Permissions endpoints keys

These keys are used with the RBAC API v1 permissions endpoints.

Key Definition Example
object_type A string identifying what PE object type the permission applies to, such as node groups, users, roles, and so on. "node_groups"
action A string indicating the permitted action, such as viewing, editing, or creating. "modify_children"
actions An array representing multiple actions, formatted as JSON objects. Each JSON object contains:
  • name: The action's system name.
  • display_name: The action's name as it appears in the PE console.
  • description:
  • has_instances: Boolean indicating whether you can apply instance specification to this action. If false, you must supply "*" for the instance when including the action in a permission JSON object. Refer to instance for more information.
instance A string describing the scope of the permission.

To apply the permission to all instances of the specified object_type, use "*" to indicate all instances.

To limit the permission to specific instances of the specified object_type, supply the appropriate UUID, such as a specific node group ID or user ID.

For any object_type that doesn't allow instance specification, you must supply "*".
  • To permit all instances (or if the object_type doesn't support instance specification): "*"
  • To define a specific instance, supply a UUID as a string, such as: "cec7e830-555b-11e4-916c-0800200c9a66"
display_name A string containing the object_type name as it appears in the PE console. "Node Groups"
description A string describing an object_type. "Groups that nodes can be assigned to."
token In the POST /permitted endpoint, this is a string representing the UUID of a user or user group. "cec7e830-555b-11e4-916c-0800200c9a66"
You'll use object_type, action, and instance to build permissions. Use the GET /types endpoint to get values you can use for these keys when writing permissions. For object_type and action, you must use system names, not display names.

Related information