Permissions

Please note that API 1.5 does not support operations on Governance Groups or Orgs and only allows management of the following CM Roles: admin, actor, observer, aws_architect, publisher, designer, signup_wiz, enterprise_manager, server_login, library, security_manager, instance, server_superuser, infrastructure, ss_end_user, ss_designer, ss_observer Moreover, this API allows management of only roles granted directly on an account, to an individual user.

Actions

• index
• show
• create
• destroy

index

List all permissions for all users of the current account.

URLs

GET /api/permissions

HTTP response code

200 OK

Content-type

application/vnd.rightscale.permission;type=collection

Required roles

• admin

Parameters

Filters

Example Responses

[{
  "role_title": "observer",
  "created_at": null,
  "links": [
    {"rel":"self","href":"/api/permissions/888-observer"},
    {"rel":"account","href":"/api/accounts/560182816"},
    {"rel":"user","href":"/api/users/888"}
  ],
  "actions": [

  ]
},{
  "role_title": "observer",
  "created_at": null,
  "links": [
    {"rel":"self","href":"/api/permissions/888-observer"},
    {"rel":"account","href":"/api/accounts/560182816"},
    {"rel":"user","href":"/api/users/888"}
  ],
  "actions": [

  ]
}]

<?xml version="1.0" encoding="UTF-8"?>
<permissions>
  <permission>
    <role_title>observer</role_title>
    <created_at/>
    <links>
      <link rel="self" href="/api/permissions/888-observer"/>
      <link rel="account" href="/api/accounts/560182816"/>
      <link rel="user" href="/api/users/888"/>
    </links>
    <actions/>
  </permission>
  <permission>
    <role_title>observer</role_title>
    <created_at/>
    <links>
      <link rel="self" href="/api/permissions/888-observer"/>
      <link rel="account" href="/api/accounts/560182816"/>
      <link rel="user" href="/api/users/888"/>
    </links>
    <actions/>
  </permission>
</permissions>

show

Show information about a single permission.

URLs

GET /api/permissions/:id

HTTP response code

200 OK

Content-type

application/vnd.rightscale.permission

Required roles

• admin

Example Responses

{
  "role_title": "observer",
  "created_at": null,
  "links": [
    {"rel":"self","href":"/api/permissions/888-observer"},
    {"rel":"account","href":"/api/accounts/560182816"},
    {"rel":"user","href":"/api/users/888"}
  ],
  "actions": [

  ]
}

<?xml version="1.0" encoding="UTF-8"?>
<permission>
  <role_title>observer</role_title>
  <created_at/>
  <links>
    <link rel="self" href="/api/permissions/888-observer"/>
    <link rel="account" href="/api/accounts/560182816"/>
    <link rel="user" href="/api/users/888"/>
  </links>
  <actions/>
</permission>

create

Create a permission, thereby granting some user a particular role with respect to the current account.

The 'observer' role has a special status; it must be granted before a user is eligible for any other permission in a given account.

When provisioning users, always create the observer permission FIRST; creating any other permission before it will result in an error.

For more information about the roles available and the privileges they confer, please refer to the following page of the RightScale support portal: http://support.rightscale.com/15-References/Lists/List_of_User_Roles

URLs

POST /api/permissions

HTTP response code

201 Created

Location

Href of created Permission.

Required roles

• admin

Parameters

destroy

Destroy a permission, thereby revoking a user's role with respect to the current account.

The 'observer' role has a special status; it cannot be revoked if a user has any other roles, because other roles become useless without being able to read data pertaining to the account.

When deprovisioning user, always destroy the observer permission LAST; destroying it while the user has other permissions will result in an error.

URLs

DELETE /api/permissions/:id

HTTP response code

204 No Content

Required roles

• admin