8.4.21 Fields: Roles

See the associated 4.24  Roles resource section for more information on how to use this resource and supported operations.

Additional References

Type Value Additional Information
Permissions resource roles Permissions
Hooks filename roles.groovy Pre- and Post-Processing Hooks
Distinct query-supported Yes Distinct

Role

A role defines a set of permissions that are based on the proxy-user. If no proxy user is specified then access to objects in MWS are limited to its application permissions. For example if the application has permission to update all resources in MWS and no proxy-user is specified in the request then the request can access all resources in MWS.

Field Name Type POST PUT Description
id String No No

The unique ID of this role.
description String Yes Yes

The role description.
name String Yes Yes

The unique human-readable name of this role. Required during POST.
permissions List<Permission> Yes Yes

The set of permissions enforced based on the proxy-user.

Permission

Represents a permission.

Field Name Type POST PUT Description
id String No No

The unique ID of this role.
action String No No

The action that can be performed on the resource.
administrator Boolean No No

If true, grants full rights over the given resource for the given action. For example, if resource is 'jobs' and action is 'update' and administrator is true, then this permission allows the user to update any job, not just jobs owned by the user.
description String No No

A description of this permission.
fieldPath String No No

Field level ACL control, if null or '*', all fields are accessible; otherwise requests must match dot delimited path. Currently only checked when doing writable actions. For example, attributes.*: create|update
label String No No

A human readable label for this permission.
resource String No No

The resource the permission applies to.
resourceFilter Map<String, Map> No No

A map used to limit which resource instances this permission applies to. If this is null then the permission will apply to all instances of the resource. For api permissions the filter uses mongo query syntax.
type String No No

The type of the permission. Only 'api' type permissions are enforced.

Role

A role defines a set of permissions that are based on the proxy-user. If no proxy user is specified then access to objects in MWS are limited to its application permissions. For example if the application has permission to update all resources in MWS and no proxy-user is specified in the request then the request can access all resources in MWS.

Field Name Type POST PUT Description
id String No No

The unique ID of this role.
description String Yes Yes

The role description.
name String Yes Yes

The unique human-readable name of this role. Required during POST.
permissions List<Permission> Yes Yes

The set of permissions enforced based on the proxy-user.

Permission

Represents a permission.

Field Name Type POST PUT Description
id String No No

The unique ID of this role.
action String No No

The action that can be performed on the resource.
administrator Boolean No No

If true, grants full rights over the given resource for the given action. For example, if resource is 'jobs' and action is 'update' and administrator is true, then this permission allows the user to update any job, not just jobs owned by the user.
description String No No

A description of this permission.
fieldPath String No No

Field level ACL control, if null or '*', all fields are accessible; otherwise requests must match dot delimited path. Currently only checked when doing writable actions. For example, attributes.*: create|update
label String No No

A human readable label for this permission.
resource String No No

The resource the permission applies to.
resourceFilter Map<String, Map> No No

A map used to limit which resource instances this permission applies to. If this is null then the permission will apply to all instances of the resource. For api permissions the filter uses mongo query syntax.
type String No No

The type of the permission. Only 'api' type permissions are enforced.

Related Topics