Manage Roles
    • PDF

    Manage Roles

    • PDF

    Article summary

    1. Create Role

    This POST method creates a role.

    Note: To execute this API, the user should have permission assigned (through policy) with action as authz.role.create.

    POST{url}}/api/v1/policy-admin/roles

    Request Example

    curl -X POST '{{url}}/api/v1/policy-admin/roles'
    -H 'Authorization: Bearer <token>' -H 'content-type: application/json'
    -d 
    '{
        "name": "testRole",
        "description": "testRole",
        "permissions" :
         [
             {
                 "name": "testPermission",
                 "consumer": "authz",
                 "resources": ["*"],
                 "actions": ["authz.permission.list"]
             },
            {
               "id": "b762825e-c13c-4b32-8780-0a21a6f17025"
             }
         ]
    }'

    Response Example

    Status: 201 Created
    {
        "id": "ab0870cf-b08c-4b60-b632-01edd8d63213",
        "name": "testRole",
        "description": "testRole",
        "permissions": [
            {
                "id": "7a6b41ef-591d-4ff0-b59b-b1e68658239c",
                "name": "testPermission",
                "description": "",
                "consumer": "authz",
                "actions": [
                    "authz.permission.list"
                ],
                "resources": [
                    "*"
                ],
                "isInline": true,
                "isReadOnly": false
            },
            {
                "id": "b762825e-c13c-4b32-8780-0a21a6f17025",
                "name": "DocVault",
                "description": "Doc Vault Permission testing",
                "consumer": "secretmanager",
                "actions": [
                    "sm.passwordpolicy.read",
                    "sm.passwordpolicy.list",
                    "sm.passwordpolicy.update",
                    "sm.passwordpolicy.create",
                    "sm.passwordpolicy.delete"
                ],
                "resources": [
                    "*"
                ],
                "isInline": false,
                "isReadOnly": false
            }
        ],
        "isReadOnly": false
    }

    2. Get All Roles

    This GET method returns a list of all the roles.

    Note: To execute this API, the user should have permission assigned (through policy) with action as authz.role.list.

    GET
    {{url}}/api/v1/policy-admin/roles

    Request Parameters

    The request parameters used in this method are shown in the following table:

    ParameterDescriptionData TypeRequired

    pageToken

    Autogenerated token for next page of records in case the results are more than one page. Append this token in requested API URL to access the next set of pages.
    StringOptional

    Request Example 

    curl -X GET '{{url}}/api/v1/policy-admin/roles' -H 'Authorization: Bearer <token>'

    Response Example 

    Status: 200 Ok
    {
        "result": [
            {
                "id": "13d68bc0-53d5-4e7e-bb4b-12502634088d",
                "name": "AuthzAdminRole",
                "description": "Provides ability to view \"Identity Management\" and Security and administer \"Role and Policy Management\".",
                "permissions": [
                    {
                        "id": "d5fa6644-641f-426a-82b2-a3e7aa287cdb",
                        "name": "UserViewPermission",
                        "description": "View permission for \"Identity Management\".",
                        "consumer": "identity",
                        "actions": [
                            "identity.user.list",
                            "identity.user.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "0263cd12-a26b-4d21-b98f-631e05ad5d64",
                        "name": "AuthzAdminPermission",
                        "description": "View permission for \"Identity Management\" and Security and administrative permission for \"Role and Policy Management\".",
                        "consumer": "authz",
                        "actions": [
                            "authz.action.list",
                            "authz.action.read",
                            "authz.consumer.list",
                            "authz.permission.create",
                            "authz.permission.delete",
                            "authz.permission.list",
                            "authz.permission.read",
                            "authz.permission.update",
                            "authz.policy.create",
                            "authz.policy.delete",
                            "authz.policy.list",
                            "authz.policy.read",
                            "authz.policy.update",
                            "authz.role.create",
                            "authz.role.delete",
                            "authz.role.list",
                            "authz.role.read",
                            "authz.role.update"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "cb428506-d6c9-4b84-996a-86aed5844a27",
                        "name": "SecurityViewPermission",
                        "description": "View permission for Security.",
                        "consumer": "securityadmin",
                        "actions": [
                            "securityadmin.security.list",
                            "securityadmin.security.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    }
                ],
                "isReadOnly": true
            },
            {
                "id": "14d69019-b195-4618-b1a7-dd340f0dbc0f",
                "name": "TenantAuditorRole",
                "description": "Provides ability to view all modules.",
                "permissions": [
                    {
                        "id": "d5fa6644-641f-426a-82b2-a3e7aa287cdb",
                        "name": "UserViewPermission",
                        "description": "View permission for \"Identity Management\".",
                        "consumer": "identity",
                        "actions": [
                            "identity.user.list",
                            "identity.user.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "1273b27a-c6a8-498e-897b-ea9a514232ed",
                        "name": "AuthzAuditorPermission",
                        "description": "View permission for \"Identity Management\", Security and \"Role and Policy Management\".",
                        "consumer": "authz",
                        "actions": [
                            "authz.action.list",
                            "authz.action.read",
                            "authz.consumer.list",
                            "authz.permission.list",
                            "authz.permission.read",
                            "authz.policy.list",
                            "authz.policy.read",
                            "authz.role.list",
                            "authz.role.read"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "5a937d6f-1f55-4555-b02d-04645a3a0798",
                        "name": "NMAuditorPermission",
                        "description": "View permission for \"Notification Service\"",
                        "consumer": "notificationmanager",
                        "actions": [
                            "nm.channels.list",
                            "nm.notification.list",
                            "nm.notification.read",
                            "nm.notificationmetadata.list",
                            "nm.notificationmetadata.read"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "111f2f4d-b365-4e1b-ad20-d19729bacac4",
                        "name": "WorkflowViewPermission",
                        "description": "View permission for Workflows.",
                        "consumer": "workflows",
                        "actions": [
                            "workflows.notification.list",
                            "workflows.notification.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "fc73eac4-d9dd-4117-836d-db919db0ce6b",
                        "name": "AuditLogViewPermission",
                        "description": "View permission for Diagnostics.",
                        "consumer": "diagnostics",
                        "actions": [
                            "diagnostics.audit.list",
                            "diagnostics.audit.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "ff82a768-a651-4916-80a3-1e86dcd7b6cf",
                        "name": "ApplicationViewPermission",
                        "description": "View permission for \"Application and Access Profile Management\".",
                        "consumer": "apps",
                        "actions": [
                            "apps.app.list",
                            "apps.app.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "cb428506-d6c9-4b84-996a-86aed5844a27",
                        "name": "SecurityViewPermission",
                        "description": "View permission for Security.",
                        "consumer": "securityadmin",
                        "actions": [
                            "securityadmin.security.list",
                            "securityadmin.security.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "916b8bd3-71e0-4780-a788-7b38d1225ee2",
                        "name": "ReportsViewPermission",
                        "description": "View permission for \"Application and Access Profile Management\".",
                        "consumer": "reports",
                        "actions": [
                            "reports.report.list",
                            "reports.report.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "d1b4dc40-f91d-4fe6-adbf-c09ae479974b",
                        "name": "SMAuditorPermission",
                        "description": "View permission for \"Secret Manager\"",
                        "consumer": "secretmanager",
                        "actions": [
                            "authz.policy.list",
                            "authz.policy.read",
                            "sm.node.list",
                            "sm.node.read",
                            "sm.passwordpolicy.list",
                            "sm.passwordpolicy.read",
                            "sm.secret.list",
                            "sm.secret.read",
                            "sm.secrettemplate.list",
                            "sm.secrettemplate.read",
                            "sm.vault.list",
                            "sm.vault.read"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "8d4493e0-81b5-406c-b3ec-852527217f2a",
                        "name": "AnalyticsViewPermission",
                        "description": "View permission for \"Advanced Data Analytics\".",
                        "consumer": "ada",
                        "actions": [
                            "ada.queryengine.view",
                            "ada.riskanalytics.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    }
                ],
                "isReadOnly": true
            },
            {
                "id": "16a5e509-fde5-4a46-9d26-c4d4b945defe",
                "name": "SMAuditorRole",
                "description": "Provides ability to view \"Secret Manager\"",
                "permissions": [
                    {
                        "id": "d5fa6644-641f-426a-82b2-a3e7aa287cdb",
                        "name": "UserViewPermission",
                        "description": "View permission for \"Identity Management\".",
                        "consumer": "identity",
                        "actions": [
                            "identity.user.list",
                            "identity.user.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "5a937d6f-1f55-4555-b02d-04645a3a0798",
                        "name": "NMAuditorPermission",
                        "description": "View permission for \"Notification Service\"",
                        "consumer": "notificationmanager",
                        "actions": [
                            "nm.channels.list",
                            "nm.notification.list",
                            "nm.notification.read",
                            "nm.notificationmetadata.list",
                            "nm.notificationmetadata.read"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "cb428506-d6c9-4b84-996a-86aed5844a27",
                        "name": "SecurityViewPermission",
                        "description": "View permission for Security.",
                        "consumer": "securityadmin",
                        "actions": [
                            "securityadmin.security.list",
                            "securityadmin.security.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "d1b4dc40-f91d-4fe6-adbf-c09ae479974b",
                        "name": "SMAuditorPermission",
                        "description": "View permission for \"Secret Manager\"",
                        "consumer": "secretmanager",
                        "actions": [
                            "authz.policy.list",
                            "authz.policy.read",
                            "sm.node.list",
                            "sm.node.read",
                            "sm.passwordpolicy.list",
                            "sm.passwordpolicy.read",
                            "sm.secret.list",
                            "sm.secret.read",
                            "sm.secrettemplate.list",
                            "sm.secrettemplate.read",
                            "sm.vault.list",
                            "sm.vault.read"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    }
                ],
                "isReadOnly": true
            },
            {
                "id": "1ce71b66-bb42-446c-a4e9-ff2c251a9901",
                "name": "--lp-role",
                "description": "",
                "permissions": [
                    {
                        "id": "ef9184fc-0412-4800-bcba-072128cd2605",
                        "name": "--lpp--perm",
                        "description": "",
                        "consumer": "notificationmanager",
                        "actions": [
                            "nm.channels.list",
                            "nm.notification.create",
                            "nm.notification.delete",
                            "nm.notification.list",
                            "nm.notification.read",
                            "nm.notification.update",
                            "nm.notificationmetadata.list",
                            "nm.notificationmetadata.read"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": true,
                        "isReadOnly": false
                    },
                    {
                        "id": "d1b4dc40-f91d-4fe6-adbf-c09ae479974b",
                        "name": "SMAuditorPermission",
                        "description": "View permission for \"Secret Manager\"",
                        "consumer": "secretmanager",
                        "actions": [
                            "authz.policy.list",
                            "authz.policy.read",
                            "sm.node.list",
                            "sm.node.read",
                            "sm.passwordpolicy.list",
                            "sm.passwordpolicy.read",
                            "sm.secret.list",
                            "sm.secret.read",
                            "sm.secrettemplate.list",
                            "sm.secrettemplate.read",
                            "sm.vault.list",
                            "sm.vault.read"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    }
                ],
                "isReadOnly": false
            },
            {
                "id": "1f885e1c-7b46-49ff-a367-de4080076b57",
                "name": "AuthzAuditorRole",
                "description": "Provides ability to view \"Identity Management\", Security and \"Role and Policy Management\".",
                "permissions": [
                    {
                        "id": "d5fa6644-641f-426a-82b2-a3e7aa287cdb",
                        "name": "UserViewPermission",
                        "description": "View permission for \"Identity Management\".",
                        "consumer": "identity",
                        "actions": [
                            "identity.user.list",
                            "identity.user.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "1273b27a-c6a8-498e-897b-ea9a514232ed",
                        "name": "AuthzAuditorPermission",
                        "description": "View permission for \"Identity Management\", Security and \"Role and Policy Management\".",
                        "consumer": "authz",
                        "actions": [
                            "authz.action.list",
                            "authz.action.read",
                            "authz.consumer.list",
                            "authz.permission.list",
                            "authz.permission.read",
                            "authz.policy.list",
                            "authz.policy.read",
                            "authz.role.list",
                            "authz.role.read"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "cb428506-d6c9-4b84-996a-86aed5844a27",
                        "name": "SecurityViewPermission",
                        "description": "View permission for Security.",
                        "consumer": "securityadmin",
                        "actions": [
                            "securityadmin.security.list",
                            "securityadmin.security.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    }
                ],
                "isReadOnly": true
            },
            {
                "id": "21b6e779-2ef4-4860-9188-b6d8a4b332c3",
                "name": "UserviewRole",
                "description": "Provides ability to view \"Identity Management\".",
                "permissions": [
                    {
                        "id": "d5fa6644-641f-426a-82b2-a3e7aa287cdb",
                        "name": "UserViewPermission",
                        "description": "View permission for \"Identity Management\".",
                        "consumer": "identity",
                        "actions": [
                            "identity.user.list",
                            "identity.user.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    }
                ],
                "isReadOnly": true
            },
            {
                "id": "2586b9e9-a589-4960-895d-3def67061b8d",
                "name": "WorkflowAdminRole",
                "description": "Provides ability to administer Workflows.",
                "permissions": [
                    {
                        "id": "65c043c4-7ec3-4185-aa08-613087a621ca",
                        "name": "WorkflowAdminPermission",
                        "description": "Administrative permission for Workflows.",
                        "consumer": "workflows",
                        "actions": [
                            "workflows.notification.list",
                            "workflows.notification.manage",
                            "workflows.notification.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    }
                ],
                "isReadOnly": true
            },
            {
                "id": "2e4a03a0-4a20-47e0-96d3-4a7c8e9052c6",
                "name": "ApplicationAdminRole",
                "description": "Provides ability to administer \"Application and Access Profile Management\".",
                "permissions": [
                    {
                        "id": "c489343d-33a7-4b8f-afc3-f16e4d7064b9",
                        "name": "ApplicationAdminPermission",
                        "description": "Administrative permission for \"Application and Access Profile Management\".",
                        "consumer": "apps",
                        "actions": [
                            "apps.app.list",
                            "apps.app.manage",
                            "apps.app.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    }
                ],
                "isReadOnly": true
            },
            {
                "id": "3680e65b-c2d2-4817-91b4-64f70c599615",
                "name": "ApplicationViewRole",
                "description": "Provides ability to view \"Application and Access Profile Management\".",
                "permissions": [
                    {
                        "id": "ff82a768-a651-4916-80a3-1e86dcd7b6cf",
                        "name": "ApplicationViewPermission",
                        "description": "View permission for \"Application and Access Profile Management\".",
                        "consumer": "apps",
                        "actions": [
                            "apps.app.list",
                            "apps.app.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    }
                ],
                "isReadOnly": true
            },
            {
                "id": "3794317a-397f-471e-a25e-938d66cd3f23",
                "name": "SecurityViewRole",
                "description": "Provides ability to view Security.",
                "permissions": [
                    {
                        "id": "cb428506-d6c9-4b84-996a-86aed5844a27",
                        "name": "SecurityViewPermission",
                        "description": "View permission for Security.",
                        "consumer": "securityadmin",
                        "actions": [
                            "securityadmin.security.list",
                            "securityadmin.security.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    }
                ],
                "isReadOnly": true
            },
            {
                "id": "3ae1d4f0-b780-45da-bb22-c483c539558f",
                "name": "WorkflowViewRole",
                "description": "Provides ability to view Workflows.",
                "permissions": [
                    {
                        "id": "111f2f4d-b365-4e1b-ad20-d19729bacac4",
                        "name": "WorkflowViewPermission",
                        "description": "View permission for Workflows.",
                        "consumer": "workflows",
                        "actions": [
                            "workflows.notification.list",
                            "workflows.notification.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    }
                ],
                "isReadOnly": true
            },
            {
                "id": "3c0c8cfe-b3ea-4fe5-8df8-7d98818ab47b",
                "name": "AnalyticsViewRole",
                "description": "Provides ability to view \"Advanced Data Analytics\".",
                "permissions": [
                    {
                        "id": "8d4493e0-81b5-406c-b3ec-852527217f2a",
                        "name": "AnalyticsViewPermission",
                        "description": "View permission for \"Advanced Data Analytics\".",
                        "consumer": "ada",
                        "actions": [
                            "ada.queryengine.view",
                            "ada.riskanalytics.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    }
                ],
                "isReadOnly": true
            },
            {
                "id": "4b8b9b1f-0fa7-4b39-ab42-32bcce0b7c7b",
                "name": "NMAdminRole",
                "description": "Provides ability to administer \"Notification Service\"",
                "permissions": [
                    {
                        "id": "586cc11f-b210-4f57-b00b-28c459cb9286",
                        "name": "NMAdminPermission",
                        "description": "Administrative permission for \"Notification Service\"",
                        "consumer": "notificationmanager",
                        "actions": [
                            "nm.*.*",
                            "nm.channels.list",
                            "nm.notification.*",
                            "nm.notification.create",
                            "nm.notification.delete",
                            "nm.notification.list",
                            "nm.notification.read",
                            "nm.notification.update",
                            "nm.notificationmetadata.list",
                            "nm.notificationmetadata.read"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    }
                ],
                "isReadOnly": true
            },
            {
                "id": "5ec72f8c-20a3-4b9a-93a3-eb6ba44cf488",
                "name": "UserAdminRole",
                "description": "Provides ability to administer \"Identity Management\".",
                "permissions": [
                    {
                        "id": "cc1f750c-4cd7-498f-9d99-79364e419242",
                        "name": "UserAdminPermission",
                        "description": "Administrative permission for \"Identity Management\".",
                        "consumer": "identity",
                        "actions": [
                            "identity.user.list",
                            "identity.user.manage",
                            "identity.user.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    }
                ],
                "isReadOnly": true
            },
            {
                "id": "68b62d9b-69d6-499c-880e-cf10f705eb35",
                "name": "NMAuditorRole",
                "description": "Provides ability to view \"Notification Service\"",
                "permissions": [
                    {
                        "id": "5a937d6f-1f55-4555-b02d-04645a3a0798",
                        "name": "NMAuditorPermission",
                        "description": "View permission for \"Notification Service\"",
                        "consumer": "notificationmanager",
                        "actions": [
                            "nm.channels.list",
                            "nm.notification.list",
                            "nm.notification.read",
                            "nm.notificationmetadata.list",
                            "nm.notificationmetadata.read"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    }
                ],
                "isReadOnly": true
            },
            {
                "id": "6a524f85-4faf-4da8-9811-852cf075270f",
                "name": "testrole1",
                "description": "",
                "permissions": [
                    {
                        "id": "84c5557d-4e4b-4cc7-9791-f39d6a4ffb5f",
                        "name": "alife3",
                        "description": "",
                        "consumer": "reports",
                        "actions": [
                            "reports.report.list"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": true,
                        "isReadOnly": false
                    }
                ],
                "isReadOnly": false
            },
            {
                "id": "8ee06482-f7d5-4454-8c4a-01067cb45a7b",
                "name": "AuditLogViewRole",
                "description": "Provides ability to view Diagnostics.",
                "permissions": [
                    {
                        "id": "fc73eac4-d9dd-4117-836d-db919db0ce6b",
                        "name": "AuditLogViewPermission",
                        "description": "View permission for Diagnostics.",
                        "consumer": "diagnostics",
                        "actions": [
                            "diagnostics.audit.list",
                            "diagnostics.audit.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    }
                ],
                "isReadOnly": true
            },
            {
                "id": "a0dbbb91-ce79-47b3-b136-4bdae4fcbd58",
                "name": "SMAdminRole",
                "description": "Provides ability to administer \"Secret Manager\"",
                "permissions": [
                    {
                        "id": "d5fa6644-641f-426a-82b2-a3e7aa287cdb",
                        "name": "UserViewPermission",
                        "description": "View permission for \"Identity Management\".",
                        "consumer": "identity",
                        "actions": [
                            "identity.user.list",
                            "identity.user.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "5a937d6f-1f55-4555-b02d-04645a3a0798",
                        "name": "NMAuditorPermission",
                        "description": "View permission for \"Notification Service\"",
                        "consumer": "notificationmanager",
                        "actions": [
                            "nm.channels.list",
                            "nm.notification.list",
                            "nm.notification.read",
                            "nm.notificationmetadata.list",
                            "nm.notificationmetadata.read"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "c492459c-68b9-4530-931e-ee59f03a7d6d",
                        "name": "SMAdminPermission",
                        "description": "Administrative permission for \"Secret Manager\"",
                        "consumer": "secretmanager",
                        "actions": [
                            "authz.policy.create",
                            "authz.policy.delete",
                            "authz.policy.list",
                            "authz.policy.read",
                            "authz.policy.update",
                            "sm.key.rotate",
                            "sm.node.create",
                            "sm.node.delete",
                            "sm.node.list",
                            "sm.node.read",
                            "sm.node.update",
                            "sm.passwordpolicy.create",
                            "sm.passwordpolicy.delete",
                            "sm.passwordpolicy.list",
                            "sm.passwordpolicy.read",
                            "sm.passwordpolicy.update",
                            "sm.secret.create",
                            "sm.secret.delete",
                            "sm.secret.list",
                            "sm.secret.read",
                            "sm.secret.update",
                            "sm.secrettemplate.create",
                            "sm.secrettemplate.delete",
                            "sm.secrettemplate.list",
                            "sm.secrettemplate.read",
                            "sm.secrettemplate.update",
                            "sm.vault.create",
                            "sm.vault.delete",
                            "sm.vault.list",
                            "sm.vault.read",
                            "sm.vault.update"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "cb428506-d6c9-4b84-996a-86aed5844a27",
                        "name": "SecurityViewPermission",
                        "description": "View permission for Security.",
                        "consumer": "securityadmin",
                        "actions": [
                            "securityadmin.security.list",
                            "securityadmin.security.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    }
                ],
                "isReadOnly": true
            },
            {
                "id": "c17d2812-60b7-4225-8f9c-86475bc473bd",
                "name": "TenantAdminRole",
                "description": "Provides ability to administer all modules.",
                "permissions": [
                    {
                        "id": "93530518-800c-4e4b-9025-04bce8f582e4",
                        "name": "SecurityAdminPermission",
                        "description": "Administrative permission for Security.",
                        "consumer": "securityadmin",
                        "actions": [
                            "securityadmin.security.list",
                            "securityadmin.security.manage",
                            "securityadmin.security.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "65c043c4-7ec3-4185-aa08-613087a621ca",
                        "name": "WorkflowAdminPermission",
                        "description": "Administrative permission for Workflows.",
                        "consumer": "workflows",
                        "actions": [
                            "workflows.notification.list",
                            "workflows.notification.manage",
                            "workflows.notification.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "c492459c-68b9-4530-931e-ee59f03a7d6d",
                        "name": "SMAdminPermission",
                        "description": "Administrative permission for \"Secret Manager\"",
                        "consumer": "secretmanager",
                        "actions": [
                            "authz.policy.create",
                            "authz.policy.delete",
                            "authz.policy.list",
                            "authz.policy.read",
                            "authz.policy.update",
                            "sm.key.rotate",
                            "sm.node.create",
                            "sm.node.delete",
                            "sm.node.list",
                            "sm.node.read",
                            "sm.node.update",
                            "sm.passwordpolicy.create",
                            "sm.passwordpolicy.delete",
                            "sm.passwordpolicy.list",
                            "sm.passwordpolicy.read",
                            "sm.passwordpolicy.update",
                            "sm.secret.create",
                            "sm.secret.delete",
                            "sm.secret.list",
                            "sm.secret.read",
                            "sm.secret.update",
                            "sm.secrettemplate.create",
                            "sm.secrettemplate.delete",
                            "sm.secrettemplate.list",
                            "sm.secrettemplate.read",
                            "sm.secrettemplate.update",
                            "sm.vault.create",
                            "sm.vault.delete",
                            "sm.vault.list",
                            "sm.vault.read",
                            "sm.vault.update"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "fc73eac4-d9dd-4117-836d-db919db0ce6b",
                        "name": "AuditLogViewPermission",
                        "description": "View permission for Diagnostics.",
                        "consumer": "diagnostics",
                        "actions": [
                            "diagnostics.audit.list",
                            "diagnostics.audit.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "0263cd12-a26b-4d21-b98f-631e05ad5d64",
                        "name": "AuthzAdminPermission",
                        "description": "View permission for \"Identity Management\" and Security and administrative permission for \"Role and Policy Management\".",
                        "consumer": "authz",
                        "actions": [
                            "authz.action.list",
                            "authz.action.read",
                            "authz.consumer.list",
                            "authz.permission.create",
                            "authz.permission.delete",
                            "authz.permission.list",
                            "authz.permission.read",
                            "authz.permission.update",
                            "authz.policy.create",
                            "authz.policy.delete",
                            "authz.policy.list",
                            "authz.policy.read",
                            "authz.policy.update",
                            "authz.role.create",
                            "authz.role.delete",
                            "authz.role.list",
                            "authz.role.read",
                            "authz.role.update"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "586cc11f-b210-4f57-b00b-28c459cb9286",
                        "name": "NMAdminPermission",
                        "description": "Administrative permission for \"Notification Service\"",
                        "consumer": "notificationmanager",
                        "actions": [
                            "nm.*.*",
                            "nm.channels.list",
                            "nm.notification.*",
                            "nm.notification.create",
                            "nm.notification.delete",
                            "nm.notification.list",
                            "nm.notification.read",
                            "nm.notification.update",
                            "nm.notificationmetadata.list",
                            "nm.notificationmetadata.read"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "916b8bd3-71e0-4780-a788-7b38d1225ee2",
                        "name": "ReportsViewPermission",
                        "description": "View permission for \"Application and Access Profile Management\".",
                        "consumer": "reports",
                        "actions": [
                            "reports.report.list",
                            "reports.report.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "c489343d-33a7-4b8f-afc3-f16e4d7064b9",
                        "name": "ApplicationAdminPermission",
                        "description": "Administrative permission for \"Application and Access Profile Management\".",
                        "consumer": "apps",
                        "actions": [
                            "apps.app.list",
                            "apps.app.manage",
                            "apps.app.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "8d4493e0-81b5-406c-b3ec-852527217f2a",
                        "name": "AnalyticsViewPermission",
                        "description": "View permission for \"Advanced Data Analytics\".",
                        "consumer": "ada",
                        "actions": [
                            "ada.queryengine.view",
                            "ada.riskanalytics.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    },
                    {
                        "id": "cc1f750c-4cd7-498f-9d99-79364e419242",
                        "name": "UserAdminPermission",
                        "description": "Administrative permission for \"Identity Management\".",
                        "consumer": "identity",
                        "actions": [
                            "identity.user.list",
                            "identity.user.manage",
                            "identity.user.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    }
                ],
                "isReadOnly": true
            },
            {
                "id": "e505cd4d-9933-4c2c-867e-9e7bbf627f4b",
                "name": "ReportsViewRole",
                "description": "Provides ability to view Reports and Dashboards.",
                "permissions": [
                    {
                        "id": "916b8bd3-71e0-4780-a788-7b38d1225ee2",
                        "name": "ReportsViewPermission",
                        "description": "View permission for \"Application and Access Profile Management\".",
                        "consumer": "reports",
                        "actions": [
                            "reports.report.list",
                            "reports.report.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    }
                ],
                "isReadOnly": true
            },
            {
                "id": "f3875578-424e-4fd2-809f-4b365342576e",
                "name": "SecurityAdminRole",
                "description": "Provides ability to administer Security.",
                "permissions": [
                    {
                        "id": "93530518-800c-4e4b-9025-04bce8f582e4",
                        "name": "SecurityAdminPermission",
                        "description": "Administrative permission for Security.",
                        "consumer": "securityadmin",
                        "actions": [
                            "securityadmin.security.list",
                            "securityadmin.security.manage",
                            "securityadmin.security.view"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": true
                    }
                ],
                "isReadOnly": true
            }
        ],
        "pagination": {
            "next": "",
            "prev": ""
        }
    }

    3. Get Role with ID

    This GET method returns details of a role for a specified <role_id>.

    Note: To execute this API, the user should have permission assigned (through policy) with action as authz.role.read.

    GET
    {{url}}/api/v1/policy-admin/roles/<role_id>

    Request Example 

    curl -X GET '{{url}}/api/v1/policy-admin/roles/<id>' -H 'Authorization: Bearer <token>'

    Response Example 

    Status: 200 Ok
    {
        "id": "6a524f85-4faf-4da8-9811-852cf075270f",
        "name": "testrole1",
        "description": "",
        "permissions": [
            {
                "id": "84c5557d-4e4b-4cc7-9791-f39d6a4ffb5f",
                "name": "alife3",
                "description": "",
                "consumer": "reports",
                "actions": [
                    "reports.report.list"
                ],
                "resources": [
                    "*"
                ],
                "isInline": true,
                "isReadOnly": false
            }
        ],
        "isReadOnly": false
    }

    4. Get All Roles with Filter

    This GET method returns a list of all roles filtered on name.

    Note: To execute this API, the user should have permission assigned (through policy) with action as authz.role.list.

    GET
    {{url}}/api/v1/policy-admin/roles?filter=name eq {{role_id}}

    Request Parameters

    The request parameters used in this method are shown in the following table:

    ParameterDescriptionData TypeRequired

    filter

    The filter that can filter the list of roles based on the name of roles. The supported operators are 'eq', 'sw' and 'co'. 
    An example format is given here: name eq TestRole
    String Optional 

    pageToken

    Autogenerated token for next page of records in case the results are more than one page. Append this token in requested API URL to access the next set of pages.
    StringOptional

    Request Example 

    curl -X GET '{{url}}/api/v1/policy-admin/roles?filter=name%20eq%20{{role_name}}' -H 'Authorization: Bearer <token>'

    Response Example 

    Status: 200 Ok
    {
        "result": [
            {
                "id": "ab0870cf-b08c-4b60-b632-01edd8d63213",
                "name": "testRole",
                "description": "testRole",
                "permissions": [
                    {
                        "id": "7a6b41ef-591d-4ff0-b59b-b1e68658239c",
                        "name": "testPermission",
                        "description": "",
                        "consumer": "authz",
                        "actions": [
                            "authz.permission.list"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": true,
                        "isReadOnly": false
                    },
                    {
                        "id": "b762825e-c13c-4b32-8780-0a21a6f17025",
                        "name": "DocVault",
                        "description": "Doc Vault Permission testing",
                        "consumer": "secretmanager",
                        "actions": [
                            "sm.passwordpolicy.create",
                            "sm.passwordpolicy.delete",
                            "sm.passwordpolicy.list",
                            "sm.passwordpolicy.read",
                            "sm.passwordpolicy.update"
                        ],
                        "resources": [
                            "*"
                        ],
                        "isInline": false,
                        "isReadOnly": false
                    }
                ],
                "isReadOnly": false
            }
        ],
        "pagination": {
            "next": "",
            "prev": ""
        }
    }

    5. Delete Role

    This DELETE method deletes a role for a specified <role_id>

    Note: To execute this API, the user should have permission assigned (through policy) with action as authz.role.delete.

    DELETE{{url}}/api/v1/policy-admin/roles/<role_id>

    Request Example 

    curl -X DELETE ‘{{url}}/policy/roles/<role_id>’ -H 'Authorization: Bearer <token>'

    Response Example 

    Status: 204 No Content

    6. Update Role

    This PATCH method updates role details for a specified <role_id>.

    Note: To execute this API, the user should have permission assigned (through policy) with action as authz.role.update.

    PATCH{{url}}/api/v1//policy-admin/roles/<role_id>

    Request Example 

    curl -X PATCH '{{url}}/api/v1//policy-admin/roles/<role_id>'
    -H 'Authorization: Bearer <token>' -H 'content-type: application/json'
    -d
    '{
        "description": "Doc Test Role",
        "name": "testRole",
        "permissions":
        [
            {
              "id": "7a6b41ef-591d-4ff0-b59b-b1e68658239c",
              "consumer": "authz",
              "resources": ["*"],
              "actions": ["authz.permission.list"]
            }
        ]
    }'

    Response Example 

    Status: 204 No Content



    Was this article helpful?