You assign permissions to user roles to manage user access to objects in PE. The Permissions endpoints enable you to get information about available objects and the permissions that can be constructed for those objects. You can also check an array of permissions.
The available values for these keys are available from the “/types” endpoint (see below).
Key | Explanation | Example |
---|---|---|
object_type |
A string identifying the type of object this permission applies to. | "node_groups" |
action |
A string indicating the type of action this permission permits. | "modify_children" |
instance |
A string containing the primary ID of the object instance this permission applies to, or "*" indicating that it applies to all instances. If the given action does not allow instance specification, "*" should always be used. |
"cec7e830-555b-11e4-916c-0800200c9a66" or "*" |
Lists the objects that integrate with RBAC and demonstrates the permissions
that can be constructed, by picking the appropriate object_type
, action
,
and instance
triple. Authentication is required.
The has_instances
flag indicates that the action permission is instance-specific
if true
, or false
if this action permission does not require instance
specification.
Returns:
Example return:
[{ "object_type": "node_groups",
"display_name": "Node Groups",
"description": "Groups that nodes can be assigned to."
"actions": [{ "name": "view",
"display_name": "View",
"description": "View the node groups",
"has_instances": true
},{
"name":"modify",
"display_name": "Configure",
"description": "Modify description, variables and classes",
"has_instances": true
}, ...]
},...]
Checks an array of permissions for the subject identified by the submitted identifier.
This endpoint takes a “token” in the form of a user or a user
group’s UUID and a list of permissions. This returns true or false for each
permission queried, representing whether the subject is permitted to take the
given action. This takes into account the full evaluation of permissions,
including inherited roles and matching general permissions against more
specific queries. A query for users:edit:1
returns true
if the subject
has users:edit:1
and/or users:edit:*
.
Example body:
{"token": "<subject uuid>",
"permissions": [{"object_type": "node_groups",
"action": "edit_rules",
"instance": "4"},
{"object_type": "users",
"action": "disable",
"instance": "1"}]
}
The first permission is querying whether the subject specified by the token is
permitted to perform the edit_rules
action on the instance of node_groups
identified by the ID 4
. Note that in reality, node groups and users use UUIDs as
their IDs.
Example return:
[true, false]
Each queried permission has a corresponding Boolean in the
returned array. The index of the submitted array of permissions matches the index of the
returned array of Booleans. Given the above example
submission, this return means the subject is permitted
node_groups:edit_rules:4
but not permitted users:disable:1
.
Returns: