Red Hat Summit29.2.4. Permissions
The Security Management REST API supports the following endpoints for managing permissions granted to the groups, roles, and users in Business Central. The Security Management REST API base URL is http://SERVER:PORT/decision-central/rest/. All requests require HTTP Basic authentication or token-based authentication for the admin user role.
- [GET] /groups/{groupName}/permissions
Returns all permissions granted to a specified group.
Expand 表29.9 Request parameters Name Description Type Requirement groupNameName of the group for whom you are retrieving permissions
String
Required
Example server response (JSON)
{ "homePage": "HomePerspective", "priority": -10, "project": { "read": { "access": false, "exceptions": [] }, }, "spaces": { "read": { "access": true, "exceptions": [ "MySpace" ] }, }, "editor": { "read": { "access": false, "exceptions": [ "GuidedDecisionTreeEditorPresenter" ] }, "create": null, "update": null, "delete": null, "build": null }, "pages": { "read": { "access": true, "exceptions": [] }, "build": null }, "workbench": { "editDataObject": false, "plannerAvailable": false, "editGlobalPreferences": false, "editProfilePreferences": false, "accessDataTransfer": false, "jarDownload": true, "editGuidedDecisionTableColumns": true } }- [GET] /roles/{roleName}/permissions
Returns all permissions granted to a specified role.
Expand 表29.10 Request parameters Name Description Type Requirement roleNameName of the role for whom you are retrieving permissions
String
Required
Example server response (JSON)
{ "homePage": "HomePerspective", "priority": -10, "project": { "read": { "access": false, "exceptions": [] }, }, "spaces": { "read": { "access": true, "exceptions": [ "MySpace" ] }, }, "editor": { "read": { "access": false, "exceptions": [ "GuidedDecisionTreeEditorPresenter" ] }, "create": null, "update": null, "delete": null, "build": null }, "pages": { "read": { "access": true, "exceptions": [] }, "build": null }, "workbench": { "editDataObject": false, "plannerAvailable": false, "editGlobalPreferences": false, "editProfilePreferences": false, "accessDataTransfer": false, "jarDownload": true, "editGuidedDecisionTableColumns": true } }- [GET] /users/{userName}/permissions
Returns all permissions granted to a specified user.
Expand 表29.11 Request parameters Name Description Type Requirement userNameName of the user for whom you are retrieving permissions
String
Required
Example server response (JSON)
{ "homePage": null, "priority": null, "project": { "read": { "access": false, "exceptions": [] }, }, "spaces": { "read": { "access": true, "exceptions": [ "MySpace" ] }, }, "editor": { "read": { "access": false, "exceptions": [ "GuidedDecisionTreeEditorPresenter" ] }, "create": null, "update": null, "delete": null, "build": null }, "pages": { "read": { "access": true, "exceptions": [] }, "build": null }, "workbench": { "editDataObject": false, "plannerAvailable": false, "editGlobalPreferences": false, "editProfilePreferences": false, "accessDataTransfer": false, "jarDownload": true, "editGuidedDecisionTableColumns": true } }- [Post] /groups/{groupName}/permissions
Updates the permissions of a specified group.
Expand 表29.12 Request parameters Name Description Type Requirement groupNameName of the group for whom you are updating permissions
String
Required
Example request body (JSON)
{ "homepage": "HomePerspective", "priority": 10, "pages": { "create": true, "read": false, "delete": false, "update": false, "exceptions": [ { "name": "HomePerspective", "permissions": { "read": true } } ] }, "project": { "create": true, "read": true, "delete": false, "update": false, "Build": false }, "spaces": { "create": true, "read": true, "delete": false, "update": false }, "editor": { "read": true }, "workbench": { "editDataObject": true, "plannerAvailable": true, "editGlobalPreferences": true, "editProfilePreferences": true, "accessDataTransfer": true, "jarDownload": true, "editGuidedDecisionTableColumns": true } }Example server response (JSON)
{ "status": "OK", "message": "Group newGroup permissions are updated successfully." }- [Post] /roles/{roleName}/permissions
Updates the permissions of a specified role.
Expand 表29.13 Request parameters Name Description Type Requirement roleNameName of the role for whom you are updating permissions
String
Required
Example request body (JSON)
{ "homepage": "HomePerspective", "priority": 10, "pages": { "create": true, "read": false, "delete": false, "update": false, "exceptions": [{ "name": "HomePerspective", "permissions": { "read": true } }] }, "project": { "create": true, "read": true, "delete": false, "update": false, "Build": false }, "spaces": { "create": true, "read": true, "delete": false, "update": false }, "editor": { "read": true }, "workbench": { "editDataObject": true, "plannerAvailable": true, "editGlobalPreferences": true, "editProfilePreferences": true, "accessDataTransfer": true, "jarDownload": true, "editGuidedDecisionTableColumns": true } }Example server response (JSON)
{ "status": "OK", "message": "Role newRole permissions are updated successfully." }
29.2.4.1. Supported permissions in Business Central
The following are available permissions in Red Hat Decision Manager. Administrators use these permissions to allow specific actions to a group, role, or user in Business Central.
- Priority
Priority is an integer that defines the precedence of users who are assigned multiple roles or groups. The default value of priority for a new group is
-100. In Business Central, you can set an integer value as a priority, which is resolved using the following rules:Expand 表29.14 Priority value table Integer value Priority Less than -5
VERY LOW
Between -5 and 0
LOW
Equal to 0
NORMAL
Between 0 and 5
HIGH
Greater than 5
VERY HIGH
- Home Page
- Home Page indicates the default landing page for users.
- Workbench
Workbench consists of the following defined permissions:
{ "editDataObject": true, "plannerAvailable": true, "editGlobalPreferences": true, "editProfilePreferences": true, "accessDataTransfer": true, "jarDownload": true, "editGuidedDecisionTableColumns": true }- Pages, Editor, Spaces, and Projects
The following are possible values for the permissions based on the resource type:
-
PAGES: read,create,update,delete -
EDITOR: read -
SPACES: read,create,update,delete -
PROJECT: read,create,update,delete,build
You can use following code to add exceptions to Pages, Editor, Spaces, and Projects permissions:
{ "pages": { "read": false, "exceptions": [ { "resourceName": "ProcessInstances", "permissions": { "read": false } }, { "resourceName": "ProcessDefinitions", "permissions": { "read": false } } ] } }The
nameattribute is an identifier of a resource that you add as an exception. Use the following REST API endpoints to get the list of possible identifiers. The REST API base URL ishttp://SERVER:PORT/decision-central/rest/.-
[GET] /perspectives: Returns perspective names of all pages in Business Central -
[GET] /editors: Returns all editors in Business Central -
[GET] /spaces: Returns all spaces in Business Central -
[GET] /spaces/{spaceName}/projects: Returns projects in a specified space
Example server response for pages (JSON)
"pages": { "create": true, "read": false, "exceptions": [ { "name": "HomePerspective", "permissions": { "read": true } } ] }-
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}