Roles API

Table of Contents

Create, Update or Delete Roles
Role Specification
Examples
API specification

Roles are groups of permissions that allow access to the UI and the REST APIs. See Roles for details.

Security Realms can be configured to use LDAP group membership to assign Roles to users. See the LDAP configuration instructions for details.

Create, Update or Delete Roles

The endpoint for this request can take the role ID as a request parameter:

/api/roles/<id>

The role ID string is generated by Fusion when the role is created.

A GET request returns the configured roles for a specific ID. If the ID is omitted from the path, all roles will be returned.

A POST request creates a new role. When creating a new role, the request path is /api/roles. If the role is created, the request returns the role ID.

In order to see this object within the Fusion UI, it must be associated with an app. To do this, create the object using the /apps endpoint.

A PUT request updates an existing role.

A DELETE request will remove the role configuration.

Role Specification

To create or update a Role via a POST or PUT request, the request body is a JSON object with the following attributes:

Property	Description
name Required	A string containing the role name.
desc Optional	A string containing a brief text description, for display on the Access Control "ROLES" panel.
permissions Optional	A list of permissions, specified in JSON notation. See section Permissions for details.
uiPermissions Optional	A list of names of UI components.

Property

Description

name
Required

A string containing the role name.

desc
Optional

A string containing a brief text description, for display on the Access Control "ROLES" panel.

permissions
Optional

A list of permissions, specified in JSON notation. See section Permissions for details.

uiPermissions
Optional

A list of names of UI components.

The following example describes a role with permissions to access Fusion Dashboards for collection "mdb1":

{
  "name":"view-dashboard-mdb1",
  "desc":"can access/use analytics dashboard \"mdb1\" but not allowed to change dashboard controls.",
  "permissions":[
    {"methods":["GET"],"path":"/solr/system_banana/*"},
    {"methods":["GET"],"path":"/solr/{id}/*","params":{"id":["mdb1"]}},
    {"methods":["GET"],"path":"/solr/{id}/admin/luke","params":{"id":["mdb1"]}},
    {"methods":["GET"],"path":"/collections/system_banana"}
  ],
  "uiPermissions":[
    "dashboards",
    "fields"
  ]
}

Examples

Get the details for the role with id '3416c03a-31df-4103-b446-358f6790af3e':

REQUEST

curl -u USERNAME:PASSWORD https://FUSION_HOST:8764/api/roles/3416c03a-31df-4103-b446-358f6790af3e

RESPONSE

{
  "id":"3416c03a-31df-4103-b446-358f6790af3e",
  "name":"search",
  "createdAt":"2016-03-09T20:01:48Z",
  "permissions":[
    {"methods":["GET"],"path":"/query-pipelines/*/collections/*/select"},
    {"methods":["GET"],"path":"/query-pipelines"},
    {"methods":["GET"],"path":"/solr/*/schema"},
    {"methods":["GET"],"path":"/prefs/apps/search/*"},
    {"methods":["GET"],"path":"/collections/**"},
    {"methods":["GET"],"path":"/solr/*/admin/luke"}
  ],
  "uiPermissions":[
    "search",
    "collections"
  ],
  "desc":"Provides read-only/required permissions for the Fusion Search UI."
}

Roles API

Create, Update or Delete Roles

Role Specification

Examples

API specification