Grant/Revoke permissions from User or Role

Grant to user

Grants permissions to a user.

Method: POST
Path: /pulp/api/v2/permissions/actions/grant_to_user/
Permission: execute
Request Body Contents:

  • login (string) - login of existing user

  • resource (string) - resource URI

  • operations (array) - array of operation strings;valid operations:’CREATE’,’READ’,’UPDATE’,’DELETE’,’EXECUTE’

Response Codes:

  • 200 - if permissions were successfully granted to the user

  • 400 - if any of the parameters are invalid or missing

Return: null

Sample Request: 

{
 "operations": ["CREATE", "READ", "DELETE"],
 "login": "test-login",
 "resource": "/v2/repositories/"
}

Revoke from user

Revokes permissions from a user.

Method: POST
Path: /pulp/api/v2/permissions/actions/revoke_from_user/
Permission: execute
Request Body Contents:

  • login (string) - login of existing user

  • resource (string) - resource URI

  • operations (array) - array of operation strings;valid operations:’CREATE’,’READ’,’UPDATE’,’DELETE’,’EXECUTE’

Response Codes:

  • 200 - if permissions were successfully revoked from the user

  • 400 - if any of the parameters are invalid or missing

Return: null

Sample Request: 

{
 "operations": ["CREATE", "DELETE"],
 "login": "test-login",
 "resource": "/v2/repositories/"
}

Grant to role

Grants permissions to a role. This will add permissions to all users belonging to the role. Note that users added to the role after granting permissions will inherit these permissions from the role as well.

Method: POST
Path: /pulp/api/v2/permissions/actions/grant_to_role/
Permission: execute
Request Body Contents:

  • role_id (string) - id of an existing role

  • resource (string) - resource URI

  • operations (array) - array of operation strings;valid operations:’CREATE’,’READ’,’UPDATE’,’DELETE’,’EXECUTE’

Response Codes:

  • 200 - if permissions were successfully granted to the role

  • 400 - if any of the parameters are invalid or missing

Return: null

Sample Request: 

{
 "operations": ["CREATE", "READ", "DELETE"],
 "resource": "/v2/repositories/",
 "role_id": "test-role"
}

Revoke from role

Revokes permissions from a role. This will revoke permissions from all users belonging to the role unless they are granted by other roles as well.

Method: POST
Path: /pulp/api/v2/permissions/actions/revoke_from_role/
Permission: execute
Request Body Contents:

  • role_id (string) - id of an existing role

  • resource (string) - resource URI

  • operations (array) - array of operation strings;valid operations:’CREATE’,’READ’,’UPDATE’,’DELETE’,’EXECUTE’

Response Codes:

  • 200 - if permissions were successfully revoked from the role

  • 400 - if any of the parameters are invalid or missing

Return: null

Sample Request: 

{
 "operations": ["CREATE", "READ", "DELETE"],
 "resource": "/v2/repositories/",
 "role_id": "test-role"
}