Role Management
Management of User Roles is provided via the following collection:
/api/roles
as well as the associated product features via:
/api/features
Full CRUD actions on roles is available:
Querying Roles
Querying all roles in the system is simply:
GET /api/roles
Getting details on a specific role:
GET /api/roles/:id
Including the features it entitles:
GET /api/roles/:id?expand=features
Or simply querying the features entitled by the role:
GET /api/roles/:id/features?expand=resources
Querying all product features of the system that can be assigned to a role.
GET /api/features
Creating Roles
Roles can be created via a POST to the roles collection or via the create action signature which also allows creation of multiple roles in a single request.
POST /api/roles
{
"action" : "create",
"resource" : {
"name" : "sample_role",
"settings" : { "restrictions" : { "vms" : "user" } },
"features" : [
{ "identifier" : "vm_explorer" },
{ "identifier" : "ems_infra_tag" },
{ "identifier" : "miq_report_run" }
]
}
}
Note:
restrictions for vms can be either user or user_or_group
features can be specified via identifier, href, or id
or creating multiple roles:
{
"action" : "create",
"resources" : [
{ "name" : "sample_role1", ... },
{ "name" : "sample_role2", ... },
...
]
}
Note:
Please refer to the Resource Attributes page for a list of available attributes when creating Roles.
Editing Roles
POST /api/roles/:id
{
"action" : "edit",
"resource" : {
"name" : "updated_sample_role",
"settings" : { "restrictions" : { "vms" : "user_or_group" } }
}
}
or editing multiple roles:
POST /api/roles
{
"action" : "edit",
"resources" : [
{
"href" : "http://localhost:3000/api/roles/101",
"name" : "updated_sample_role1"
},
{
"href" : "http://localhost:3000/api/roles/102",
"name" : "updated_sample_role2"
},
...
]
}
Assigning features to a role
POST /api/roles/:id/features
{
"action" : "assign",
"resource" : {
"identifier" : "miq_request_view"
}
}
or assigning multiple features:
{
"action" : "assign",
"resources" : [
{ "identifier" : "miq_request_view" },
{ "identifier" : "storage_manager_show_list" },
...
]
}
Unassigning features from a role
POST /api/roles/:id/features
{
"action" : "unassign",
"resource" : {
{ "identifier" : "miq_request_view" }
}
}
or unassigning multiple features:
{
"action" : "unassign",
"resources" : [
{ "identifier" : "miq_request_view" },
{ "identifier" : "storage_manager_show_list" },
...
]
}
Deleting Roles
Non system roles (i.e. read_only false) can be deleted via either the delete POST action or via the DELETE HTTP method.
POST /api/roles/101
{
"action" : "delete"
}
or simply:
DELETE /api/roles/101
Deleting multiple roles can be done as follows:
POST /api/roles
{
"action" : "delete",
"resources" : [
{ "href" : "http://localhost:3000/api/roles/101" },
{ "href" : "http://localhost:3000/api/roles/102" },
...
]
}