Role Management

Management of User Roles is provided via the following collection:

/api/roles

as well as the associated product features via:

/api/features

Full CRUD actions on roles is available:

Querying Roles

Querying all roles in the system is simply:

GET /api/roles

Getting details on a specific role:

GET /api/roles/:id

Including the features it entitles:

GET /api/roles/:id?expand=features

Or simply querying the features entitled by the role:

GET /api/roles/:id/features?expand=resources

Querying all product features of the system that can be assigned to a role.

GET /api/features

Creating Roles

Roles can be created via a POST to the roles collection or via the create action signature which also allows creation of multiple roles in a single request.

POST /api/roles
{
  "action" : "create",
  "resource" : {
    "name" : "sample_role",
    "settings" : { "restrictions" : { "vms" : "user" } },
    "features" : [
      { "identifier" : "vm_explorer" },
      { "identifier" : "ems_infra_tag" },
      { "identifier" : "miq_report_run" }
    ]
  }
}

Note:

restrictions for vms can be either user or user_or_group

features can be specified via identifier, href, or id

or creating multiple roles:

{
  "action" : "create",
  "resources" : [
    { "name" : "sample_role1", ... },
    { "name" : "sample_role2", ... },
    ...
  ]
}

Note:

Please refer to the Resource Attributes page for a list of available attributes when creating Roles.

Editing Roles

POST /api/roles/:id
{
  "action" : "edit",
  "resource" : {
    "name" : "updated_sample_role",
    "settings" : { "restrictions" : { "vms" : "user_or_group" } }
  }
}

or editing multiple roles:

POST /api/roles
{
  "action" : "edit",
  "resources" : [
    {
      "href" : "http://localhost:3000/api/roles/101",
      "name" : "updated_sample_role1"
    },
    {
      "href" : "http://localhost:3000/api/roles/102",
      "name" : "updated_sample_role2"
    },
    ...
  ]
}

Assigning features to a role

POST /api/roles/:id/features
{
  "action" : "assign",
  "resource" : {
    "identifier" : "miq_request_view"
  }
}

or assigning multiple features:

{
  "action" : "assign",
  "resources" : [
    { "identifier" : "miq_request_view" },
    { "identifier" : "storage_manager_show_list" },
    ...
  ]
}

Unassigning features from a role

POST /api/roles/:id/features
{
  "action" : "unassign",
  "resource" : {
    { "identifier" : "miq_request_view" }
  }
}

or unassigning multiple features:

{
  "action" : "unassign",
  "resources" : [
    { "identifier" : "miq_request_view" },
    { "identifier" : "storage_manager_show_list" },
    ...
  ]
}

Deleting Roles

Non system roles (i.e. read_only false) can be deleted via either the delete POST action or via the DELETE HTTP method.

POST /api/roles/101
{
  "action" : "delete"
}

or simply:

DELETE /api/roles/101

Deleting multiple roles can be done as follows:

POST /api/roles
{
  "action" : "delete",
  "resources" : [
    { "href" : "http://localhost:3000/api/roles/101" },
    { "href" : "http://localhost:3000/api/roles/102" },
    ...
  ]
}