- Print
- PDF
Manage Roles
- Print
- PDF
1. Create Role
This POST method creates a role.
Note: To execute this API, the user should have permission assigned (through policy) with action as authz.role.create.
POST | {url}}/api/v1/policy-admin/roles |
Request Example
curl -X POST '{{url}}/api/v1/policy-admin/roles'
-H 'Authorization: Bearer <token>' -H 'content-type: application/json'
-d
'{
"name": "testRole",
"description": "testRole",
"permissions" :
[
{
"name": "testPermission",
"consumer": "authz",
"resources": ["*"],
"actions": ["authz.permission.list"]
},
{
"id": "b762825e-c13c-4b32-8780-0a21a6f17025"
}
]
}'
Response Example
Status: 201 Created |
{
"id": "ab0870cf-b08c-4b60-b632-01edd8d63213",
"name": "testRole",
"description": "testRole",
"permissions": [
{
"id": "7a6b41ef-591d-4ff0-b59b-b1e68658239c",
"name": "testPermission",
"description": "",
"consumer": "authz",
"actions": [
"authz.permission.list"
],
"resources": [
"*"
],
"isInline": true,
"isReadOnly": false
},
{
"id": "b762825e-c13c-4b32-8780-0a21a6f17025",
"name": "DocVault",
"description": "Doc Vault Permission testing",
"consumer": "secretmanager",
"actions": [
"sm.passwordpolicy.read",
"sm.passwordpolicy.list",
"sm.passwordpolicy.update",
"sm.passwordpolicy.create",
"sm.passwordpolicy.delete"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": false
}
],
"isReadOnly": false
}
2. Get All Roles
This GET method returns a list of all the roles.
Note: To execute this API, the user should have permission assigned (through policy) with action as authz.role.list.
GET | {{url}}/api/v1/policy-admin/roles |
Request Parameters
The request parameters used in this method are shown in the following table:
Parameter | Description | Data Type | Required |
pageToken | Autogenerated token for next page of records in case the results are more than one page. Append this token in requested API URL to access the next set of pages. | String | Optional |
Request Example
curl -X GET '{{url}}/api/v1/policy-admin/roles' -H 'Authorization: Bearer <token>'
Response Example
Status: 200 Ok |
{
"result": [
{
"id": "13d68bc0-53d5-4e7e-bb4b-12502634088d",
"name": "AuthzAdminRole",
"description": "Provides ability to view \"Identity Management\" and Security and administer \"Role and Policy Management\".",
"permissions": [
{
"id": "d5fa6644-641f-426a-82b2-a3e7aa287cdb",
"name": "UserViewPermission",
"description": "View permission for \"Identity Management\".",
"consumer": "identity",
"actions": [
"identity.user.list",
"identity.user.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "0263cd12-a26b-4d21-b98f-631e05ad5d64",
"name": "AuthzAdminPermission",
"description": "View permission for \"Identity Management\" and Security and administrative permission for \"Role and Policy Management\".",
"consumer": "authz",
"actions": [
"authz.action.list",
"authz.action.read",
"authz.consumer.list",
"authz.permission.create",
"authz.permission.delete",
"authz.permission.list",
"authz.permission.read",
"authz.permission.update",
"authz.policy.create",
"authz.policy.delete",
"authz.policy.list",
"authz.policy.read",
"authz.policy.update",
"authz.role.create",
"authz.role.delete",
"authz.role.list",
"authz.role.read",
"authz.role.update"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "cb428506-d6c9-4b84-996a-86aed5844a27",
"name": "SecurityViewPermission",
"description": "View permission for Security.",
"consumer": "securityadmin",
"actions": [
"securityadmin.security.list",
"securityadmin.security.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
}
],
"isReadOnly": true
},
{
"id": "14d69019-b195-4618-b1a7-dd340f0dbc0f",
"name": "TenantAuditorRole",
"description": "Provides ability to view all modules.",
"permissions": [
{
"id": "d5fa6644-641f-426a-82b2-a3e7aa287cdb",
"name": "UserViewPermission",
"description": "View permission for \"Identity Management\".",
"consumer": "identity",
"actions": [
"identity.user.list",
"identity.user.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "1273b27a-c6a8-498e-897b-ea9a514232ed",
"name": "AuthzAuditorPermission",
"description": "View permission for \"Identity Management\", Security and \"Role and Policy Management\".",
"consumer": "authz",
"actions": [
"authz.action.list",
"authz.action.read",
"authz.consumer.list",
"authz.permission.list",
"authz.permission.read",
"authz.policy.list",
"authz.policy.read",
"authz.role.list",
"authz.role.read"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "5a937d6f-1f55-4555-b02d-04645a3a0798",
"name": "NMAuditorPermission",
"description": "View permission for \"Notification Service\"",
"consumer": "notificationmanager",
"actions": [
"nm.channels.list",
"nm.notification.list",
"nm.notification.read",
"nm.notificationmetadata.list",
"nm.notificationmetadata.read"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "111f2f4d-b365-4e1b-ad20-d19729bacac4",
"name": "WorkflowViewPermission",
"description": "View permission for Workflows.",
"consumer": "workflows",
"actions": [
"workflows.notification.list",
"workflows.notification.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "fc73eac4-d9dd-4117-836d-db919db0ce6b",
"name": "AuditLogViewPermission",
"description": "View permission for Diagnostics.",
"consumer": "diagnostics",
"actions": [
"diagnostics.audit.list",
"diagnostics.audit.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "ff82a768-a651-4916-80a3-1e86dcd7b6cf",
"name": "ApplicationViewPermission",
"description": "View permission for \"Application and Access Profile Management\".",
"consumer": "apps",
"actions": [
"apps.app.list",
"apps.app.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "cb428506-d6c9-4b84-996a-86aed5844a27",
"name": "SecurityViewPermission",
"description": "View permission for Security.",
"consumer": "securityadmin",
"actions": [
"securityadmin.security.list",
"securityadmin.security.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "916b8bd3-71e0-4780-a788-7b38d1225ee2",
"name": "ReportsViewPermission",
"description": "View permission for \"Application and Access Profile Management\".",
"consumer": "reports",
"actions": [
"reports.report.list",
"reports.report.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "d1b4dc40-f91d-4fe6-adbf-c09ae479974b",
"name": "SMAuditorPermission",
"description": "View permission for \"Secret Manager\"",
"consumer": "secretmanager",
"actions": [
"authz.policy.list",
"authz.policy.read",
"sm.node.list",
"sm.node.read",
"sm.passwordpolicy.list",
"sm.passwordpolicy.read",
"sm.secret.list",
"sm.secret.read",
"sm.secrettemplate.list",
"sm.secrettemplate.read",
"sm.vault.list",
"sm.vault.read"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "8d4493e0-81b5-406c-b3ec-852527217f2a",
"name": "AnalyticsViewPermission",
"description": "View permission for \"Advanced Data Analytics\".",
"consumer": "ada",
"actions": [
"ada.queryengine.view",
"ada.riskanalytics.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
}
],
"isReadOnly": true
},
{
"id": "16a5e509-fde5-4a46-9d26-c4d4b945defe",
"name": "SMAuditorRole",
"description": "Provides ability to view \"Secret Manager\"",
"permissions": [
{
"id": "d5fa6644-641f-426a-82b2-a3e7aa287cdb",
"name": "UserViewPermission",
"description": "View permission for \"Identity Management\".",
"consumer": "identity",
"actions": [
"identity.user.list",
"identity.user.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "5a937d6f-1f55-4555-b02d-04645a3a0798",
"name": "NMAuditorPermission",
"description": "View permission for \"Notification Service\"",
"consumer": "notificationmanager",
"actions": [
"nm.channels.list",
"nm.notification.list",
"nm.notification.read",
"nm.notificationmetadata.list",
"nm.notificationmetadata.read"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "cb428506-d6c9-4b84-996a-86aed5844a27",
"name": "SecurityViewPermission",
"description": "View permission for Security.",
"consumer": "securityadmin",
"actions": [
"securityadmin.security.list",
"securityadmin.security.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "d1b4dc40-f91d-4fe6-adbf-c09ae479974b",
"name": "SMAuditorPermission",
"description": "View permission for \"Secret Manager\"",
"consumer": "secretmanager",
"actions": [
"authz.policy.list",
"authz.policy.read",
"sm.node.list",
"sm.node.read",
"sm.passwordpolicy.list",
"sm.passwordpolicy.read",
"sm.secret.list",
"sm.secret.read",
"sm.secrettemplate.list",
"sm.secrettemplate.read",
"sm.vault.list",
"sm.vault.read"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
}
],
"isReadOnly": true
},
{
"id": "1ce71b66-bb42-446c-a4e9-ff2c251a9901",
"name": "--lp-role",
"description": "",
"permissions": [
{
"id": "ef9184fc-0412-4800-bcba-072128cd2605",
"name": "--lpp--perm",
"description": "",
"consumer": "notificationmanager",
"actions": [
"nm.channels.list",
"nm.notification.create",
"nm.notification.delete",
"nm.notification.list",
"nm.notification.read",
"nm.notification.update",
"nm.notificationmetadata.list",
"nm.notificationmetadata.read"
],
"resources": [
"*"
],
"isInline": true,
"isReadOnly": false
},
{
"id": "d1b4dc40-f91d-4fe6-adbf-c09ae479974b",
"name": "SMAuditorPermission",
"description": "View permission for \"Secret Manager\"",
"consumer": "secretmanager",
"actions": [
"authz.policy.list",
"authz.policy.read",
"sm.node.list",
"sm.node.read",
"sm.passwordpolicy.list",
"sm.passwordpolicy.read",
"sm.secret.list",
"sm.secret.read",
"sm.secrettemplate.list",
"sm.secrettemplate.read",
"sm.vault.list",
"sm.vault.read"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
}
],
"isReadOnly": false
},
{
"id": "1f885e1c-7b46-49ff-a367-de4080076b57",
"name": "AuthzAuditorRole",
"description": "Provides ability to view \"Identity Management\", Security and \"Role and Policy Management\".",
"permissions": [
{
"id": "d5fa6644-641f-426a-82b2-a3e7aa287cdb",
"name": "UserViewPermission",
"description": "View permission for \"Identity Management\".",
"consumer": "identity",
"actions": [
"identity.user.list",
"identity.user.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "1273b27a-c6a8-498e-897b-ea9a514232ed",
"name": "AuthzAuditorPermission",
"description": "View permission for \"Identity Management\", Security and \"Role and Policy Management\".",
"consumer": "authz",
"actions": [
"authz.action.list",
"authz.action.read",
"authz.consumer.list",
"authz.permission.list",
"authz.permission.read",
"authz.policy.list",
"authz.policy.read",
"authz.role.list",
"authz.role.read"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "cb428506-d6c9-4b84-996a-86aed5844a27",
"name": "SecurityViewPermission",
"description": "View permission for Security.",
"consumer": "securityadmin",
"actions": [
"securityadmin.security.list",
"securityadmin.security.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
}
],
"isReadOnly": true
},
{
"id": "21b6e779-2ef4-4860-9188-b6d8a4b332c3",
"name": "UserviewRole",
"description": "Provides ability to view \"Identity Management\".",
"permissions": [
{
"id": "d5fa6644-641f-426a-82b2-a3e7aa287cdb",
"name": "UserViewPermission",
"description": "View permission for \"Identity Management\".",
"consumer": "identity",
"actions": [
"identity.user.list",
"identity.user.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
}
],
"isReadOnly": true
},
{
"id": "2586b9e9-a589-4960-895d-3def67061b8d",
"name": "WorkflowAdminRole",
"description": "Provides ability to administer Workflows.",
"permissions": [
{
"id": "65c043c4-7ec3-4185-aa08-613087a621ca",
"name": "WorkflowAdminPermission",
"description": "Administrative permission for Workflows.",
"consumer": "workflows",
"actions": [
"workflows.notification.list",
"workflows.notification.manage",
"workflows.notification.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
}
],
"isReadOnly": true
},
{
"id": "2e4a03a0-4a20-47e0-96d3-4a7c8e9052c6",
"name": "ApplicationAdminRole",
"description": "Provides ability to administer \"Application and Access Profile Management\".",
"permissions": [
{
"id": "c489343d-33a7-4b8f-afc3-f16e4d7064b9",
"name": "ApplicationAdminPermission",
"description": "Administrative permission for \"Application and Access Profile Management\".",
"consumer": "apps",
"actions": [
"apps.app.list",
"apps.app.manage",
"apps.app.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
}
],
"isReadOnly": true
},
{
"id": "3680e65b-c2d2-4817-91b4-64f70c599615",
"name": "ApplicationViewRole",
"description": "Provides ability to view \"Application and Access Profile Management\".",
"permissions": [
{
"id": "ff82a768-a651-4916-80a3-1e86dcd7b6cf",
"name": "ApplicationViewPermission",
"description": "View permission for \"Application and Access Profile Management\".",
"consumer": "apps",
"actions": [
"apps.app.list",
"apps.app.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
}
],
"isReadOnly": true
},
{
"id": "3794317a-397f-471e-a25e-938d66cd3f23",
"name": "SecurityViewRole",
"description": "Provides ability to view Security.",
"permissions": [
{
"id": "cb428506-d6c9-4b84-996a-86aed5844a27",
"name": "SecurityViewPermission",
"description": "View permission for Security.",
"consumer": "securityadmin",
"actions": [
"securityadmin.security.list",
"securityadmin.security.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
}
],
"isReadOnly": true
},
{
"id": "3ae1d4f0-b780-45da-bb22-c483c539558f",
"name": "WorkflowViewRole",
"description": "Provides ability to view Workflows.",
"permissions": [
{
"id": "111f2f4d-b365-4e1b-ad20-d19729bacac4",
"name": "WorkflowViewPermission",
"description": "View permission for Workflows.",
"consumer": "workflows",
"actions": [
"workflows.notification.list",
"workflows.notification.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
}
],
"isReadOnly": true
},
{
"id": "3c0c8cfe-b3ea-4fe5-8df8-7d98818ab47b",
"name": "AnalyticsViewRole",
"description": "Provides ability to view \"Advanced Data Analytics\".",
"permissions": [
{
"id": "8d4493e0-81b5-406c-b3ec-852527217f2a",
"name": "AnalyticsViewPermission",
"description": "View permission for \"Advanced Data Analytics\".",
"consumer": "ada",
"actions": [
"ada.queryengine.view",
"ada.riskanalytics.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
}
],
"isReadOnly": true
},
{
"id": "4b8b9b1f-0fa7-4b39-ab42-32bcce0b7c7b",
"name": "NMAdminRole",
"description": "Provides ability to administer \"Notification Service\"",
"permissions": [
{
"id": "586cc11f-b210-4f57-b00b-28c459cb9286",
"name": "NMAdminPermission",
"description": "Administrative permission for \"Notification Service\"",
"consumer": "notificationmanager",
"actions": [
"nm.*.*",
"nm.channels.list",
"nm.notification.*",
"nm.notification.create",
"nm.notification.delete",
"nm.notification.list",
"nm.notification.read",
"nm.notification.update",
"nm.notificationmetadata.list",
"nm.notificationmetadata.read"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
}
],
"isReadOnly": true
},
{
"id": "5ec72f8c-20a3-4b9a-93a3-eb6ba44cf488",
"name": "UserAdminRole",
"description": "Provides ability to administer \"Identity Management\".",
"permissions": [
{
"id": "cc1f750c-4cd7-498f-9d99-79364e419242",
"name": "UserAdminPermission",
"description": "Administrative permission for \"Identity Management\".",
"consumer": "identity",
"actions": [
"identity.user.list",
"identity.user.manage",
"identity.user.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
}
],
"isReadOnly": true
},
{
"id": "68b62d9b-69d6-499c-880e-cf10f705eb35",
"name": "NMAuditorRole",
"description": "Provides ability to view \"Notification Service\"",
"permissions": [
{
"id": "5a937d6f-1f55-4555-b02d-04645a3a0798",
"name": "NMAuditorPermission",
"description": "View permission for \"Notification Service\"",
"consumer": "notificationmanager",
"actions": [
"nm.channels.list",
"nm.notification.list",
"nm.notification.read",
"nm.notificationmetadata.list",
"nm.notificationmetadata.read"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
}
],
"isReadOnly": true
},
{
"id": "6a524f85-4faf-4da8-9811-852cf075270f",
"name": "testrole1",
"description": "",
"permissions": [
{
"id": "84c5557d-4e4b-4cc7-9791-f39d6a4ffb5f",
"name": "alife3",
"description": "",
"consumer": "reports",
"actions": [
"reports.report.list"
],
"resources": [
"*"
],
"isInline": true,
"isReadOnly": false
}
],
"isReadOnly": false
},
{
"id": "8ee06482-f7d5-4454-8c4a-01067cb45a7b",
"name": "AuditLogViewRole",
"description": "Provides ability to view Diagnostics.",
"permissions": [
{
"id": "fc73eac4-d9dd-4117-836d-db919db0ce6b",
"name": "AuditLogViewPermission",
"description": "View permission for Diagnostics.",
"consumer": "diagnostics",
"actions": [
"diagnostics.audit.list",
"diagnostics.audit.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
}
],
"isReadOnly": true
},
{
"id": "a0dbbb91-ce79-47b3-b136-4bdae4fcbd58",
"name": "SMAdminRole",
"description": "Provides ability to administer \"Secret Manager\"",
"permissions": [
{
"id": "d5fa6644-641f-426a-82b2-a3e7aa287cdb",
"name": "UserViewPermission",
"description": "View permission for \"Identity Management\".",
"consumer": "identity",
"actions": [
"identity.user.list",
"identity.user.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "5a937d6f-1f55-4555-b02d-04645a3a0798",
"name": "NMAuditorPermission",
"description": "View permission for \"Notification Service\"",
"consumer": "notificationmanager",
"actions": [
"nm.channels.list",
"nm.notification.list",
"nm.notification.read",
"nm.notificationmetadata.list",
"nm.notificationmetadata.read"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "c492459c-68b9-4530-931e-ee59f03a7d6d",
"name": "SMAdminPermission",
"description": "Administrative permission for \"Secret Manager\"",
"consumer": "secretmanager",
"actions": [
"authz.policy.create",
"authz.policy.delete",
"authz.policy.list",
"authz.policy.read",
"authz.policy.update",
"sm.key.rotate",
"sm.node.create",
"sm.node.delete",
"sm.node.list",
"sm.node.read",
"sm.node.update",
"sm.passwordpolicy.create",
"sm.passwordpolicy.delete",
"sm.passwordpolicy.list",
"sm.passwordpolicy.read",
"sm.passwordpolicy.update",
"sm.secret.create",
"sm.secret.delete",
"sm.secret.list",
"sm.secret.read",
"sm.secret.update",
"sm.secrettemplate.create",
"sm.secrettemplate.delete",
"sm.secrettemplate.list",
"sm.secrettemplate.read",
"sm.secrettemplate.update",
"sm.vault.create",
"sm.vault.delete",
"sm.vault.list",
"sm.vault.read",
"sm.vault.update"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "cb428506-d6c9-4b84-996a-86aed5844a27",
"name": "SecurityViewPermission",
"description": "View permission for Security.",
"consumer": "securityadmin",
"actions": [
"securityadmin.security.list",
"securityadmin.security.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
}
],
"isReadOnly": true
},
{
"id": "c17d2812-60b7-4225-8f9c-86475bc473bd",
"name": "TenantAdminRole",
"description": "Provides ability to administer all modules.",
"permissions": [
{
"id": "93530518-800c-4e4b-9025-04bce8f582e4",
"name": "SecurityAdminPermission",
"description": "Administrative permission for Security.",
"consumer": "securityadmin",
"actions": [
"securityadmin.security.list",
"securityadmin.security.manage",
"securityadmin.security.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "65c043c4-7ec3-4185-aa08-613087a621ca",
"name": "WorkflowAdminPermission",
"description": "Administrative permission for Workflows.",
"consumer": "workflows",
"actions": [
"workflows.notification.list",
"workflows.notification.manage",
"workflows.notification.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "c492459c-68b9-4530-931e-ee59f03a7d6d",
"name": "SMAdminPermission",
"description": "Administrative permission for \"Secret Manager\"",
"consumer": "secretmanager",
"actions": [
"authz.policy.create",
"authz.policy.delete",
"authz.policy.list",
"authz.policy.read",
"authz.policy.update",
"sm.key.rotate",
"sm.node.create",
"sm.node.delete",
"sm.node.list",
"sm.node.read",
"sm.node.update",
"sm.passwordpolicy.create",
"sm.passwordpolicy.delete",
"sm.passwordpolicy.list",
"sm.passwordpolicy.read",
"sm.passwordpolicy.update",
"sm.secret.create",
"sm.secret.delete",
"sm.secret.list",
"sm.secret.read",
"sm.secret.update",
"sm.secrettemplate.create",
"sm.secrettemplate.delete",
"sm.secrettemplate.list",
"sm.secrettemplate.read",
"sm.secrettemplate.update",
"sm.vault.create",
"sm.vault.delete",
"sm.vault.list",
"sm.vault.read",
"sm.vault.update"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "fc73eac4-d9dd-4117-836d-db919db0ce6b",
"name": "AuditLogViewPermission",
"description": "View permission for Diagnostics.",
"consumer": "diagnostics",
"actions": [
"diagnostics.audit.list",
"diagnostics.audit.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "0263cd12-a26b-4d21-b98f-631e05ad5d64",
"name": "AuthzAdminPermission",
"description": "View permission for \"Identity Management\" and Security and administrative permission for \"Role and Policy Management\".",
"consumer": "authz",
"actions": [
"authz.action.list",
"authz.action.read",
"authz.consumer.list",
"authz.permission.create",
"authz.permission.delete",
"authz.permission.list",
"authz.permission.read",
"authz.permission.update",
"authz.policy.create",
"authz.policy.delete",
"authz.policy.list",
"authz.policy.read",
"authz.policy.update",
"authz.role.create",
"authz.role.delete",
"authz.role.list",
"authz.role.read",
"authz.role.update"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "586cc11f-b210-4f57-b00b-28c459cb9286",
"name": "NMAdminPermission",
"description": "Administrative permission for \"Notification Service\"",
"consumer": "notificationmanager",
"actions": [
"nm.*.*",
"nm.channels.list",
"nm.notification.*",
"nm.notification.create",
"nm.notification.delete",
"nm.notification.list",
"nm.notification.read",
"nm.notification.update",
"nm.notificationmetadata.list",
"nm.notificationmetadata.read"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "916b8bd3-71e0-4780-a788-7b38d1225ee2",
"name": "ReportsViewPermission",
"description": "View permission for \"Application and Access Profile Management\".",
"consumer": "reports",
"actions": [
"reports.report.list",
"reports.report.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "c489343d-33a7-4b8f-afc3-f16e4d7064b9",
"name": "ApplicationAdminPermission",
"description": "Administrative permission for \"Application and Access Profile Management\".",
"consumer": "apps",
"actions": [
"apps.app.list",
"apps.app.manage",
"apps.app.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "8d4493e0-81b5-406c-b3ec-852527217f2a",
"name": "AnalyticsViewPermission",
"description": "View permission for \"Advanced Data Analytics\".",
"consumer": "ada",
"actions": [
"ada.queryengine.view",
"ada.riskanalytics.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
},
{
"id": "cc1f750c-4cd7-498f-9d99-79364e419242",
"name": "UserAdminPermission",
"description": "Administrative permission for \"Identity Management\".",
"consumer": "identity",
"actions": [
"identity.user.list",
"identity.user.manage",
"identity.user.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
}
],
"isReadOnly": true
},
{
"id": "e505cd4d-9933-4c2c-867e-9e7bbf627f4b",
"name": "ReportsViewRole",
"description": "Provides ability to view Reports and Dashboards.",
"permissions": [
{
"id": "916b8bd3-71e0-4780-a788-7b38d1225ee2",
"name": "ReportsViewPermission",
"description": "View permission for \"Application and Access Profile Management\".",
"consumer": "reports",
"actions": [
"reports.report.list",
"reports.report.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
}
],
"isReadOnly": true
},
{
"id": "f3875578-424e-4fd2-809f-4b365342576e",
"name": "SecurityAdminRole",
"description": "Provides ability to administer Security.",
"permissions": [
{
"id": "93530518-800c-4e4b-9025-04bce8f582e4",
"name": "SecurityAdminPermission",
"description": "Administrative permission for Security.",
"consumer": "securityadmin",
"actions": [
"securityadmin.security.list",
"securityadmin.security.manage",
"securityadmin.security.view"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": true
}
],
"isReadOnly": true
}
],
"pagination": {
"next": "",
"prev": ""
}
}
3. Get Role with ID
This GET method returns details of a role for a specified <role_id>.
Note: To execute this API, the user should have permission assigned (through policy) with action as authz.role.read.
GET | {{url}}/api/v1/policy-admin/roles/<role_id> |
Request Example
curl -X GET '{{url}}/api/v1/policy-admin/roles/<id>' -H 'Authorization: Bearer <token>'
Response Example
Status: 200 Ok |
{
"id": "6a524f85-4faf-4da8-9811-852cf075270f",
"name": "testrole1",
"description": "",
"permissions": [
{
"id": "84c5557d-4e4b-4cc7-9791-f39d6a4ffb5f",
"name": "alife3",
"description": "",
"consumer": "reports",
"actions": [
"reports.report.list"
],
"resources": [
"*"
],
"isInline": true,
"isReadOnly": false
}
],
"isReadOnly": false
}
4. Get All Roles with Filter
This GET method returns a list of all roles filtered on name.
Note: To execute this API, the user should have permission assigned (through policy) with action as authz.role.list.
GET | {{url}}/api/v1/policy-admin/roles?filter=name eq {{role_id}} |
Request Parameters
The request parameters used in this method are shown in the following table:
Parameter | Description | Data Type | Required |
filter | The filter that can filter the list of roles based on the name of roles. The supported operators are 'eq', 'sw' and 'co'. An example format is given here: name eq TestRole | String | Optional |
pageToken | Autogenerated token for next page of records in case the results are more than one page. Append this token in requested API URL to access the next set of pages. | String | Optional |
Request Example
curl -X GET '{{url}}/api/v1/policy-admin/roles?filter=name%20eq%20{{role_name}}' -H 'Authorization: Bearer <token>'
Response Example
Status: 200 Ok |
{
"result": [
{
"id": "ab0870cf-b08c-4b60-b632-01edd8d63213",
"name": "testRole",
"description": "testRole",
"permissions": [
{
"id": "7a6b41ef-591d-4ff0-b59b-b1e68658239c",
"name": "testPermission",
"description": "",
"consumer": "authz",
"actions": [
"authz.permission.list"
],
"resources": [
"*"
],
"isInline": true,
"isReadOnly": false
},
{
"id": "b762825e-c13c-4b32-8780-0a21a6f17025",
"name": "DocVault",
"description": "Doc Vault Permission testing",
"consumer": "secretmanager",
"actions": [
"sm.passwordpolicy.create",
"sm.passwordpolicy.delete",
"sm.passwordpolicy.list",
"sm.passwordpolicy.read",
"sm.passwordpolicy.update"
],
"resources": [
"*"
],
"isInline": false,
"isReadOnly": false
}
],
"isReadOnly": false
}
],
"pagination": {
"next": "",
"prev": ""
}
}
5. Delete Role
This DELETE method deletes a role for a specified <role_id>
Note: To execute this API, the user should have permission assigned (through policy) with action as authz.role.delete.
DELETE | {{url}}/api/v1/policy-admin/roles/<role_id> |
Request Example
curl -X DELETE ‘{{url}}/policy/roles/<role_id>’ -H 'Authorization: Bearer <token>'
Response Example
Status: 204 No Content |
6. Update Role
This PATCH method updates role details for a specified <role_id>.
Note: To execute this API, the user should have permission assigned (through policy) with action as authz.role.update.
PATCH | {{url}}/api/v1//policy-admin/roles/<role_id> |
Request Example
curl -X PATCH '{{url}}/api/v1//policy-admin/roles/<role_id>'
-H 'Authorization: Bearer <token>' -H 'content-type: application/json'
-d
'{
"description": "Doc Test Role",
"name": "testRole",
"permissions":
[
{
"id": "7a6b41ef-591d-4ff0-b59b-b1e68658239c",
"consumer": "authz",
"resources": ["*"],
"actions": ["authz.permission.list"]
}
]
}'
Response Example
Status: 204 No Content |