Roles
A Role is a grouping of permissions that you can apply to any user or group in the system. Users with no role will not be allowed to access the user interface, nor the underlying API.
Basic Operations
Basic operations of Create, List, Update and Destroy are available for roles
List all Roles
Call to /authorization/role to get all roles.
Request Object
+ URL /api/v2/authorization/role + Method GET + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body {}
Response Object
Sending this should get you back a valid response, an array with each role in the system.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body [ { "id": 1, "hostid": "09e3b2bd", "role_name": "admin", "role_permissions": "authorization:standard,cloud:touch,cron:view,cron:create,cron:manage,cron:destroy,device:view,filesystem:view,filesystem:manage,event:view,event:destroy,usergroup:view,usergroup:create,usergroup:manage,usergroup:destroy,authprovider:view,authprovider:manage,ha:view,ha:destroy,ha:create,ha:manage,ipmi:view,ipmi:manage,lustre:view,lustre:manage,lustre:create,networkconfig:view,networkconfig:manage,interface:view,interface:manage,interface:create,interface:destroy,networkauth:view,networkauth:manage,networkqos:view,networkqos:create,networkqos:manage,networkqos:destroy,nfs:view,nfs:create,nfs:manage,nfs:destroy,notification:view,notification:create,notification:manage,notification:destroy,pod:view,pod:create,pod:manage,pod:destroy,pool:view,pool:manage,pool:create,pool:destroy,probe:view,probe:manage,role:view,role:create,role:manage,role:destroy,service:view,service:manage,service:destroy,smb:view,smb:create,smb:manage,smb:destroy,snapshot:view,snapshot:create,snapshot:destroy,snapshot:manage,statistic:view,status:view,status:create,status:manage,status:destroy,system:view,system:manage,systemhealth:view,systemhealth:create,systemkey:view,systemkey:create,systemkey:destroy,systemkey:manage,system:special,process:view,process:destroy,token:view,token:standard,token:manage,zfs:view,zfs:create,zfs:manage,zfs:destroy,license:create,license:view,routine:view,routine:create,routine:manage,routine:destroy,job:view,job:create,job:manage,job:destroy,trigger:view,trigger:create,trigger:manage,trigger:destroy,be:view,be:create,be:manage,be:destroy,certificate:view,certificate:create,certificate:manage,certificate:destroy,ctdb:view,ctdb:create,ctdb:manage,ctdb:destroy", "enabled": true, "createdAt": "2020-09-09T03:10:21.227Z", "updatedAt": "2020-09-09T03:10:21.227Z" }, { "id": 2, "hostid": "09e3b2bd", "role_name": "sudo", "role_permissions": "authorization:standard,cloud:touch,cron:view,cron:create,cron:manage,cron:destroy,device:view,filesystem:view,filesystem:manage,event:view,event:destroy,usergroup:view,usergroup:create,usergroup:manage,usergroup:destroy,authprovider:view,authprovider:manage,ha:view,ha:destroy,ha:create,ha:manage,ipmi:view,ipmi:manage,lustre:view,lustre:manage,lustre:create,networkconfig:view,networkconfig:manage,interface:view,interface:manage,interface:create,interface:destroy,networkauth:view,networkauth:manage,networkqos:view,networkqos:create,networkqos:manage,networkqos:destroy,nfs:view,nfs:manage,nfs:create,notification:view,notification:create,notification:manage,notification:destroy,pod:view,pod:create,pod:manage,pod:destroy,pool:view,pool:manage,pool:create,pool:destroy,probe:view,probe:manage,role:view,role:create,role:manage,role:destroy,service:view,service:manage,service:destroy,smb:view,smb:manage,smb:create,snapshot:view,snapshot:create,snapshot:destroy,snapshot:manage,statistic:view,status:view,status:create,status:manage,status:destroy,system:view,system:manage,systemhealth:view,systemhealth:create,systemkey:view,systemkey:create,systemkey:destroy,systemkey:manage,system:special,process:view,process:destroy,token:view,token:standard,token:manage,zfs:view,zfs:create,zfs:manage,zfs:destroy,license:create,license:view,routine:view,routine:create,routine:manage,routine:destroy,job:view,job:create,job:manage,job:destroy,trigger:view,trigger:create,trigger:manage,trigger:destroy,be:view,be:create,be:manage,be:destroy,certificate:view,certificate:create,certificate:manage,certificate:destroy,ctdb:view,ctdb:create,ctdb:manage,ctdb:destroy", "enabled": true, "createdAt": "2020-09-09T03:10:21.227Z", "updatedAt": "2020-09-09T03:10:21.227Z" }, { "id": 3, "hostid": "09e3b2bd", "role_name": "nolustre", "role_permissions": "authorization:standard,cron:view,device:view,filesystem:view,event:view,usergroup:view,ha:view,ipmi:view,job:view,networkconfig:view,interface:view,networkauth:view,networkqos:view,nfs:view,notification:view,pod:view,pool:view,probe:view,role:view,routine:view,service:view,smb:view,snapshot:view,statistic:view,status:view,system:view,systemhealth:view,systemkey:view,process:view,token:view,zfs:view,ctdb:manage,ctdb:view", "enabled": true, "createdAt": "2020-09-17T23:58:01.107Z", "updatedAt": "2020-09-17T23:58:01.107Z" } ]
Get one Role
Call to /authorization/role/$ROLE_ID to get one specific role.
Request Object
+ URL /api/v2/authorization/role/$ROLE_ID + Method GET + Parameters role id (number, required, URL param) - the identifier number of the role you wish to get + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body {}
Response Object
Sending this should get you back a valid response, an array with the role you requested.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body [ { "id": 3, "hostid": "09e3b2bd", "role_name": "nolustre", "role_permissions": "authorization:standard,cron:view,device:view,filesystem:view,event:view,usergroup:view,ha:view,ipmi:view,job:view,networkconfig:view,interface:view,networkauth:view,networkqos:view,nfs:view,notification:view,pod:view,pool:view,probe:view,role:view,routine:view,service:view,smb:view,snapshot:view,statistic:view,status:view,system:view,systemhealth:view,systemkey:view,process:view,token:view,zfs:view,ctdb:manage,ctdb:view", "enabled": true, "createdAt": "2020-09-17T23:58:01.107Z", "updatedAt": "2020-09-17T23:58:01.107Z" } ]
Create a Role
Creating a role takes a set of permissions and a name and creates a new role to be assigned in the system.
Request Object
+ URL /api/v2/authorization/role/create + Method POST + Parameters role_name (string, required, Body) - The name to be assigned to this role role_permissions (string, required, Body) - A comma delimited list of permissions. All permissions are of the form ($Noun:$Verb), and can be viewed in the role list above enabled (boolean, optional, Body) - You can optionally set a role to be disabled when creating. Disabled roles will not grant permission to a user or group. + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body { "role_name": "test", "role_permissions": "authorization:standard,filesystem:view,pool:view,service:view,system:view", "enabled": false }
Response Object
Sending this should get you back a valid response, an array with the role you created.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body [ { "id": 4, "hostid": "09e3b2bd", "role_name": "test", "role_permissions": "authorization:standard,filesystem:view,pool:view,service:view,system:view", "enabled": false, "createdAt": "2020-09-28T16:33:00.798Z", "updatedAt": "2020-09-28T16:33:00.798Z" } ]
Update a Role
Once a role is created, you may update any of the created fields.
Request Object
+ URL /api/v2/authorization/role/update/$ROLE_ID + Method POST + Parameters role id (number, required, URL param) - the identifier number of the role you wish to update role_name (string, optional, Body) - The name to be assigned to this role role_permissions (string, optional, Body) - A comma delimited list of permissions. All permissions are of the form ($Noun:$Verb), and can be viewed in the role list above enabled (boolean, optional, Body) - You can optionally set a role to be disabled when creating. Disabled roles will not grant permission to a user or group. + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body { "role_name": "test2", "role_permissions": "authorization:standard", "enabled": true }
Response Object
Sending this should get you back a valid response, an array with the role you updated.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body [ { "id": 4, "hostid": "09e3b2bd", "role_name": "test2", "role_permissions": "authorization:standard", "enabled": true, "createdAt": "2020-09-28T16:33:00.798Z", "updatedAt": "2020-09-28T16:33:00.798Z" } ]
Destroy a Role
Call to /authorization/role/destroy/$ROLE_ID to destroy a role.