Web RBAC API

Table of Contents

Web RBAC API for managing role based access control settings.

Get all permissions list

URI: https://hub.cfengine.com/api/rbac

Method: GET

Example request (curl):

curl -k --user <username>:<password> \
  -X GET \
  https://hub.cfengine.com/api/rbac

Example response:

[
    {
        "alias": "Inventory.post",
        "group": "Inventory API",
        "name": "Get inventory report",
        "description": "",
        "application": "API",
        "allowed_by_default": true
    },
    {
        "alias": "VariablesDictionary.get",
        "group": "Inventory API",
        "name": "Get inventory attributes",
        "description": "",
        "application": "API",
        "allowed_by_default": true
    },
    {
        "alias": "variablesDictionaryUpdate.post",
        "group": "Inventory API",
        "name": "Update inventory attributes",
        "description": "",
        "application": "API",
        "allowed_by_default": true
    }
]

Output:

  • alias (string) Alias (ID) of a permission
  • group (string) Group of a permission.
  • name (string) Name of a permission.
  • description (string) Description of a permission.
  • application (string) Application of a permission. Allowed values: API, Mission portal
  • allowed_by_default (boolean) Permission allowed by default. New role will be able to perform allowed by default actions.

Get current user permissions

URI: https://hub.cfengine.com/api/rbac/user-permissions

Method: GET

Example request (curl):

curl -k --user <username>:<password> \
  -X GET \
  https://hub.cfengine.com/api/rbac/user-permissions

Example response: [ { "alias": "Inventory.post", "group": "Inventory API", "name": "Get inventory report", "description": "", "application": "API", "allowed_by_default": true }, { "alias": "VariablesDictionary.get", "group": "Inventory API", "name": "Get inventory attributes", "description": "", "application": "API", "allowed_by_default": true }, { "alias": "variablesDictionaryUpdate.post", "group": "Inventory API", "name": "Update inventory attributes", "description": "", "application": "API", "allowed_by_default": true } ]

Get role permissions

URI: https://hub.cfengine.com/api/role/:role_name/permissions

Method: GET

Parameters:

  • role_name (string) Role name

Example request (curl):

curl -k --user <username>:<password> \
  -X GET \
  https://hub.cfengine.com/api/role/admin/permissions

Example response:

[
    {
        "alias": "Inventory.post",
        "group": "Inventory API",
        "name": "Get inventory report",
        "description": "",
        "application": "API",
        "allowed_by_default": true
    },
    {
        "alias": "VariablesDictionary.get",
        "group": "Inventory API",
        "name": "Get inventory attributes",
        "description": "",
        "application": "API",
        "allowed_by_default": true
    },
    {
        "alias": "variablesDictionaryUpdate.post",
        "group": "Inventory API",
        "name": "Update inventory attributes",
        "description": "",
        "application": "API",
        "allowed_by_default": true
    }
]

Add permissions to role

URI: https://hub.cfengine.com/api/role/:role_name/permissions

Method: POST

Assign new permission to role. Permissions will be added to existing permission list.

Parameters:

  • role_name (string) Role name

  • alias (array) Array of permission aliases Emp: ["Inventory.post", "VariablesDictionary.get"]. Required parameter.

Example request (curl):

curl -k --user <username>:<password> \
  -X POST \
  https://hub.cfengine.com/api/role/role_name/permissions \
  -H 'content-type: application/json' \
  -d '["Inventory.post", "VariablesDictionary.get"]'

Example response:

 HTTP 201 Created

Rewrite role's permissions

URI: https://hub.cfengine.com/api/role/:role_name/permissions

Method: PUT

Assign permission to role. New permissions replace existing.

Parameters:

  • role_name (string) Role name

  • alias (array) Array of permission aliases Emp: ["Inventory.post", "VariablesDictionary.get"]. Required parameter.

Example request (curl):

curl -k --user <username>:<password> \
  -X PUT \
  https://hub.cfengine.com/api/role/role_name/permissions \
  -H 'content-type: application/json' \
  -d '["Inventory.post", "VariablesDictionary.get"]'

Example response:

 HTTP 201 Created

Revoke permissions from role

URI: https://hub.cfengine.com/api/role/:role_name/permissions

Method: DELETE

Parameters:

  • role_name (string) Role name

  • alias (array) Array of permission aliases Emp: ["Inventory.post", "VariablesDictionary.get"]. Required parameter.

Example request (curl):

curl -k --user <username>:<password> \
  -X DELETE \
  https://hub.cfengine.com/api/role/role_name/permissions \
  -H 'content-type: application/json' \
  -d '["Inventory.post", "VariablesDictionary.get"]'

Example response:

 HTTP 204 No Content