Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

CLI: Security CLI commands

 

 security create role <role-name>  
security drop role <role-name>
OperationREST APIBodyResponseCLI Command (from Security CLI commands)
grantPOST /security/authorization/grant
Code Block
titleGrantRequest
{
  "entity": {
    "namespace": "ns1",
    "entity": "NAMESPACE"
  },
  "principal": {
    "name": "admin",
    "type": "ROLE"
  },
  "actions": [
    "READ"
  ]
}

200: Granted the action on the entity for the principal

security grant entity NAMESPACE:default principal-type ROLE

principal

-name admins actions READ

revokePOST /security/authorization/revoke
Code Block
titleRevokeRequest
{
  "entity": {
    "namespace": "ns1",
    "entity": "NAMESPACE"
  },
  "principal": {
    "name": "admin",
    "type": "ROLE"
  },
  "actions": [
    "READ"
  ]
}

200: Revoked the actions on the entity for the principal

 
check authorizedsecurity/authorization/authorized
Code Block
titleCheckAuthorizedRequest
{
  "entity": {
    "namespace": "ns1",
    "entity": "NAMESPACE"
  },
  "principal": {
    "name": "admin",
    "type": "ROLE"
  },
  "actions": [
    "READ"
  ]
}

200: authorized

401: Unauthorized

 
Role Based Access Control
create role

PUT /security/authorization/roles/<role-name>

N/A

200: Created the role

409: role already exists

delete roleDELETE /security/authorization/roles/<role-name>N/A

200: Deleted the role

404: role is not found

List rolesGET /security/authorization/roles/N/A

200: List of roles

Code Block
titleRoles
["Role", "Role2"]
 
security list roles
add role to principalPUT /security/authorization/<principal-type>/<principal-name>/roles/<role-name>

 

200: Added role to principal

404: role not found

404: principal not found

 

security add role <role-name> to group/user <group/user-name>remove role from principalDELETE /security/authorization/<principal-type>/<principal-name>/roles/<role-name>

 

200: removed role from principal

404: role not found

404: principal not found

  

security remove role <role-name> from group/user <group/user-name>
List roles for principalGET /security/authorization/<principal-type>/<principal-name>/roles

N/A

 200: List of roles

Code Block
titleRoles
["Role", "Role2"]

404: Principal not found

 
security list roles for group/user <group/user-name>

 List privileges for roleGET /security/authorization/roles/<role-name>/privilegesN/A 

 200: List of privileges for the role

Code Block
titlePrivileges
["Privilege1", "Privilege2"]

404: role not found

 
security list privileges for role <role-name>

Code Block
languagejava
titlePrivilege
/**
 * Represents a privilege granted to a {@link Principal user}, {@link Principal group} or a role. It determines    * if the user or group can perform a given {@link Action} on an
 * {@link EntityId}. It also determines if this privilege also gives the user or group the permission to grant  * the same privilege to other users or groups.
 */
public class Privilege {
  private final EntityId entity;
  private final Action action;
  private final boolean withGrantOption;
}