Grant/Revoke permissions from User or Role¶
Grant to user¶
Grants permissions to a user.
Method: POST
Path:
/pulp/api/v2/permissions/actions/grant_to_user/
Permission: execute
Request Body Contents:
- login (string) - login of existing user
- resource (string) - resource URI
- operations (array) - array of operation strings;valid operations:’CREATE’,’READ’,’UPDATE’,’DELETE’,’EXECUTE’
Response Codes:
- 200 - if permissions were successfully granted to the user
- 400 - if any of the parameters are invalid or missing
Return: null
Sample Request:
{
"operations": ["CREATE", "READ", "DELETE"],
"login": "test-login",
"resource": "/v2/repositories/"
}
Revoke from user¶
Revokes permissions from a user.
Method: POST
Path:
/pulp/api/v2/permissions/actions/revoke_from_user/
Permission: execute
Request Body Contents:
- login (string) - login of existing user
- resource (string) - resource URI
- operations (array) - array of operation strings;valid operations:’CREATE’,’READ’,’UPDATE’,’DELETE’,’EXECUTE’
Response Codes:
- 200 - if permissions were successfully revoked from the user
- 400 - if any of the parameters are invalid or missing
Return: null
Sample Request:
{
"operations": ["CREATE", "DELETE"],
"login": "test-login",
"resource": "/v2/repositories/"
}
Grant to role¶
Grants permissions to a role. This will add permissions to all users belonging to the role. Note that users added to the role after granting permissions will inherit these permissions from the role as well.
Method: POST
Path:
/pulp/api/v2/permissions/actions/grant_to_role/
Permission: execute
Request Body Contents:
- role_id (string) - id of an existing role
- resource (string) - resource URI
- operations (array) - array of operation strings;valid operations:’CREATE’,’READ’,’UPDATE’,’DELETE’,’EXECUTE’
Response Codes:
- 200 - if permissions were successfully granted to the role
- 400 - if any of the parameters are invalid or missing
Return: null
Sample Request:
{
"operations": ["CREATE", "READ", "DELETE"],
"resource": "/v2/repositories/",
"role_id": "test-role"
}
Revoke from role¶
Revokes permissions from a role. This will revoke permissions from all users belonging to the role unless they are granted by other roles as well.
Method: POST
Path:
/pulp/api/v2/permissions/actions/revoke_from_role/
Permission: execute
Request Body Contents:
- role_id (string) - id of an existing role
- resource (string) - resource URI
- operations (array) - array of operation strings;valid operations:’CREATE’,’READ’,’UPDATE’,’DELETE’,’EXECUTE’
Response Codes:
- 200 - if permissions were successfully revoked from the role
- 400 - if any of the parameters are invalid or missing
Return: null
Sample Request:
{
"operations": ["CREATE", "READ", "DELETE"],
"resource": "/v2/repositories/",
"role_id": "test-role"
}