Authorization API

CLI: Security CLI commands

 

OperationREST APIBodyResponse
grantPOST /security/authorization/grant
GrantRequest
{
  "entity": {
    "namespace": "ns1",
    "entity": "NAMESPACE"
  },
  "principal": {
    "name": "admin",
    "type": "ROLE"
  },
  "actions": [
    "READ"
  ]
}

200: Granted the action on the entity for the principal

revokePOST /security/authorization/revoke
RevokeRequest
{
  "entity": {
    "namespace": "ns1",
    "entity": "NAMESPACE"
  },
  "principal": {
    "name": "admin",
    "type": "ROLE"
  },
  "actions": [
    "READ"
  ]
}

200: Revoked the actions on the entity for the principal

Role Based Access Control
create role

PUT /security/authorization/roles/<role-name>

N/A

200: Created the role

409: role already exists

delete roleDELETE /security/authorization/roles/<role-name>N/A

200: Deleted the role

404: role is not found

List rolesGET /security/authorization/roles/N/A

200: List of roles

Roles
["Role", "Role2"]
add role to principalPUT /security/authorization/<principal-type>/<principal-name>/roles/<role-name>

 

200: Added role to principal

404: role not found

404: principal not found

remove role from principalDELETE /security/authorization/<principal-type>/<principal-name>/roles/<role-name>

 

200: removed role from principal

404: role not found

404: principal not found

List roles for principalGET /security/authorization/<principal-type>/<principal-name>/roles

N/A

 200: List of roles

Roles
["Role", "Role2"]

404: Principal not found

 List privileges for roleGET /security/authorization/roles/<role-name>/privilegesN/A 

 200: List of privileges for the role

Privileges
["Privilege1", "Privilege2"]

404: role not found

Privilege
/**
 * Represents a privilege granted to a {@link Principal user}, {@link Principal group} or a role. It determines    * if the user or group can perform a given {@link Action} on an
 * {@link EntityId}. It also determines if this privilege also gives the user or group the permission to grant  * the same privilege to other users or groups.
 */
public class Privilege {
  private final EntityId entity;
  private final Action action;
  private final boolean withGrantOption;
}

 

Â