RBAC API v1
Use the role-based access control (RBAC) API v1 endpoints to manage users, directory service groups, roles, permissions, tokens, passwords, and LDAP and SAML connection settings.
-
Users endpoints
With role-based access control (RBAC), you can manage local users and remote users (created on a directory service). Use theusers
endpoints to get lists of users, create local users, and delete, revoke, and reinstate users in PE. -
User groups endpoints
User groups allow you to quickly assign one or more roles to a set of users by placing all relevant users in the group. This is more efficient than assigning roles to each user individually. Use thegroups
endpoints to get lists of groups and add, delete, and change groups. -
User roles endpoints
User roles contain sets of permissions. When you assign a user (or a user group) to a role, you can assign the entire set of permissions at once. This is more organized and easier to manage than assigning individual permissions to individual users. Use theroles
endpoints to manage roles. -
Permissions endpoints
You add permissions to roles to control what users can access and do in PE. Use thepermissions
endpoints to get information about objects you can create permissions for, what types of permissions you can create, and whether specific users can perform certain actions. -
Tokens endpoints
Authentication tokens control access to PE services. Use theauth/token
andtokens
endpoints to create tokens. -
LDAP endpoints
Use the LDAPds
(directory service) endpoints to get information about your LDAP directory service, test your LDAP directory service connection, and replace LDAP directory service connection settings. -
SAML endpoints
Use thesaml
endpoints to configure SAML, retrieve SAML configuration details, and get the public certificate and URLs needed for configuration. -
Passwords endpoints
When local users forget their Puppet Enterprise (PE) passwords or lock themselves out of PE by attempting to log in with incorrect credentials too many times, you must generate a password reset token for them. Use thepassword
endpoints to generate password reset tokens, use tokens to reset passwords, change the authenticated user's password, and validate potential user names and passwords. -
Disclaimer endpoints
Use these endpoints to modify the disclaimer text that appears on the Puppet Enterprise (PE) console login page.
Related information