Red Hat Training

A Red Hat training course is available for Red Hat Gluster Storage

Chapter 12. Roles

The rel="roles" link obtained from the entry point URI (see Chapter 5, Entry Point) provides access to a static set of system roles.
Each individual role element contains the following:

Table 12.1. Role elements

Element Type Description Properties
link="permits" relationship A link to the permits sub-collection for role permits.
mutable Boolean: true or false Defines the ability to update or delete the role. Roles with mutable set to false are roles built into the Red Hat Storage Console environment.
administrative Boolean: true or false Defines the role as administrative-only.

Example 12.1. An XML representation of the roles collection

<roles>
    <role id="00000000-0000-0000-0000-000000000001"
      href="/api/roles/00000000-0000-0000-0000-000000000001">
        <name>SuperUser</name>
        <description>Roles management administrator</description>
        <link rel="permits"
          href="/api/roles/00000000-0000-0000-0000-000000000001/permits"/>
        <mutable>false</mutable>
        <administrative>true</administrative>
    </role>
    <role id="00000000-0000-0000-0001-000000000001"
      href="/api/roles/00000000-0000-0000-0001-000000000001">
        <name>RHSCUser</name>
        <description>RHSC user</description>
        <link rel="permits"
          href="/api/roles/00000000-0000-0000-0001-000000000001/permits"/>
        <mutable>false</mutable>
        <administrative>false</administrative>
    </role>
  </roles>
Creation of a role requires values for name, administrative and a list of initial permits. See Section 7.2.4, “Creating a Resource in a Collection” for more information.

Example 12.2. Creating a role

POST /api/roles HTTP/1.1
Accept: application/xml
Content-type: application/xml

<role>
    <name>Finance Role</name>
    <administrative>true</administrative>
    <permits>
        <permit id="1"/>
    </permits>
</role>
The name, description and administrative elements are updatable post-creation. See Section 7.3.2, “Updating a Resource” for more information.

Example 12.3. Updating a role

PUT /api/roles/8de42ad7-f307-408b-80e8-9d28b85adfd7 HTTP/1.1
Accept: application/xml
Content-type: application/xml

<role>
    <name>Engineering Role</name>
    <description>Standard users in the Engineering Role</description>
    <administrative>false</administrative>
</role>
Removal of a role requires a DELETE request.

Example 12.4. Removing a role

DELETE /api/roles/8de42ad7-f307-408b-80e8-9d28b85adfd7 

HTTP/1.1 204 No Content
22632%2C+Console+Developer+Guide-322-09-2014+17%3A11%3A35Report a bug

12.1. Permits Sub-Collection

Each role contains a set of allowable actions, or permits, which the API lists in capabilities.
A role's permits are listed as a sub-collection:

Example 12.5. Listing a role's permits

GET /api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits HTTP/1.1
Accept: application/xml

HTTP/1.1 200 OK
Content-Type: application/xml

<permits>
    <permit id="1"
      href="/api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits/1">
        <name>create_vm</name>
        <administrative>false</administrative>
        <role id="b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"
          href="/api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"/>
    </permit>
    ...
</permits>
Assign a permit to a role with a POST request to the permits sub-collection. Use either an id attribute or a name element to specify the permit to assign.

Example 12.6. Assign a permit to a role

POST /api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits HTTP/1.1
Accept: application/xml
Content-Type: application/xml

<permit id="1"/>

HTTP/1.1 201 Created
Content-Type: application/xml

<permits>
    <permit id="1"
      href="/api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits/1">
        <name>create_vm</name>
        <administrative>false</administrative>
        <role id="b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"
          href="/api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"/>
    </permit>
</permits>
Remove a permit from a role with a DELETE request to the permit resource.

Example 12.7. Remove a permit from a role

DELETE /api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits/

HTTP/1.1 204 No Content
22632%2C+Console+Developer+Guide-322-09-2014+17%3A11%3A35Report a bug