User role (role)

Table of Contents

Description
Fields
See also
- API

Description

The role available for specifying in the list of user roles.
Allows you to bind access permissions to REST-API and websocket-API (routes) , as well as to role-based web applications to it (webapps).
The user assigned to the role has access to the specified APIs and web applications.
In particular with the help of user roles it is possible to form role models based on dynamic classes and their corresponding role applications.
Supports inheritance.

The entire set of roles with lists of groups and users to which they are assigned is available via the API roles_caches.

Fields

Entity structure

{
  "id": uuid,
  "name": str,
  "description": str,
  "parent_id": uuid,
  "routes": array<object>,
  "opts": {
    "title": str,
    "comment": str
  },
  "security": object,
  "ext": {
    "ct": date,
    "lwt": date
  }
}

Description of the specification’s characteristics

Table 1. Fields
Specification	Description
Field: `id` Mode: `inout` Type: `uuid` Default: generated	Identifier. Can be specified at creation, otherwise generated by the system.
Field: `name` Mode: `in` Type: `str` Default: required	Role Name (lowercase Latin).
Field: `description` Mode: `in` Type: `str` Default: empty	Description
Field: `parent_id` Mode: `in` Type: `str` Default: empty	Identifier of the base group whose settings are fully copied.
Field: `routes` Mode: `in` Type: `array<object>` Default: empty	List of allowed endpoints API. Set in a format similar to iam_all.json. Each item in the list represents an object: { "url": ..., "method": [...] } A specific endpoint must be specified as the url. Supported: "" - arbitrary value of the folder or item name; "" - arbitrary path in the remainder (only at the end of the path). Endpoints are differentiated within each collection: collections ("/rest/v1/model/my/test"); collection item ("/rest/v1/model/my/test/"); attachment or list box ("/rest/v1/model/my/test///" or "/rest/v1/model/my/test//propertyname"); attachments to the list box ("/rest/v1/model/my/test////\" or "/rest/v1/model/my/test//propertyname/\"). Or "/rest/v1/model/my/test/*" - all endpoints of the collection, except the endpoint of the collection itself. Methods: "GET", "POST", "PUT", "PATCH", "DELETE", "LOOKUP", "HEAD", "CLEAR", "", "WEBSOCKET". There are other non-standard methods for specific endpoints. For example, the "INVITEBYIVR" method is used to create a call on behalf of an IVR. These are listed in the API description of specific endpoints. Such methods are included in "" or should be specified separately. The "WEBSOCKET" method is used to provide access to various websocket APIs. The specific API module is specified behind the hash in the "url" (see example below). Example: [ { "url": "/rest/v1/model/my/test", "methods": ["GET","CLEAR"] }, { "url": "/rest/v1/model/my/test/", "methods": ["GET","PUT","PATCH","DELETE"] }, { "url": "/rest/v1/model/my/test/*", "methods": [""] }, { "url": "/ws#subscr", "methods": ["WEBSOCKET"] } ]
Field: `webapps` Mode: `in` Type: `array` Default: empty	List of nested user groups. Defined by identifiers. Through the API it is supported to specify group codes at creation, automatically expanded into identifiers.
Field: `opts` Mode: `in` Type: `object` Composite field
Field: `opts.title` Mode: `in` Type: `str` Default: empty	Arbitrary header
Field: `opts.comment` Mode: `in` Type: `empty` Default: "	Arbitrary comment
Field: `security` Mode: `inout` Type: `object` Compound field	Allows you to extend the compound with arbitrary keys and values.
Field: `ext` Mode: `inout` Type: `object` Compound field	Allows you to extend the compound with arbitrary keys and values.
Field: `ext.ct` Mode: `out` Type: `date` Default: generated	Object creation time
Field: `ext.lwt` Mode: `out` Type: `date` Default: generated	Time of last modification of the object

User role (role)

Description

Fields

See also

API