Versions Compared

Old Version 6

changes.mady.by.user Rohit Sinha

Saved on

compared with

New Version Current

changes.mady.by.user Rohit Sinha

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

CLI: Security CLI commands

 

 security create role <role-name> 
 
security drop role <role-name>
OperationREST APIBodyResponseCLI Command (from Security CLI commands)
grantPOST /security/authorization/grant
Code Block
titleGrantRequest
{
  "entity": {
    "namespace": "ns1",
    "entity": "NAMESPACE"
  },
  "principal": {
    "name": "admin",
    "type": "ROLE"
  },
  "actions": [
    "READ"
  ]
}

200: Granted the action on the entity for the principal

security grant entity <entity-id> principal-type <principal-type-name> principal-name <principal-name> actions READ
revokePOST /security/authorization/revoke
Code Block
titleRevokeRequest
{
  "entity": {
    "namespace": "ns1",
    "entity": "NAMESPACE"
  },
  "principal": {
    "name": "admin",
    "type": "ROLE"
  },
  "actions": [
    "READ"
  ]
}

200: Revoked the actions on the entity for the principal

security revoke entity <entity-id> principal-type <principal-type-name> principal-name <principal-name> actions READ
Role Based Access Control
create role

PUT /security/authorization/roles/<role-name>

N/A

200: Created the role

409: role already exists

delete roleDELETE /security/authorization/roles/<role-name>N/A

200: Deleted the role

404: role is not found

List rolesGET /security/authorization/roles/N/A

200: List of roles

Code Block
titleRoles
["Role", "Role2"]
 
security list roles
add role to principalPUT /security/authorization/<principal-type>/<principal-name>/roles/<role-name>
 
200: Added role to principal
404: role not found
404: principal not found
 
security add role <role-name> to group/user <group/user-name>
remove role from principalDELETE /security/authorization/<principal-type>/<principal-name>/roles/<role-name>
 
200: removed role from principal
404: role not found
404: principal not found
 
 
security remove role <role-name> from group/user <group/user-name>
List roles for principalGET /security/authorization/<principal-type>/<principal-name>/roles
N/A
 200: List of roles
 Code Block
titleRoles
["Role", "Role2"]
404: Principal not found
 
security list roles for group/user <group/user-name>
 List privileges for roleGET /security/authorization/roles/<role-name>/privilegesN/A 
 200: List of privileges for the role
 Code Block
titlePrivileges
["Privilege1", "Privilege2"]
404: role not found
 
security list privileges for role <role-name>
 Code Block
languagejava
titlePrivilege
/**
 * Represents a privilege granted to a {@link Principal user}, {@link Principal group} or a role. It determines    * if the user or group can perform a given {@link Action} on an
 * {@link EntityId}. It also determines if this privilege also gives the user or group the permission to grant  * the same privilege to other users or groups.
 */
public class Privilege {
  private final EntityId entity;
  private final Action action;
  private final boolean withGrantOption;
}