Authorization API
Operation | REST API | Body | Response |
|---|---|---|---|
grant | POST /security/authorization/grant | GrantRequest{
"entity": {
"namespace": "ns1",
"entity": "NAMESPACE"
},
"principal": {
"name": "admin",
"type": "ROLE"
},
"actions": [
"READ"
]
} | 200: Granted the action on the entity for the principal |
revoke | POST /security/authorization/revoke | RevokeRequest{
"entity": {
"namespace": "ns1",
"entity": "NAMESPACE"
},
"principal": {
"name": "admin",
"type": "ROLE"
},
"actions": [
"READ"
]
} | 200: Revoked the actions on the entity for the principal |
Role Based Access Control | |||
create role | PUT /security/authorization/roles/<role-name> | N/A | 200: Created the role 409: role already exists |
delete role | DELETE /security/authorization/roles/<role-name> | N/A | 200: Deleted the role 404: role is not found |
List roles | GET /security/authorization/roles/ | N/A | 200: List of roles Roles["Role", "Role2"] |
add role to principal | PUT /security/authorization/<principal-type>/<principal-name>/roles/<role-name> |
| 200: Added role to principal 404: role not found 404: principal not found |
remove role from principal | DELETE /security/authorization/<principal-type>/<principal-name>/roles/<role-name> |
| 200: removed role from principal 404: role not found 404: principal not found |
List roles for principal | GET /security/authorization/<principal-type>/<principal-name>/roles | N/A | 200: List of roles Roles["Role", "Role2"]404: Principal not found |
List privileges for role | GET /security/authorization/roles/<role-name>/privileges | N/A | 200: List of privileges for the role Privileges["Privilege1", "Privilege2"]404: role not found Privilege/**
* Represents a privilege granted to a {@link Principal user}, {@link Principal group} or a role. It determines * if the user or group can perform a given {@link Action} on an
* {@link EntityId}. It also determines if this privilege also gives the user or group the permission to grant * the same privilege to other users or groups.
*/
public class Privilege {
private final EntityId entity;
private final Action action;
private final boolean withGrantOption;
} |
Created in 2020 by Google Inc.