Security roles owner.uuid name privileges path endpoint overview
- PDF of this doc site
Collection of separate PDF docs
Creating your file...
Overview
A role can comprise of multiple tuples and each tuple consists of the REST API path and its access level. These APIs can be used to retrieve and modify the access level or delete one of the constituent REST API paths within a role. The REST API path can be a resource-qualified endpoint. Currently, the only supported resource-qualified endpoints are /api/storage/volumes/{volume.uuid}/snapshots and /api/storage/volumes//snapshots. "" is a wildcard character denoting "all" volumes.
The role can be SVM-scoped or cluster-scoped.
Specify the owner UUID and the role name in the URI path. The owner UUID corresponds to the UUID of the SVM for which the role has been created and can be obtained from the response body of a GET request performed on one of the following APIs:
/api/security/roles for all roles
/api/security/roles/?scope=svm for SVM-scoped roles
/api/security/roles/?owner.name=
The access level for paths in pre-defined roles cannot be updated. |
Examples
Updating the access level for a path in the privilege tuple of an existing role
# The API: PATCH "/api/security/roles/{owner.uuid}/{name}/privileges/{path}" # The call: curl -X PATCH "https://<mgmt-ip>/api/security/roles/aaef7c38-4bd3-11e9-b238-0050568e2e25/svm_role1/privileges/%2Fapi%2Fprotocols" -d '{"access":"all"}'
Updating the access level for a resource-qualified endpoint in the privilege tuple of an existing role
# The API: PATCH "/api/security/roles/{owner.uuid}/{name}/privileges/{path}" # The call: curl -X PATCH "https://<mgmt-ip>/api/security/roles/aaef7c38-4bd3-11e9-b238-0050568e2e25/svm_role1/privileges/%2Fapi%2Fstorage%2Fvolumes%2F742ef001-24f0-4d5a-9ec1-2fdaadb282f4%2Fsnapshots" -d '{"access":"readonly"}'
Retrieving the access level for a path in the privilege tuple of an existing role
# The API: GET "/api/security/roles/{owner.uuid}/{name}/privileges/{path}" # The call: curl -X GET "https://<mgmt-ip>/api/security/roles/aaef7c38-4bd3-11e9-b238-0050568e2e25/svm_role1/privileges/%2Fapi%2Fprotocols" # The response: { "owner": { "uuid": "aaef7c38-4bd3-11e9-b238-0050568e2e25" }, "name": "svm_role1", "path": "/api/protocols", "access": "all", "_links": { "self": { "href": "/api/security/roles/aaef7c38-4bd3-11e9-b238-0050568e2e25/svm_role1/privileges/%2Fapi%2Fprotocols" } } }
Retrieving the access level for a resource-qualified endpoint in the privilege tuple of an existing role
# The API: GET "/api/security/roles/{owner.uuid}/{name}/privileges/{path}" # The call: curl -X GET "https://<mgmt-ip>/api/security/roles/aaef7c38-4bd3-11e9-b238-0050568e2e25/svm_role1/privileges/%2Fapi%2Fstorage%2Fvolumes%2Fd0f3b91a-4ce7-4de4-afb9-7eda668659dd%2F%2Fsnapshots" # The response: { "owner": { "uuid": "aaef7c38-4bd3-11e9-b238-0050568e2e25" }, "name": "svm_role1", "path": "/api/storage/volumes/d0f3b91a-4ce7-4de4-afb9-7eda668659dd/snapshots", "access": "all", "_links": { "self": { "href": "/api/security/roles/aaef7c38-4bd3-11e9-b238-0050568e2e25/svm_role1/privileges/%2Fapi%2Fstorage%2Fvolumes%2Fd0f3b91a-4ce7-4de4-afb9-7eda668659dd%2Fsnapshots" } } }
Deleting a privilege tuple from an existing role
# The API: DELETE "/api/security/roles/{owner.uuid}/{name}/privileges/{path}" # The call: curl -X DELETE "https://<mgmt-ip>/api/security/roles/aaef7c38-4bd3-11e9-b238-0050568e2e25/svm_role1/privileges/%2Fapi%2Fprotocols"
Deleting a privilege tuple, containing a resource-qualified endpoint, from an existing role
# The API: DELETE "/api/security/roles/{owner.uuid}/{name}/privileges/{path}" # The call: curl -X DELETE "https://<mgmt-ip>/api/security/roles/aaef7c38-4bd3-11e9-b238-0050568e2e25/svm_role1/privileges/%2Fapi%2Fstorage%2Fvolumes%2F742ef001-24f0-4d5a-9ec1-2fdaadb282f4%2Fsnapshots"