rel="roles" link obtained from the entry point URI (see Chapter 4, Entry Point) provides access to a static set of system roles. Each individual role elements contain the following:
| Element | Type | Description | Properties |
|---|---|---|---|
id
| GUID | Globally unique identifier for this role |
|
name
| string | The role name (may be used as a more convenient identifier in any role-specific operations) |
|
description
| string | A free-text description of the role |
|
user
| complex | A reference to the associated user (only present in the context of the role represented being assigned to an individual user) |
GET /rhevm-api/roles HTTP/1.1
Accept: application/xml
HTTP/1.1 200 OK
Content-Type: application/xml
<roles>
<role id="00000000-0000-0000-0000-000000000001"
href="/rhevm-api/roles/00000000-0000-0000-0000-000000000001">
<name>SuperUser</name>
<description>Roles management administrator</description>
</role>
<role id="00000000-0000-0000-0001-000000000001"
href="/rhevm-api/roles/00000000-0000-0000-0001-000000000001">
<name>RHEVMUser</name>
<description>RHEVM user</description>
</role>
<role id="00000000-0000-0000-0001-000000000002"
href="/rhevm-api/roles/00000000-0000-0000-0001-000000000002">
<name>RHEVMPowerUser</name>
<description>RHEVM power user</description>
</role>
<role id="00000000-0000-0000-0001-000000000003"
href="/rhevm-api/roles/00000000-0000-0000-0001-000000000003">
<name>RHEVMVDIUser</name>
<description>RHEVM VDI user</description>
</role>
</roles>
POST, nor can a role be destroyed via DELETE on the collection.
permits, which are defined in capabilities. For more information on permits, see Section 7.2, “Permits”.
permits are listed as a sub-collection:
GET /rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits HTTP/1.1
Accept: application/xml
HTTP/1.1 200 OK
Content-Type: application/xml
<permits>
<permit id="1"
href="/rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits/1">
<name>CREATE_VM</name>
<administrative>false</administrative>
<role id="b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"
href="/rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"/>
</permit>
<permit id="4"
href="/rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits/4">
<name>VM_BASIC_OPERATIONS</name>
<administrative>false</administrative>
<role id="b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"
href="/rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"/>
</permit>
</permits>
permit is assigned to a role when POSTed to the permits sub-collection. Use either an id= attribute or a name element to specify the permit to assign. For example:
POST /rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits HTTP/1.1
Accept: application/xml
<permit id="1"/>
HTTP/1.1 201 Created
Content-Type: application/xml
<permits>
<permit id="1"
href="/rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits/1">
<name>CREATE_VM</name>
<administrative>false</administrative>
<role id="b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"
href="/rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"/>
</permit>
</permits>