Roles API in Wasabi AiR

20 May 2024
3 Minutes to read

Roles API in Wasabi AiR

Updated on 20 May 2024
3 Minutes to read

Article summary

Did you find this summary helpful?

Thank you for your feedback

The Roles API enables you to control role-based access control (RBAC).

Listing Roles

GET /api/data/roles

Response

{
    "roles": [
        {
            "description": "Users in this role only have access to view metadata in the platform",
            "id": "67779468b22af637e2dd6a26abcd1234",
            "name": "Read Only"
        },
        {
            "description": "Super Administrator Role",
            "id": "67779468b22af637e2dd6a2616264b6c",
            "name": "Super Admin"
        }
    ]
}

roles[].description - (string) A human-readable description of the role.
roles[].id - (string) The ID of the role.
roles[].name - (string) A human-readable display name of the role.

Retrieving a Role

GET /api/data/roles/{id}

{id} - (string) The ID of the role to get.

Response

{
    "description": "Users in this role only have access to view metadata in the platform",
    "id": "67779468b22af637e2dd6a26abcd1234",
    "name": "Read Only",
    "scopes": [
        "scopeA",
        "scopeB"
    ]
}

description - (string) A human-readable description of the role.
id - (string) The ID of the role.
name - (string) A human-readable display name of the role.
scopes[] - (string) A list of scopes that belong to this role.

Creating a Role

POST /api/data/roles

{
    "description": "Users in this role only have access to view metadata in the platform",
    "name": "Read Only",
    "scopes": [
        "scopeA",
        "scopeB"
    ]
}

description - (string) A human-readable description of the role.
id - (string) The ID of the role.
name - (string) A human-readable display name of the role.
scopes[] - (string) Optional. A list of scopes that belong to this role.

Response

The response is 201 with the Role object:

{
    "description": "Users in this role only have access to view metadata in the platform",
    "id": "5b108fd38dc67a7042c93cb073333207",
    "name": "Read Only",
    "scopes": [
        "scopeA",
        "scopeB"
    ]
}

Deleting a Role

DELETE /api/data/roles/{id}

{id} - (string) The ID of the role to delete.

For the role to be deleted, it must not be assigned to any users.

Viewing Users Assigned to a Role

GET /api/data/roles/{id}/users

{id} - (string) The ID of the role from which to get users.

Response

The response is 200 with an array of Users objects:

[
    {
        "admin": false,
        "avatar": "",
        "company_uid": "",
        "created_at": "2018-06-01T00:00:00Z",
        "email": "a@example.com",
        "enabled": true,
        "first_name": "User",
        "groups": {
            "count": 0,
            "shortlist": null
        },
        "id": "5b116ed9a5c3f50e3c2d87cf70f5df3d",
        "last_name": "A",
        "role_id": "5b108fd38dc67a7042c93cb073333207",
        "updated_at": "2018-06-01T16:05:45.254213Z"
    },
    {
        "admin": false,
        "avatar": "",
        "company_uid": "",
        "created_at": "2018-06-01T00:00:00Z",
        "email": "b@example.com",
        "enabled": true,
        "first_name": "User",
        "groups": {
            "count": 0,
            "shortlist": null
        },
        "id": "5b116ee42da0fef4ff08f719fe0a4a34",
        "last_name": "B",
        "role_id": "5b108fd38dc67a7042c93cb073333207",
        "updated_at": "2018-06-01T16:05:56.882066Z"
    }
]

Refer to the Users and Groups API for a detailed description of each field on the User objects.

Listing Available Scopes

GET /api/data/roles/scopes

Response

The response is 200 with an array of ScopeGroup objects:

[
    {
        "name": "Comments",
        "scopes": [
            {
                "display_name": "Create Comments",
                "name": "comment:create"
            },
            {
                "display_name": "Read Comments",
                "name": "comment:get"
            }
        ],
        "sort_order": 0
    },
    {
        "name": "Items",
        "scopes": [
            {
                "display_name": "Delete Items",
                "name": "item:delete"
            },
            {
                "display_name": "Download Items",
                "name": "item:download"
            }
        ],
        "sort_order": 0
    },
    ...
]

[].name - (string) A human-readable name of the scope group.
[].sort_order - (integer) A value indicating the sort order of the scope group.
[].scopes[].display_name - (string) A human-readable name/description of the scope.
[].scopes[].name - (string) The name of the scope. This is the string to use when adding/removing scopes to/from roles.

Adding One or More Scopes to an Existing Role

POST /roles/{id}

{id} - (string) The ID of the role to which to add the scopes.

{
    "scopes": [
        "scopeA",
        "scopeB"
    ]
}

scopes[] - (string) A list of scopes to add to this role.

Response

The response is 200 with the Role object:

{
    "description": "Users in this role only have access to view metadata in the platform",
    "id": "5b108fd38dc67a7042c93cb073333207",
    "name": "Read Only",
    "scopes": [
        "scopeA",
        "scopeB",
        "scopeC"
    ]
}

Removing One or More Scopes From a Role

DELETE /roles/{id}/{scopes}

{id} - (string) The ID of the role from which to remove the scopes.
{scopes} - (string) A comma-delimited list of scopes to remove from the scope.

For example: DELETE /roles/5b108fd38dc67a7042c93cb073333207/scopeB,scopeC

Response

The response is 200 with the Role object:

{
    "description": "Users in this role only have access to view metadata in the platform",
    "id": "5b108fd38dc67a7042c93cb073333207",
    "name": "Read Only",
    "scopes": [
        "scopeA"
    ]
}

What's Next

Search in Wasabi AiR

Table of contents

Listing Roles
Retrieving a Role
Creating a Role
Deleting a Role
Viewing Users Assigned to a Role
Listing Available Scopes
Adding One or More Scopes to an Existing Role
Removing One or More Scopes From a Role