Role management

it is necessary to add to the different users roles and to give them an available permissions.

Working with roles and permissions via DCM API you have the following opportunities:

Get available permissions

Get available permission

get

Get available permission

Path parameters

counterparty_guidstringRequired

Counterparty GUID

Responses

200

application/json

400

json with error msg

application/json

get

GET /api/v1/counterparty/{counterparty_guid}/rbac/permission HTTP/1.1
Host: [url_host]
Accept: */*

{
  "permissions": [
    "text"
  ]
}

Add permission to role

Add role permission

post

Add role permission

Path parameters

counterparty_guidstringRequired

Counterparty GUID

Body

permission_guidstringOptional

permission_guid that you get as a response to endpoint Permissions titles/Get permissions

role_namestringOptional

role name

Responses

200

application/json

Responseobject

400

json with error msg

application/json

post

POST /api/v1/counterparty/{counterparty_guid}/rbac/permission HTTP/1.1
Host: [url_host]
Content-Type: application/json
Accept: */*
Content-Length: 45

{
  "permission_guid": "text",
  "role_name": "text"
}

{}

Remove role permission

delete

Remove role permission

Path parameters

counterparty_guidstringRequired

Counterparty GUID

Body

permission_guidstringOptional

guid of permission that you need to remove from an employee

role_namestringOptional

role's name

Responses

200

application/json

Responseobject

400

json with error msg

application/json

delete

DELETE /api/v1/counterparty/{counterparty_guid}/rbac/permission HTTP/1.1
Host: [url_host]
Content-Type: application/json
Accept: */*
Content-Length: 45

{
  "permission_guid": "text",
  "role_name": "text"
}

{}

Get roles with permissions for table

get

Get roles with permissions for table

Path parameters

counterparty_guidstringRequired

Counterparty GUID

Responses

200

application/json

400

json with error msg

application/json

get

GET /api/v1/counterparty/{counterparty_guid}/rbac/permission/table HTTP/1.1
Host: [url_host]
Accept: */*

{
  "roles": [
    "text"
  ],
  "rows": [
    {
      "group_lang_key": "text",
      "group_name": "text",
      "permissions": [
        {
          "guid": "text",
          "name": "text",
          "name_lang_key": "text",
          "roles": [
            {
              "allowed": true,
              "name": "text"
            }
          ],
          "sort_number": 1
        }
      ],
      "sort_number": 1
    }
  ]
}

Get roles list

get

Get roles list

Path parameters

counterparty_guidstringRequired

Counterparty GUID

Responses

200

application/json

400

json with error msg

application/json

get

GET /api/v1/counterparty/{counterparty_guid}/rbac/role HTTP/1.1
Host: [url_host]
Accept: */*

[
  {
    "roles": [
      "text"
    ]
  }
]

Create role

Create Role

post

Create Role

Path parameters

counterparty_guidstringRequired

Counterparty GUID

Body

role_namestringOptional

role's name

Responses

200

application/json

Responseobject

400

json with error msg

application/json

post

POST /api/v1/counterparty/{counterparty_guid}/rbac/role HTTP/1.1
Host: [url_host]
Content-Type: application/json
Accept: */*
Content-Length: 20

{
  "role_name": "text"
}

{}

Delete role

Delete Role

delete

Delete Role

Path parameters

counterparty_guidstringRequired

Counterparty GUID

Body

role_namestringOptional

the name of the role that need to remove

Responses

200

application/json

Responseobject

400

json with error msg

application/json

delete

DELETE /api/v1/counterparty/{counterparty_guid}/rbac/role HTTP/1.1
Host: [url_host]
Content-Type: application/json
Accept: */*
Content-Length: 20

{
  "role_name": "text"
}

{}

Good to know: You can't delete the role "Administrator".

Get scopes

get

Get scopes

Path parameters

counterparty_guidstringRequired

Counterparty GUID

Responses

200

application/json

400

json with error msg

application/json

get

GET /api/v1/counterparty/{counterparty_guid}/rbac/scope HTTP/1.1
Host: [url_host]
Accept: */*

{
  "scopes": [
    "text"
  ]
}

Get users list

get

Get users list

Path parameters

counterparty_guidstringRequired

Counterparty GUID

Query parameters

role_namestringOptional

role name (string)

limitstringOptional

limit (int64)

page_tokenstringOptional

page token (int64)

Responses

200

application/json

400

json with error msg

application/json

get

GET /api/v1/counterparty/{counterparty_guid}/rbac/user HTTP/1.1
Host: [url_host]
Accept: */*

[
  {
    "page_token": "text",
    "users": [
      {
        "guid": "text",
        "role_name": "text"
      }
    ]
  }
]

Add user to role

post

Add user to role

Path parameters

counterparty_guidstringRequired

Counterparty GUID

Body

role_namestringOptional

role name for the user

user_guidstringOptional

id of the user you add role to

Responses

200

application/json

Responseobject

400

json with error msg

application/json

post

POST /api/v1/counterparty/{counterparty_guid}/rbac/user HTTP/1.1
Host: [url_host]
Content-Type: application/json
Accept: */*
Content-Length: 39

{
  "role_name": "text",
  "user_guid": "text"
}

{}

Remove user from role

delete

Remove user from role

Path parameters

counterparty_guidstringRequired

Counterparty GUID

Body

role_namestringOptional

role's name

user_guidstringOptional

a user you remove the role from

Responses

200

application/json

Responseobject

400

json with error msg

application/json

delete

DELETE /api/v1/counterparty/{counterparty_guid}/rbac/user HTTP/1.1
Host: [url_host]
Content-Type: application/json
Accept: */*
Content-Length: 39

{
  "role_name": "text",
  "user_guid": "text"
}

{}

Get all available permission titles

To get the list of all available permissions for the roles you should use this endpoint.

Good to know: Permission titles are used to handle permissions and roles, converting them into a readable format. This endpoint is designed to simplify the understanding and management of permissions by providing a clear understanding of each permission and role. They help translate complex permission structures into user-friendly terms, making it easier for users to comprehend and assign appropriate access levels.

Get permissions

get

Get permissions

Query parameters

guidsstring[]Optional

permissions GUIDs (uuid)

keto_kindsstring[]Optional

keto kinds (string)

keto_permission_namesstring[]Optional

keto permissions (string)

keto_scope_namesstring[]Optional

scope names (string)

offsetintegerOptional

Offset

limitintegerOptional

Limit

orderingstring · enumOptional

Ordering

Possible values:

Responses

200

application/json

400

json with error msg

application/json

get

GET /api/v1/permissions/keto HTTP/1.1
Host: [url_host]
Accept: */*

[
  {
    "created_at": "text",
    "default_group_name": "text",
    "default_name": "text",
    "group_lang_key": "text",
    "group_sort_number": 1,
    "guid": "text",
    "keto_kind": "branch",
    "keto_permission_name": "text",
    "keto_scope_name": "text",
    "name_lang_key": "text",
    "name_sort_number": 1,
    "updated_at": "text"
  }
]

Create permissions

create keto permissions

post

create keto permissions

Body

default_group_namestringOptional

if group_lang_key not found in translation, use it as default

default_namestringOptional

if name_lang_key not found in translation, use it as default

group_lang_keystringOptional

key for translation table, where find name of group for permissions

group_sort_numberintegerOptional

sorting order for group among all groups

guidstringOptional

if empty its generate random guid

keto_kindall ofOptional

the kind of keto looking for permissions

string · enumOptionalPossible values:

keto_permission_namestringOptional

name of keto permission, for now it POST, GET, PUT etc; Its may be anything in future

keto_scope_namestringOptional

the name of scope for permission, for now it endpoint group, ex: accounts, customers, payments; No longer than 64 characters

name_lang_keystringOptional

key for translation table, where find name of permission

name_sort_numberintegerOptional

sorting order for permission under the group

Responses

200

application/json

400

json with error msg

application/json

post

POST /api/v1/permissions/keto HTTP/1.1
Host: [url_host]
Content-Type: application/json
Accept: */*
Content-Length: 231

{
  "default_group_name": "text",
  "default_name": "text",
  "group_lang_key": "text",
  "group_sort_number": 1,
  "guid": "text",
  "keto_kind": "branch",
  "keto_permission_name": "text",
  "keto_scope_name": "text",
  "name_lang_key": "text",
  "name_sort_number": 1
}

{
  "guid": "text"
}

PreviousHow to add a user to a role NextCustomer

Last updated 1 year ago