MaxScale Role Resource
Admin roles represent a set of permissions that define which operations are allowed on the REST-API.
Resource Operations
Get role
GET /v1/role/:nameGet a single role. The :name in the URI must be a valid role name.
Response
Status: 200 OK
{
"data": {
"attributes": {
"permissions": [
"admin",
"edit",
"view",
"sql"
]
},
"id": "admin",
"links": {
"self": "http://localhost:8989/v1/roles/admin/"
},
"type": "roles"
},
"links": {
"self": "http://localhost:8989/v1/roles/admin/"
}
}Get all roles
GET /v1/rolesGet all roles.
Response
Status: 200 OK
{
"data": [
{
"attributes": {
"permissions": [
"edit",
"view",
"sql"
]
},
"id": "editor",
"links": {
"self": "http://localhost:8989/v1/roles/editor/"
},
"type": "roles"
},
{
"attributes": {
"permissions": [
"admin",
"edit",
"view",
"sql"
]
},
"id": "admin",
"links": {
"self": "http://localhost:8989/v1/roles/admin/"
},
"type": "roles"
},
{
"attributes": {
"permissions": [
"sql"
]
},
"id": "sql",
"links": {
"self": "http://localhost:8989/v1/roles/sql/"
},
"type": "roles"
},
{
"attributes": {
"permissions": [
"view",
"sql"
]
},
"id": "basic",
"links": {
"self": "http://localhost:8989/v1/roles/basic/"
},
"type": "roles"
}
],
"links": {
"self": "http://localhost:8989/v1/roles/"
}
}Create a role
POST /v1/rolesCreate a new role. The request body must define the following fields.
data.idThe role name
data.attributes.permissionsA JSON array of strings that define the permissions. Any permissions that are unknown are stored as extra user-defined permissions that are available in the
/rolesendpoint. These extra permissions can then be used by external systems or as a way to label account types.
The supported permissions are:
admin: Access to the administrative endpoints/usersand/roleswhich are used to create new user accounts and roles.edit: Write access to all endpoints that create objects except the administrative endpoints/usersand/roles. This permission is required for creating, modifying or destroying objects via the REST-API.sql: Read-only access to the/maxscale,/servers,/servicesand/listenersendpoints as well as full permissions on the/sqlendpoint. This permission is needed by the Query Editor feature.view: Read-only access to all endpoints except the administrative endpoints/usersand/roles. This permission is required for most read-only operations in the GUI.
Here is an example request that defines a new role my-role that can view and edit objects but cannot use the Query Editor.
{
"data": {
"id": "my-role",
"attributes": {
"permissions": ["view", "edit"]
}
}
}Response
Status: 204 No ContentUpdate a role
PATCH /v1/roles/:nameUpdate a role. Only the data.attributes.permissions field can be modified. Modifying a role requires administrative privileges.
Here is an example request body that updates the permissions of a role.
{
"data": {
"attributes": {
"permissions": ["view, "edit"]
}
}
}Response
Status: 204 No ContentDelete a role
DELETE /v1/roles/:nameThe :name part of the URI must be a valid role name.
Response
Status: 204 No ContentThis page is licensed: CC BY-SA / Gnu FDL
Last updated
Was this helpful?