Querying Role Assignments¶

Function¶

This API is used to query the user groups to which a specified role has been assigned.

URI¶

URI format
GET /v3/role_assignments{?role.id,user.id,group.id,scope.project.id,scope.domain.id, scope.OS-INHERIT:inherited_to,include_subtree}

URI parameters: Specify any of the role.id, user.id, group.id, scope.project.id, and scope.domain.id parameters.

Parameter	Mandatory	Type	Description
role.id	No	String	Role ID. This parameter must be specified in conjunction with any of user.id, group.id, scope.project.id, and scope.domain.id.
user.id	No	String	User ID. This parameter cannot be specified in conjunction with group.id.
group.id	No	String	User group ID. This parameter cannot be specified in conjunction with user.id.
scope.project.id	No	String	Project ID. This parameter cannot be specified in conjunction with scope.domain.id.
scope.domain.id	No	String	Domain ID. This parameter cannot be specified in conjunction with scope.project.id.
scope.OS-INHERIT:inherited_to	No	String	Used to filter based on role assignments that are inherited. The only value of this parameter that is currently supported is projects.
include_subtree	No	Boolean	The value true means listing all role assignments involving the specified project and all subprojects. Any non-zero value of this parameter will be interpreted as true. This parameter must be specified in conjunction with scope.project.id.

Request Parameters¶

Parameters in the request header
Parameter
Mandatory
Type
Description
Content-Type
Yes
String
Fill application/json;charset=utf8 in this field.
X-Auth-Token
Yes
String
Authenticated token with the Security Administrator permission.

Parameter	Mandatory	Type	Description
Content-Type	Yes	String	Fill application/json;charset=utf8 in this field.
X-Auth-Token	Yes	String	Authenticated token with the Security Administrator permission.

Example request

curl -i -k -H "X-Auth-Token:$token" -H 'Content-Type:application/json;charset=utf8' -X GET https://sample.domain.com/v3/role_assignments?group.id=06c904fddd807cd93f0ec018b5d30a34&role.id=bc61db25975247758de0d5e254a85915&scope.domain.id=06c904fdca807cd90f0ac018001...

Response Parameters¶

Parameters in the response body
Parameter
Mandatory
Type
Description
role_assignments
Yes
List
Role assignments.
links
Yes
Dict
Role resource link.

Parameter	Mandatory	Type	Description
role_assignments	Yes	List	Role assignments.
links	Yes	Dict	Role resource link.

role_assignments

Parameter	Mandatory	Type	Description
scope	Yes	Dict	Application scope of the role. The value can be domain or project. Domain: "scope": { "domain": { "id": "06c9..." } } Project: "scope": { "project": { "id": "06c9..." } }
role	Yes	Dict	Role information, including the role ID. Example: "role": { " id ": " bc61..." }
group	No	Dict	Group information, which is returned if the role has been assigned to a user group. Example: "group": { " id ": " 06c9..." }
agency	No	Dict	Group information, which is returned if the role has been assigned to an agency. Example: "agency": { " id ": " 06c9..." }
links	Yes	Dict	Assignment resource link information. Example: "links": { "assignment": "https://sample.domain.com/v3/projects/06c9../groups/06c9../roles/bc61.. " }

links

Parameter	Mandatory	Type	Description
self	Yes	String	Resource link. Example: "self": "https://sample.domain.com/v3/role_assignments? group.id=06c..."
previous	Yes	String	Previous resource link. Example: "previous": null
next	No	String	Next resource link. Example: "next": null

Parameter

Mandatory

Type

Description

self

Yes

String

Resource link.

Example:

"self": "https://sample.domain.com/v3/role_assignments? group.id=06c..."

Yes

String

Previous resource link.

Example:

"previous": null

String

Next resource link.

Example:

"next": null

Example response

{
    "role_assignments": [
        {
            "scope": {
                "domain": {
                    "id": "06c904fdca807cd90f0ac01800167760"
                }
            },
            "role": {
                "id": "bc61db25975247758de0d5e254a85915"
            },
            "group": {
                "id": "06c904fddd807cd93f0ec018b5d30a34"
            },
            "links": {
                "assignment": "https://sample.domain.com/v3/domains/06c904fdca807cd90f0ac01800167760/groups/06c904fddd807cd93f0ec018b5d30a34/roles/bc61db25975247758de0d5e254a85915"
            }
        }
    ],
    "links": {
        "self": "https://sample.domain.com/v3/role_assignments?group.id=06c904fddd807cd93f0ec018b5d30a34&role.id=bc61db25975247758de0d5e254a85915&scope.domain.id=06c904fdca807cd90f0ac01800167760",
        "previous": null,
        "next": null
    }
}

Status Codes¶

Status Code	Description
200	The request is successful.
400	The server failed to process the request.
401	Authentication failed.
403	Access denied.
404	The requested resource cannot be found.
405	The method specified in the request is not allowed for the requested resource.
413	The request entity is too large.
503	Service unavailable.

last updated: 2024-11-08 14:24 UTC - commit: 2d5e2c1f97c685df3090da66769505f099a4c992