RBAC API v1

Use the role-based access control (RBAC) API v1 endpoints to manage users, directory service groups, roles, permissions, tokens, passwords, and LDAP and SAML connection settings.

  • Users endpoints

    With role-based access control (RBAC), you can manage local users and remote users (created on a directory service). Use the users endpoints to get lists of users, create local users, and delete, revoke, and reinstate users in PE.

  • User groups endpoints

    User groups allow you to quickly assign one or more roles to a set of users by placing all relevant users in the group. This is more efficient than assigning roles to each user individually. Use the groups endpoints to get lists of groups and add, delete, and change groups.

  • User roles endpoints

    User roles contain sets of permissions. When you assign a user (or a user group) to a role, you can assign the entire set of permissions at once. This is more organized and easier to manage than assigning individual permissions to individual users. Use the roles endpoints to manage roles.

  • Permissions endpoints

    You add permissions to roles to control what users can access and do in PE. Use the permissions endpoints to get information about objects you can create permissions for, what types of permissions you can create, and whether specific users can perform certain actions.

  • Tokens endpoints

    Authentication tokens control access to PE services. Use the auth/token and tokens endpoints to create tokens.

  • LDAP endpoints

    Use the v1 LDAP endpoints to test and configure LDAP directory service connections.

  • SAML endpoints

    Use the saml endpoints to configure SAML, retrieve SAML configuration details, and get the public certificate and URLs needed for configuration.

  • Passwords endpoints

    When local users forget their Puppet Enterprise (PE) passwords or lock themselves out of PE by attempting to log in with incorrect credentials too many times, you must generate a password reset token for them. Use the password endpoints to generate password reset tokens, use tokens to reset passwords, change the authenticated user's password, and validate potential user names and passwords.

  • Disclaimer endpoints

    Use these endpoints to modify the disclaimer text that appears on the Puppet Enterprise (PE) console login page.

Related information