Operation | REST API | Body | Response | CLI Command (from Security CLI commands) |
---|---|---|---|---|
grant | security/authorization/grant | GrantRequest { "entity": { "namespace": "ns1", "entity": "NAMESPACE" }, "principal": { "name": "admin", "type": "ROLE" }, "actions": [ "READ" ] } | ||
revoke | security/authorization/revoke | RevokeRequest { "entity": { "namespace": "ns1", "entity": "NAMESPACE" }, "principal": { "name": "admin", "type": "ROLE" }, "actions": [ "READ" ] } | ||
check authorized | security/authorization/authorized | CheckAuthorizedRequest { "entity": { "namespace": "ns1", "entity": "NAMESPACE" }, "principal": { "name": "admin", "type": "ROLE" }, "actions": [ "READ" ] } | ||
create role | PUT /security/authorization/roles/<role-name> | N/A | 200: Created the role 409: role already exists | create role <role-name> |
delete role | DELETE /security/authorization/roles/<role-name> | N/A | 200: Deleted the role 404: role is not found | drop role <role-name> |
List roles | GET /security/authorization/roles/ | N/A | 200: List of roles Roles ["Role", "Role2"] | list roles |
add role to principal | PUT /security/authorization/<principal-type>/<principal-name>/roles/<role-name> |
| 200: Added role to principal 404: role not found 404: principal not found | add role <role-name> to group/user <group/user-name> |
remove role from principal | DELETE /security/authorization/<principal-type>/<principal-name>/roles/<role-name> |
| 200: removed role from principal 404: role not found 404: principal not found | remove role <role-name> from group/user <group/user-name> |
List roles for principal | GET /security/authorization/<principal-type>/<principal-name>/roles | N/A | 200: List of roles Roles ["Role", "Role2"] 404: Principal not found | list roles for group/user <group/user-name> |
List privileges for role | GET /security/authorization/roles/<role-name>/privileges | N/A | 200: List of privileges for the role Privileges ["Privilege1", "Privilege2"] 404: role not found | list privileges for role <role-name> |