.
Sample Python code
resp = restclient.get('/roles')
Create A RoleThis endpoint is used to create a new role.POST /openapi/v1/roles
Parameters:
DescriptionTypeName
User-specified name for the role.stringname
User-specified description for therole.
stringdescription
(Optional) The scope ID underwhich the role is created. If noscope ID is provided, the role isconsidered to be a Service Providerrole.
stringapp_scope_id
The requesting user must have access to the provided scope. A role without a scope is called a ‘Service ProviderRole’ and only site admins may create them.
Response object: Returns the newly created role object.
Update A RoleThis endpoint is used to update an existing role.PUT /openapi/v1/roles/{role_id}
Parameters: The request URL contains the following parameters:
DescriptionTypeName
Unique identifier for the role.stringrole_id
The JSON request body contains the following parameters:
DescriptionTypeName
User-specified name for the role.stringrole
User-specified description for the role.stringdescription
The requesting user must have access to the provided scope. A role without a scope is called a “ServiceProvider Role” and only site admins may update those roles.
Response object: The updated role object with the specified ID.
Give A Role Access to A ScopeThis endpoint gives a role a specific level of access to a scope.POST /openapi/v1/roles/{role_id}/capabilities
Roles3
RolesUpdate A Role
Capabilities can only be added to the roles to which a user has access. If the role is assigned to a scope,capabilities must correspond to that scope or its children. Service Provider roles (those not assigned to a scope)can add capabilities for any scope.
Parameters: The request URL contains the following parameters:
DescriptionTypeName
Unique identifier for the role.stringrole_id
The JSON request body contains the following parameters:
DescriptionTypeName
ID of the scope to which access is provided.stringapp_scope_id
Possible values are SCOPE_READ, SCOPE_WRITE,EXECUTE, ENFORCE, SCOPE_OWNER, DEVELOPER.
stringability
Response object:
DescriptionTypeName
ID of the scope to which access is provided.stringapp_scope_id
ID of the role.stringrole_id
Possible values are SCOPE_READ, SCOPE_WRITE,EXECUTE, ENFORCE, SCOPE_OWNER, DEVELOPER.