Querying Permissions of a User Group Under a Domain¶
Function¶
This API is used to query the permissions of a user group under a domain. A role is a set of permissions and represents a group of actions.
URI¶
URI format
GET /v3/domains/{domain_id}/groups/{group_id}/roles
URI parameters
Parameter
Mandatory
Type
Description
domain_id
Yes
String
Domain ID.
group_id
Yes
String
User group ID.
Request Parameters¶
Parameters in the request header
Parameter
Mandatory
Type
Description
X-Auth-Token
Yes
String
Authenticated token with the Security Administrator permission.
Example request
curl -i -k -H "X-Auth-Token:$token" -H 'Content-Type:application/json;charset=utf8' -X GET https://sample.domain.com/v3/domains/d54061ebcb5145dd814f8eb3fe9b7ac0/groups/47d79cabc2cf4c35b13493d919a5bb3d/roles
Response Parameters¶
Parameters in the response body
Parameter
Mandatory
Type
Description
links
Yes
Dict
Role resource link of a specified user group under a domain.
roles
Yes
Array
Role of a specified user group under a domain.
Role parameter description
Parameter
Mandatory
Type
Description
id
Yes
String
ID of a role of a specified user group under a domain.
links
Yes
Dict
Role resource link.
name
Yes
String
Name of a role.
domain_id
Yes
String
ID of the domain to which a role belongs.
type
Yes
String
Display mode of a role.
AX: A role is displayed at the domain layer.
XA: A role is displayed at the project layer.
AA: A role is displayed at both the domain and project layers.
XX: A role is not displayed at the domain or project layer.
display_name
No
String
Displayed name of a role.
catalog
No
String
Directory where a role locates.
policy
No
Dict
Policy of a role.
description
No
String
Description of a role.
Example response
{ "links": { "self": "https://sample.domain.com/v3/domains/d54061ebcb5145dd814f8eb3fe9b7ac0/groups/47d79cabc2cf4c35b13493d919a5bb3d/roles", "previous": null, "next": null }, "roles": [ { "display_name": "Security Administrator", "description": "Security Administrator", "links": { "self": "https://sample.domain.com/v3/roles/005cf92cfd364105afaa5df2eec25012" }, "domain_id": null, "name": "secu_admin", "type": "AX", "catalog": "BASE", "policy": { "Version": "1.0", "Statement": [ { "Action": [ "identity:*" ], "Effect": "Allow" } ] }, "id": "005cf92cfd364105afaa5df2eec25012" }, { "display_name": "Agent Operator", "description": "Agent Operator", "links": { "self": "https://sample.domain.com/v3/roles/d160d30477c642a486ad10e3b4d9820f" }, "domain_id": null, "name": "te_agency", "type": "AX", "catalog": "IAM", "policy": { "Version": "1.0", "Statement": [ { "Action": [ "identity:assume role" ], "Effect": "Allow" } ] }, "id": "d160d30477c642a486ad10e3b4d9820f" } ] }
Status Codes¶
Status Code | Description |
---|---|
200 | The request is successful. |
400 | The server failed to process the request. |
401 | Authentication failed. |
403 | Access denied. |
404 | The requested resource cannot be found. |