circle-info
Webinar | The Great Database Exodus: Navigating Strategic Risk in the Post-Oracle MySQL Era
Watch Nowarrow-up-right
search
Download MariaDBContact Us

MaxScale Role Resource

Define and assign access roles. This resource allows you to manage permissions for MaxScale administrative users, controlling their access to API resources.

Admin roles represent a set of permissions that define which operations are allowed on the REST-API.

hashtag
Resource Operations

hashtag
Get role

GET /v1/role/:name

Get a single role. The :name in the URI must be a valid role name.

hashtag
Response

Status: 200 OK

{
    "data": {
        "attributes": {
            "permissions": [
                "admin",
                "edit",
                "view",
                "sql"
            ]
        },
        "id": "admin",
        "links": {
            "self": "http://localhost:8989/v1/roles/admin/"
        },
        "type": "roles"
    },
    "links": {
        "self": "http://localhost:8989/v1/roles/admin/"
    }
}

hashtag
Get all roles

Get all roles.

hashtag
Response

Status: 200 OK

hashtag
Create a role

Create a new role. The request body must define the following fields.

  • data.id

    • The role name

  • data.attributes.permissions

    • A JSON array of strings that define the permissions. Any permissions that are unknown are stored as extra user-defined permissions that are available in the /roles endpoint. These extra permissions can then be used by external systems or as a way to label account types.

The supported permissions are:

  • admin: Access to the administrative endpoints /users and /roles which are used to create new user accounts and roles.

  • edit: Write access to all endpoints that create objects except the administrative endpoints /users and /roles. This permission is required for creating, modifying or destroying objects via the REST-API.

  • sql: Read-only access to the /maxscale, /servers, /services and /listeners endpoints as well as full permissions on the /sql endpoint. This permission is needed by the Query Editor feature.

  • view: Read-only access to all endpoints except the administrative endpoints /users and /roles. This permission is required for most read-only operations in the GUI.

Here is an example request that defines a new role my-role that can view and edit objects but cannot use the Query Editor.

hashtag
Response

hashtag
Update a role

Update a role. Only the data.attributes.permissions field can be modified. Modifying a role requires administrative privileges.

Here is an example request body that updates the permissions of a role.

hashtag
Response

hashtag
Delete a role

The :name part of the URI must be a valid role name.

hashtag
Response

This page is licensed: CC BY-SA / Gnu FDL

spinner
PreviousMaxScale REST APINextMaxScale Server Resource

Last updated

Was this helpful?