Each resource contains a permissions sub-collection. Each permission contains a user, an assigned role and the specified resource. For example:
GET /rhevm-api/{collection}/{resource_id}/permissions HTTP/1.1
Accept: application/xml
HTTP/1.1 200 OK
Content-Type: application/xml
<permissions>
<permission id="{permission-id}"
href="/rhevm-api/{collection}/{resource_id}/permissions/{permission_id}">
<role id="{role_id}" href="/rhevm-api/roles/{role_id}"/>
<user id="{user_id}" href="/rhevm-api/users/{user_id}"/>
<{resource} id="{resource_id}" href="/rhevm-api/{collection}/{resource_id}"/>
</permission>
...
</permissions>
A resource acquires a new permission when POSTed to its permissions sub-collection. Each new permission requires a role and a user:
POST /rhevm-api/{collection}/{resource_id}/permissions HTTP/1.1
Accept: application/xml
<permission">
<role id="{role_id}"/>
<user id="{user_id}"/>
</permission>
HTTP/1.1 201 Created
Content-Type: application/xml
<permission id="{permission_id}"
href="/rhevm-api/resources/{id}/permissions/{permission_id}">
<role id="{role_id}" href="/rhevm-api/roles/{role_id}"/>
<user id="{user_id}" href="/rhevm-api/users/{user_id}"/>
<{resource} id="{resource_id}" href="/rhevm-api/{collection}/{resource_id}"/>
</permission>
