Cloud Management API 1.5

Permissions

Please note that API 1.5 does not support operations on Governance Groups or Orgs and only allows management of the following CM Roles: admin, actor, observer, aws_architect, publisher, designer, billing, signup_wiz, enterprise_manager, server_login, library, security_manager, instance, server_superuser, infrastructure, ss_end_user, ss_designer, ss_observer Moreover, this API allows management of only roles granted directly on an account, to an individual user.

Actions

index

List all permissions for all users of the current account.

URLs
GET /api/permissions
HTTP response code
200 OK
Content-type
application/vnd.rightscale.permission;type=collection

Required roles

Parameters

name required type values regexp blank? description
filter no Array * * no See below for valid filter parameters.

Filters

name partial_match? description
user_href no Href of the user

Example Responses

Click on a format below to see an example response:

JSON XML
[{
  "role_title": "observer",
  "created_at": null,
  "links": [
    {"rel":"self","href":"/api/permissions/888-observer"},
    {"rel":"account","href":"/api/accounts/524052047"},
    {"rel":"user","href":"/api/users/888"}
  ],
  "actions": [

  ]
},{
  "role_title": "observer",
  "created_at": null,
  "links": [
    {"rel":"self","href":"/api/permissions/888-observer"},
    {"rel":"account","href":"/api/accounts/524052047"},
    {"rel":"user","href":"/api/users/888"}
  ],
  "actions": [

  ]
}]
<?xml version="1.0" encoding="UTF-8"?>
<permissions>
  <permission>
    <role_title>observer</role_title>
    <created_at/>
    <links>
      <link rel="self" href="/api/permissions/888-observer"/>
      <link rel="account" href="/api/accounts/524052047"/>
      <link rel="user" href="/api/users/888"/>
    </links>
    <actions/>
  </permission>
  <permission>
    <role_title>observer</role_title>
    <created_at/>
    <links>
      <link rel="self" href="/api/permissions/888-observer"/>
      <link rel="account" href="/api/accounts/524052047"/>
      <link rel="user" href="/api/users/888"/>
    </links>
    <actions/>
  </permission>
</permissions>

show

Show information about a single permission.

URLs
GET /api/permissions/:id
HTTP response code
200 OK
Content-type
application/vnd.rightscale.permission

Required roles

Example Responses

Click on a format below to see an example response:

JSON XML
{
  "role_title": "observer",
  "created_at": null,
  "links": [
    {"rel":"self","href":"/api/permissions/888-observer"},
    {"rel":"account","href":"/api/accounts/524052047"},
    {"rel":"user","href":"/api/users/888"}
  ],
  "actions": [

  ]
}
<?xml version="1.0" encoding="UTF-8"?>
<permission>
  <role_title>observer</role_title>
  <created_at/>
  <links>
    <link rel="self" href="/api/permissions/888-observer"/>
    <link rel="account" href="/api/accounts/524052047"/>
    <link rel="user" href="/api/users/888"/>
  </links>
  <actions/>
</permission>

create

Create a permission, thereby granting some user a particular role with respect to the current account.

The 'observer' role has a special status; it must be granted before a user is eligible for any other permission in a given account.

When provisioning users, always create the observer permission FIRST; creating any other permission before it will result in an error.

For more information about the roles available and the privileges they confer, please refer to the following page of the RightScale support portal: http://support.rightscale.com/15-References/Lists/List_of_User_Roles

URLs
POST /api/permissions
HTTP response code
201 Created
Location
Href of created Permission.

Required roles

Parameters

name required type values regexp blank? description
permission yes Hash * * no
permission[role_title] yes String * * no
permission[user_href] yes String * * no

destroy

Destroy a permission, thereby revoking a user's role with respect to the current account.

The 'observer' role has a special status; it cannot be revoked if a user has any other roles, because other roles become useless without being able to read data pertaining to the account.

When deprovisioning user, always destroy the observer permission LAST; destroying it while the user has other permissions will result in an error.

URLs
DELETE /api/permissions/:id
HTTP response code
204 No Content

Required roles