RBAC Service (3.7.0)

Download OpenAPI specification:Download

This is the spec that defines the API provided by the application to validate authorization for the passed role

RBAC

Validate authorization

Validates authorization for the role

Authorizations:
bearerAuth
query Parameters
roles
required
Array of strings non-empty unique

One or more role names passed from the northbound API

method
required
string

Method passed from the northbound API

path
required
string

Path passed from the northbound API

Responses

Response samples

Content type
application/json
{
  • "code": 0,
  • "message": "message"
}

Get Role

Get specific role defined in EFA

Authorizations:
bearerAuth
query Parameters
role_name
required
string

Name of the role to be queried

Responses

Response samples

Content type
application/json
{
  • "role-name": "SecurityAdmin",
  • "description": "Performs user management, PKI and key management operations in the system"
}

Get Roles

Get all roles defined in EFA

Authorizations:
bearerAuth
query Parameters
include_internal
boolean

To include the internal roles in the response

Responses

Response samples

Content type
application/json
{
  • "role-list": "{role-list:[{role-name:FabricAdmin,description:Registers devices to fabric...},{role-name:SecurityAdmin,description:Performs user management, PKI and key management operations in the system.}...}]}"
}

Get Permissions

Get the user view permissions of a user

Authorizations:
bearerAuth

Responses

Response samples

Content type
application/json
{
  • "roles": [
    ],
  • "deployment-type": "fabric",
  • "skip-check": "string",
  • "permission-list": "string"
}

RBAC-Tenant

Validate authorization for tenant

Validates tenant authorization for the role

Authorizations:
bearerAuth
query Parameters
roles
required
Array of strings non-empty unique

One or more role names passed from the northbound API

tenant-name
string

Tenant name passed from the northbound API

method
required
string

Method passed from the northbound API

path
required
string

Path passed from the northbound API

Responses

Response samples

Content type
application/json
{
  • "code": 0,
  • "message": "message"
}

Get tenants authorized for a dynamic role

Get list of all tenants authorized for the given dynamic role. For static roles, the list will be empty.

Authorizations:
bearerAuth
query Parameters
roles
required
Array of strings non-empty unique

One or more role names passed from the northbound API

Responses

Response samples

Content type
application/json
"{accessible: specific, tenants:[{tenant-one, tenant-two}]}"

Trouble Shooting

getExecutionDetail

Get the detailed output of the given execution ID

Authorizations:
bearerAuth
query Parameters
id
required
string

Detailed output of the given execution ID

Responses

Response samples

Content type
application/json
{
  • "start_time": "2000-01-23T04:56:07.000+00:00",
  • "end_time": "2000-01-23T04:56:07.000+00:00",
  • "id": "id",
  • "parameters": "configure add",
  • "logs": "logs",
  • "command": "configure add",
  • "status": "Failed, Succeeded"
}

deleteExecutions

This API will delete the execution entries older than specific number of days

Authorizations:
bearerAuth
query Parameters
days_older_by
required
integer
Default: 30

Deletes execution entries older than specified number of days

Responses

Response samples

Content type
application/json
{
  • "code": 0,
  • "message": "message"
}

getExecutionList

Get the list of all the previous executions

Authorizations:
bearerAuth
query Parameters
limit
required
integer
Default: 10

Limit the number of executions that will be sent in the response. Default is 10

status
string
Default: "all"

Filter the executions based on the status(failed/succeeded/all)

Responses

Response samples

Content type
application/json
{
  • "items": [
    ]
}