Managing Permissions with APIs

The following section describes the RemoteAuthorizationManager API and the operations that come with it.

Permissions can be assigned to user roles. The permission is an authorization to perform a specific action on a resource. For instance, a user role can have permission (i.e., authorization) to add and delete (i.e., actions) service providers (i.e., the resource). The following set of actions can be performed on a resource.

get
add
delete
edit
login

man_config
man_lc_config
man_sec
up_serv
man_serv
man_media

mon_sys
del_id
authorize
inv_ser
ui_execute

subscribe
publish
consume
change_permission
browse

sqs_send_message
sqs_receive_message
sqs_delete_message
sqs_change_message_visibility
sqs_get_queue_attributes

The following operations are available in this API:

authorizeRole

This function authorizes the given role to perform the specified action on the given resource.

Input parameters

Parameter	Description
roleName	The name of the role (e.g., "role1")
resourceId	The resource path (e.g., "/permission/admin/login")
action	The action name of the action to be performed on the resource (e.g., "ui.execute")

clearAllRoleAuthorization

This function clears all authorizations of the role.

Input parameters

Parameter	Description
roleName	The name of the role (e.g., "role1")

clearResourceAuthorizations

This function clears all the authorizations for the given resource.

Input parameters

Parameter	Description
resourceId	The resource path (e.g., "/permission/admin/login")

clearRoleActionOnAllResources

This function removes the authorization from the role to perform the specified action on all the resources.

Input parameters

Parameter	Description
action	The action name of the action to be performed on the resource (e.g., "ui.execute")

clearRoleAuthorization

This function clear the authorization of the specified role to perform the given action on the resource.

Input parameters

Parameter	Description
roleName	The name of the role (e.g., "role1")
resourceId	The resource path (e.g., "/permission/admin/login")
action	The action name of the action to be performed on the resource (e.g., "ui.execute")

denyRole

This function removes the authorization of the role to perform the given action on the specified resource.

Input parameters

Parameter	Description
roleName	The name of the role (e.g., "role1")
resourceId	The resource path (e.g., "/permission/admin/login")
action	The action name of the action to be performed on the resource (e.g., "ui.execute")

getAllowedRolesForResource

This function retrieves the list of authorized roles to perform the given action on the specified resource.

Input parameters

Parameter	Description
resourceId	The resource path (e.g., "/permission/admin/login")
action	The action name of the action to be performed on the resource (e.g., "ui.execute")

getAllowedUIResourcesForUser

This function retrieves the list of UI resources in the specified root patch for which the user has authorization.

Input parameters

Parameter	Description
userName	The username of the specific user (e.g., "admin")
permissionRootPath	The permission root path

getAllowedUIResourcesForRole

This function retrieves the list of UI resources in the specified root path for a given role.

Input parameters

Parameter	Description
roleName	The name of the specific role (e.g., "admin")
permissionRootPath	The permission root path

isRoleAuthorized

This function checks whether the given role is authorized to perform the action on the specified resource.

Input parameters

Parameter	Description
roleName	The name of the role (e.g., "role1")
resourceId	The resource path (e.g., "/permission/admin/login")
action	The action name of the action to be performed on the resource (e.g., "ui.execute")