Links

Authorization (RBAC)

For general information about RBAC, check out this link.
The following endpoint is the base url for the APIs below.
https://service.alphaus.cloud/m/auth/rbac/

List permissions

List all permissions supported by RBAC in all namespaces. For reference, supported permissions can be found here.
Request
GET /permissions HTTP1.1
authorization: Bearer {token}
Response
HTTP/1.1 200 OK
[
{
"namespace":"wave",
"permissions":[
"Admin",
"ModifySettings",
"..."
]
},
{
"namespace":"ripple",
"permissions":[
"Admin"
]
}
]

Create role

During role creation, if your permissions list contains an Admin entry, all other entries will be discarded except Admin.
Roles are root user-level. That means all roles created by the root user, or any subuser that has permissions to create roles, are available to all subusers.
Request
POST /roles HTTP1.1
authorization: Bearer {token}
content-type: application/json
{
"name":"testrole",
"namespace":"wave",
"permissions":[
"ModifySettings",
"ViewSettings",
...
]
}
Role names should have at least 6 characters in length and 32 characters maximum. It should also be alphanumeric. Hyphens and underscores are allowed in between. The regular expression used for validation is below:
^[A-Za-z0-9][A-Za-z0-9_-]*[A-Za-z0-9]$
Response
HTTP/1.1 200 OK
{
"name":"testrole",
"namespace":"wave",
"permissions":[
"ModifySettings",
"ViewSettings",
...
]
}

List roles

Request
GET /roles?namespace={namespace} HTTP1.1
authorization: Bearer {token}
The {namespace} parameter is optional. If not provided, all roles will be returned.
Response
HTTP/1.1 200 OK
[
{
"name": "testrole",
"namespace": "wave",
"permissions": [
"ModifySettings",
"ViewSettings",
"ModifyAccountSettings"
]
},
{
"name": "waveAdmin",
"namespace": "wave",
"permissions": [
"Admin"
]
},
...
]

Update role

Update role. If role name is different, rename mapped role name.
Request
PATCH /roles/{namespace}/{rolename} HTTP1.1
authorization: Bearer {token}
content-type: application/json
{
"namespace":"wave",
"permissions":[
"ModifySettings",
"ViewSettings",
...
]
}
Response
HTTP/1.1 200 OK
{
"name": "testrole",
"namespace":"wave",
"permissions":[
"ModifySettings",
"ViewSettings",
...
]
}

Delete role

Delete role. Deleting a role will also remove all mappings.
Request
DELETE /roles/{namespace}/{rolename} HTTP1.1
authorization: Bearer {token}

Map roles to user

You can only map (or attach) up to 5 roles to a user per namespace. There is no limit for filtering rules per user.
Valid values for type for filtering rules:
Namespace
Value
wave
linkAcct, group, tags
ripple
billingGroup
Request
POST /userroles HTTP1.1
authorization: Bearer {token}
content-type: application/json
{
"user_id":"subuser1",
"roles":[
{
"namespace":"wave",
"role": "somerole",
},
...
]
}
Response
HTTP/1.1 200 OK
{
"success":[
"somerole"
],
"failed":[],
"filters":[]
}

List user role mappings

Request
For this endpoint, the returned role mappings are those attached to the caller.
GET /userroles HTTP1.1
authorization: Bearer {token}
For listing role mappings of other subusers, use this endpoint.
GET /{subuser}/userroles HTTP1.1
Authorization: Bearer {token}
{subuser} is the subuser name.
Response
HTTP/1.1 200 OK
[
{
"root_user":"58c2297d25645",
"sub_user":"subuser01",
"namespace":"wave",
"role":"testrole1"
},
{
"root_user":"58c2297d25645",
"sub_user":"subuser02",
"namespace":"wave",
"filter":"billingGroup:2222"
},
...
]

List user permissions

Retrieve all permissions to all roles attached to the {subuser}.
Request
GET /{subuser}/permissions HTTP1.1
authorization: Bearer {token}
Response
HTTP/1.1 200 OK
[
{
"namespace":"wave",
"permissions":[
"Admin",
"ModifySettings",
"..."
]
},
{
"namespace":"ripple",
"permissions":[
"Admin"
]
}
]

Update map roles to user

You can only update map (or attach) up to 5 roles to a user per namespace. There is no limit for filtering rules per user.
Valid values for type for filtering rules:
Namespace
Value
wave
linkAcct, group, tags
ripple
billingGroup
This method replaces subuser's all roles to information in the request body.
Request
PATCH /userroles HTTP1.1
authorization: Bearer {token}
content-type: application/json
{
"roles":[
{
"namespace":"wave",
"role": "somerole",
},
...
]
}
PATCH /{subuser}/userroles HTTP1.1
authorization: Bearer {token}
content-type: application/json
{
"roles":[
{
"namespace":"wave",
"role": "somerole",
},
...
]
}
{subuser} is the subuser id.
Response
HTTP/1.1 200 OK
{
"success":[
"somerole"
],
"failed":[],
"filters":[]
}
Last modified 10mo ago