Roles API

Roles are groups of permissions that allow access to the UI and the REST APIs. See Roles for details.

Security Realms can be configured to use LDAP group membership to assign Roles to users. See the LDAP configuration instructions for details.

Create, Update or Delete Roles

The endpoint for this request can take the role ID as a request parameter:

/api/roles/<id>

The role ID string is generated by Fusion when the role is created.

A GET request returns the configured roles for a specific ID. If the ID is omitted from the path, all roles will be returned.

A POST request creates a new role. When creating a new role, the request path is /api/roles. If the role is created, the request returns the role ID.

A PUT request updates an existing role.

A DELETE request will remove the role configuration.

Role Specification

To create or update a Role via a POST or PUT request, the request body is a JSON object with the following attributes:

Property Description

name
Required

A string containing the role name.

desc
Optional

A string containing a brief text description, for display on the Access Control "ROLES" panel.

permissions
Optional

A list of permissions, specified in JSON notation. See section Permissions for details.

uiPermissions
Optional

A list of names of UI components.

The following example describes a role with permissions to access Fusion Dashboards for collection "mdb1":

{
  "name":"view-dashboard-mdb1",
  "desc":"can access/use analytics dashboard \"mdb1\" but not allowed to change dashboard controls.",
  "permissions":[
    {"methods":["GET"],"path":"/solr/system_banana/*"},
    {"methods":["GET"],"path":"/solr/{id}/*","params":{"id":["mdb1"]}},
    {"methods":["GET"],"path":"/solr/{id}/admin/luke","params":{"id":["mdb1"]}},
    {"methods":["GET"],"path":"/collections/system_banana"}
  ],
  "uiPermissions":[
    "dashboards",
    "fields"
  ]
}

Examples

Get the details for the role with id '3416c03a-31df-4103-b446-358f6790af3e':

REQUEST

curl -u user:pass http://localhost:8764/api/roles/3416c03a-31df-4103-b446-358f6790af3e

RESPONSE

{
  "id":"3416c03a-31df-4103-b446-358f6790af3e",
  "name":"search",
  "createdAt":"2016-03-09T20:01:48Z",
  "permissions":[
    {"methods":["GET"],"path":"/query-pipelines/*/collections/*/select"},
    {"methods":["GET"],"path":"/query-pipelines"},
    {"methods":["GET"],"path":"/solr/*/schema"},
    {"methods":["GET"],"path":"/prefs/apps/search/*"},
    {"methods":["GET"],"path":"/collections/**"},
    {"methods":["GET"],"path":"/solr/*/admin/luke"}
  ],
  "uiPermissions":[
    "search",
    "collections"
  ],
  "desc":"Provides read-only/required permissions for the Fusion Search UI."
}