Skip to end of banner
Go to start of banner

Roles

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

*(Under Review for V2 - Not Completed Yet)

Introduction

The "Roles" endpoint allows you to manage the set of permissions(Create, Read, Update, Delete) that are granted to the users and are applied to each endpoint.

How Does it Work?

The primary method for authorisation (what a user can do) is now based on the users Roles. Roles are defined as admin, org_admin, reporter and user by default. Each role has a set of permissions (Create, Read, Update, Delete) for each endpoint. Standard roles (as shipped should cover 99.9% of use-cases. The ability to define additional roles and edit existing roles is enabled in Open-AudIT Enterprise.

Creating a Role Entry

A roles entry can be created using the web interface if the current user logged in has a defined role that contains the user::create permission. Go to menu: Manage -> Roles -> Create Roles. Also can be created from the Roles View, using the "Create" button.

To add a new user to Open-AudIT you have to provide the details of that person, assign the organization, select the relevant Roles (multiple roles can be selected), select if the user is active or not, etc. In addition, you must grand permission to that user to access one or more organisations. It is important to notice that selecting a parent organization will automatically provide access to its children.




View Role Details

Go to menu: Manage-> Roles -> List Roles.

You will see a list of roles. You can view a role by clicking on the blue view icon. You can also edit or delete roles (except standard roles).

 

Database Schema

The schema for the database is below. It can also be found in the application is the user has database::read permission by going to menu: Manage -> Database -> List, then clicking on the "roles" table.

CREATE TABLE `roles` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT, `name` varchar(200) NOT NULL DEFAULT '', `description` text NOT NULL, `permissions` text NOT NULL, `ad_group` varchar(100) NOT NULL DEFAULT '', `edited_by` varchar(200) NOT NULL DEFAULT '', `edited_date` datetime NOT NULL DEFAULT '2000-01-01 00:00:00', PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8;

A typical entry looks as below.

 id: 1 name: admin description: This role can change global options. permissions: {"attributes":"crud","baselines":"crud","configuration":"crud","database":"crud","errors":"r","groups":"crud","ldap_servers":"crud","logs":"crud","nmis":"crud","queries":"crud","reports":"r","roles":"crud","search":"crud","sessions":"crud","summaries":"crud","tasks":"crud"} ad_group: open-audit_roles_admin edited_by: system edited_date: 2000-01-01 00:00:00

API / Web Access

You can access the /roles collection using the normal Open-AudIT JSON based API. Just like any other collection. Please see the API documentation for further details.

Access is provided as part of a roles permissions. Roles is a standard resource and can have create, read, update and delete permissions.

The API routes below are usable from both a JSON Restful API and the web interface. The Web application routes are specifically designed to be called from the web interface (a browser).

API Routes

Request Method
ID
Action
Resulting Function
Permission Required
URL Example
Notes
Example Response
POSTn createroles::create/rolesInsert a new role entry.roles_create.json
GETy readroles::read/roles/{id}Returns a role details.roles_read.json
PATCHy updateroles::update/roles/{id}Update an attribute of a role entry.roles_update.json
DELETEy deleteroles::delete/roles/{id}Delete a role entry.roles_delete.json
GETn collectionroles::read/rolesReturns a list of roles.roles_collection.json

Web Application Routes

Request Method
ID
Action
Resulting Function
Permission Required
URL Example
Notes
GETncreatecreate_formroles::create/roles/createDisplays a standard web form for submission to POST /roles.
GETyupdateupdate_formroles::update/roles/{id}/updateShow the role details with the option to update attributes using PATCH to /roles/{id}

 

 

 

 

  • No labels