Product SiteDocumentation Site

Chapter 17. Roles

17.1. Permits Sub-Collection
The rel="roles" link obtained from the entry point URI (see Chapter 4, Entry Point) provides access to a static set of system roles. Each individual role elements contain the following:

Element property icons

The icons used in the properties column of this table are described in Table 8.1, “Element property icons”
Element Type Description Properties
id GUID Globally unique identifier for this role
name string The role name (may be used as a more convenient identifier in any role-specific operations)
description string A free-text description of the role
user complex A reference to the associated user (only present in the context of the role represented being assigned to an individual user)
Example 17.1. An XML representation of the roles collection
GET /rhevm-api/roles HTTP/1.1
Accept: application/xml

HTTP/1.1 200 OK
Content-Type: application/xml

<roles>
    <role id="00000000-0000-0000-0000-000000000001"
      href="/rhevm-api/roles/00000000-0000-0000-0000-000000000001">
        <name>SuperUser</name>
        <description>Roles management administrator</description>
    </role>
    <role id="00000000-0000-0000-0001-000000000001"
      href="/rhevm-api/roles/00000000-0000-0000-0001-000000000001">
        <name>RHEVMUser</name>
        <description>RHEVM user</description>
    </role>
    <role id="00000000-0000-0000-0001-000000000002"
      href="/rhevm-api/roles/00000000-0000-0000-0001-000000000002">
        <name>RHEVMPowerUser</name>
        <description>RHEVM power user</description>
    </role>
    <role id="00000000-0000-0000-0001-000000000003"
      href="/rhevm-api/roles/00000000-0000-0000-0001-000000000003">
        <name>RHEVMVDIUser</name>
        <description>RHEVM VDI user</description>
    </role>
</roles>

Note

Because the global roles form a static set in Red Hat Enterprise Virtualization Manager 2.2, the usual collection idioms are not followed in this case, i.e. a new role cannot be created via POST, nor can a role be destroyed via DELETE on the collection.

17.1. Permits Sub-Collection

Each role contains a set of allowable actions, or permits, which are defined in capabilities. For more information on permits, see Section 7.2, “Permits”.
A role's permits are listed as a sub-collection:
GET /rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits HTTP/1.1
Accept: application/xml

HTTP/1.1 200 OK
Content-Type: application/xml

<permits>
    <permit id="1"
      href="/rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits/1">
        <name>CREATE_VM</name>
        <administrative>false</administrative>
        <role id="b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"
          href="/rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"/>
    </permit>
    <permit id="4"
      href="/rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits/4">
        <name>VM_BASIC_OPERATIONS</name>
        <administrative>false</administrative>
        <role id="b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"
          href="/rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"/>
    </permit>
</permits>
A permit is assigned to a role when POSTed to the permits sub-collection. Use either an id= attribute or a name element to specify the permit to assign. For example:
POST /rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits HTTP/1.1
Accept: application/xml

<permit id="1"/>

HTTP/1.1 201 Created
Content-Type: application/xml

<permits>
    <permit id="1"
      href="/rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9/permits/1">
        <name>CREATE_VM</name>
        <administrative>false</administrative>
        <role id="b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"
          href="/rhevm-api/roles/b67dfbe2-0dbc-41e4-86d3-a2fbef02cfa9"/>
    </permit>
</permits>