rel="roles"
link obtained from the entry point URI (see Chapter 4, Entry Point) provides access to a static set of system roles. Each individual role
elements contain the following:
Element | Type | Description | Properties |
---|---|---|---|
id
| GUID | Globally unique identifier for this role | |
name
| string | The role name (may be used as a more convenient identifier in any role-specific operations) | |
description
| string | A free-text description of the role | |
user
| complex | A reference to the associated user (only present in the context of the role represented being assigned to an individual user) |
GET /rhevm-api/roles HTTP/1.1 Accept: application/xml HTTP/1.1 200 OK Content-Type: application/xml <roles> <role id="00000000-0000-0000-0000-000000000001" href="/rhevm-api/roles/00000000-0000-0000-0000-000000000001"> <name>SuperUser</name> <description>Roles management administrator</description> </role> <role id="00000000-0000-0000-0001-000000000001" href="/rhevm-api/roles/00000000-0000-0000-0001-000000000001"> <name>RHEVMUser</name> <description>RHEVM user</description> </role> <role id="00000000-0000-0000-0001-000000000002" href="/rhevm-api/roles/00000000-0000-0000-0001-000000000002"> <name>RHEVMPowerUser</name> <description>RHEVM power user</description> </role> <role id="00000000-0000-0000-0001-000000000003" href="/rhevm-api/roles/00000000-0000-0000-0001-000000000003"> <name>RHEVMVDIUser</name> <description>RHEVM VDI user</description> </role> </roles>
POST
, nor can a role be destroyed via DELETE
on the collection.
permits
, which are defined in capabilities
. For more information on permits
, see Section 7.2, “Permits”.
permits
are listed as a sub-collection:
GET /rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits HTTP/1.1 Accept: application/xml HTTP/1.1 200 OK Content-Type: application/xml <permits> <permit id="1" href="/rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits/1"> <name>CREATE_VM</name> <administrative>false</administrative> <role id="b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9" href="/rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"/> </permit> <permit id="4" href="/rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits/4"> <name>VM_BASIC_OPERATIONS</name> <administrative>false</administrative> <role id="b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9" href="/rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"/> </permit> </permits>
permit
is assigned to a role
when POST
ed to the permits
sub-collection. Use either an id=
attribute or a name
element to specify the permit
to assign. For example:
POST /rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits HTTP/1.1 Accept: application/xml <permit id="1"/> HTTP/1.1 201 Created Content-Type: application/xml <permits> <permit id="1" href="/rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits/1"> <name>CREATE_VM</name> <administrative>false</administrative> <role id="b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9" href="/rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"/> </permit> </permits>