Fusion Server

Version 4.1
How To
Documentation
    Learn More

      Roles API

      Roles are groups of permissions that allow access to the UI and the REST APIs. See Roles for details.

      Security Realms can be configured to use LDAP group membership to assign Roles to users. See the LDAP configuration instructions for details.

      Create, Update or Delete Roles

      The endpoint for this request can take the role ID as a request parameter:

      /api/roles/<id>

      The role ID string is generated by Fusion when the role is created.

      A GET request returns the configured roles for a specific ID. If the ID is omitted from the path, all roles will be returned.

      A POST request creates a new role. When creating a new role, the request path is /api/roles. If the role is created, the request returns the role ID.

      In order to see this object within the Fusion UI, it must be associated with an app. To do this, create the object using the /apps endpoint.

      A PUT request updates an existing role.

      A DELETE request will remove the role configuration.

      Role Specification

      To create or update a Role via a POST or PUT request, the request body is a JSON object with the following attributes:

      Property Description

      name
      Required

      A string containing the role name.

      desc
      Optional

      A string containing a brief text description, for display on the Access Control "ROLES" panel.

      permissions
      Optional

      A list of permissions, specified in JSON notation. See section Permissions for details.

      uiPermissions
      Optional

      A list of names of UI components.

      The following example describes a role with permissions to access Fusion Dashboards for collection "mdb1":

      {
        "name":"view-dashboard-mdb1",
        "desc":"can access/use analytics dashboard \"mdb1\" but not allowed to change dashboard controls.",
        "permissions":[
          {"methods":["GET"],"path":"/solr/system_banana/*"},
          {"methods":["GET"],"path":"/solr/{id}/*","params":{"id":["mdb1"]}},
          {"methods":["GET"],"path":"/solr/{id}/admin/luke","params":{"id":["mdb1"]}},
          {"methods":["GET"],"path":"/collections/system_banana"}
        ],
        "uiPermissions":[
          "dashboards",
          "fields"
        ]
      }

      Examples

      Get the details for the role with id '3416c03a-31df-4103-b446-358f6790af3e':

      REQUEST

      curl -u user:pass http://fusion-host:8764/api/roles/3416c03a-31df-4103-b446-358f6790af3e

      RESPONSE

      {
        "id":"3416c03a-31df-4103-b446-358f6790af3e",
        "name":"search",
        "createdAt":"2016-03-09T20:01:48Z",
        "permissions":[
          {"methods":["GET"],"path":"/query-pipelines/*/collections/*/select"},
          {"methods":["GET"],"path":"/query-pipelines"},
          {"methods":["GET"],"path":"/solr/*/schema"},
          {"methods":["GET"],"path":"/prefs/apps/search/*"},
          {"methods":["GET"],"path":"/collections/**"},
          {"methods":["GET"],"path":"/solr/*/admin/luke"}
        ],
        "uiPermissions":[
          "search",
          "collections"
        ],
        "desc":"Provides read-only/required permissions for the Fusion Search UI."
      }
      Loading API specification...