Access settings IAM

Location path

Path in the assembly catalog

/era_env/priv/metadata/<SOLUTION>/iam.json

Overview

Access descriptor to REST-API (authorized and role-based). Additionally defines the composition of roles available for assignment to users and role applications.

The composition of roles and the endpoints and methods available to them is augmented by the roles and methods entered in the product/iam_all.json product asset.

Also available for the master domain (predefined soluton master).

Format:
[
  {
    "access": "authenticated" | "role",
    "role": "ROLE_NAME",
    "endpoints": [
       {
"url": str (for example "/rest/v1/iam/users"),
"methods: array<str> (for example, ["GET", "POST", "LOOKUP"])
       },
       ...
    ]
  },
  ...
]

For each item in the list, the access level is specified (access field), values:

  • authenticated – endpoint and methods available to any authorized user.

  • role – endpoint and methods available to users with a specific role. Additionally, a role is specified (role field), the role is specified arbitrarily. The specified roles will be available for assignment to users and role applications.

Each element contains a list of allowed endpoints (field "endpoints"), each endpoint in the list is specified as an object with fields:

  • "url" – relative path to endpoint, may contain wildcards: * - arbitrary path segment content, e.g. /abc/*/def, ** - arbitrary path termination, e.g. /abc/*.

  • "methods" – set of methods allowed for this endpoint. The methods may include HTTP-verbs (GET'’'), custom methods (LOOKUP'’'), and wildcard methods (``*'’'). All methods are listed in capital letters.

All methods and endpoints specified here set the filter to the full set of REST-API methods and endpoints implemented in the system. Non-existing methods and endpoints are ignored.

Example

Creates the users_reader role for the solicitation and gives it access to retrieve the user collection, retrieve the contents of user accounts, and retrieve the composition of user roles.

Example:
[
  {
    "access": "role",
    "role": "users_reader",
    "endpoints": [
      { "url": "/rest/v1/iam/users", "methods: ["GET"] },
      { "url": "/rest/v1/iam/users/*", "methods: ["GET"] },
      { "url": "/rest/v1/iam/roles", "methods": ["GET"] }
    ]
  }
]

See also

  • Personalization
  • Increase font size
  • Decrease font size