Chapter 12. Roles
The
rel="roles" link obtained from the entry point URI (see Chapter 5, Entry Point) provides access to a static set of system roles.
Each individual
role element contains the following:
| Element | Type | Description | Properties |
|---|---|---|---|
link="permits" | relationship | A link to the permits sub-collection for role permits. | 
|
mutable | Boolean: true or false | Defines the ability to update or delete the role. Roles with mutable set to false are roles built into the Red Hat Storage Console environment. | 
|
administrative | Boolean: true or false | Defines the role as administrative-only. |
Example 12.1. An XML representation of the roles collection
<roles>
<role id="00000000-0000-0000-0000-000000000001"
href="/api/roles/00000000-0000-0000-0000-000000000001">
<name>SuperUser</name>
<description>Roles management administrator</description>
<link rel="permits"
href="/api/roles/00000000-0000-0000-0000-000000000001/permits"/>
<mutable>false</mutable>
<administrative>true</administrative>
</role>
<role id="00000000-0000-0000-0001-000000000001"
href="/api/roles/00000000-0000-0000-0001-000000000001">
<name>RHSCUser</name>
<description>RHSC user</description>
<link rel="permits"
href="/api/roles/00000000-0000-0000-0001-000000000001/permits"/>
<mutable>false</mutable>
<administrative>false</administrative>
</role>
</roles>
Creation of a role requires values for
name, administrative and a list of initial permits. See Section 7.2.4, “Creating a Resource in a Collection” for more information.
Example 12.2. Creating a role
POST /api/roles HTTP/1.1
Accept: application/xml
Content-type: application/xml
<role>
<name>Finance Role</name>
<administrative>true</administrative>
<permits>
<permit id="1"/>
</permits>
</role>
The
name, description and administrative elements are updatable post-creation. See Section 7.3.2, “Updating a Resource” for more information.
Example 12.3. Updating a role
PUT /api/roles/8de42ad7-f307-408b-80e8-9d28b85adfd7 HTTP/1.1
Accept: application/xml
Content-type: application/xml
<role>
<name>Engineering Role</name>
<description>Standard users in the Engineering Role</description>
<administrative>false</administrative>
</role>
Removal of a role requires a
DELETE request.
Example 12.4. Removing a role
DELETE /api/roles/8de42ad7-f307-408b-80e8-9d28b85adfd7 HTTP/1.1 204 No Content
22632%2C+Console+Developer+Guide-322-09-2014+17%3A11%3A35Report a bug
12.1. Permits Sub-Collection
Each role contains a set of allowable actions, or
permits, which the API lists in capabilities.
A role's
permits are listed as a sub-collection:
Example 12.5. Listing a role's permits
GET /api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits HTTP/1.1
Accept: application/xml
HTTP/1.1 200 OK
Content-Type: application/xml
<permits>
<permit id="1"
href="/api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits/1">
<name>create_vm</name>
<administrative>false</administrative>
<role id="b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"
href="/api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"/>
</permit>
...
</permits>
Assign a
permit to a role with a POST request to the permits sub-collection. Use either an id attribute or a name element to specify the permit to assign.
Example 12.6. Assign a permit to a role
POST /api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits HTTP/1.1
Accept: application/xml
Content-Type: application/xml
<permit id="1"/>
HTTP/1.1 201 Created
Content-Type: application/xml
<permits>
<permit id="1"
href="/api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits/1">
<name>create_vm</name>
<administrative>false</administrative>
<role id="b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"
href="/api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"/>
</permit>
</permits>
Remove a
permit from a role with a DELETE request to the permit resource.
Example 12.7. Remove a permit from a role
DELETE /api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits/ HTTP/1.1 204 No Content
22632%2C+Console+Developer+Guide-322-09-2014+17%3A11%3A35Report a bug
