...
The endpoint access control is done also against the objects requested using thefields JSON in the HTTP Header. So for instance if the endpoint Vessel.GET is present and the user does not belong to a SecurityRole that has a SecurityPermission for the Vessel.GET endpoint, requesting the Voyage resource specifying the following JSON in the fields parameter will get unauthorized (HTTP 401):
Code Block |
---|
{ "vessel":{ "vesselName":"*", "auxEngine":"*" } } |
will get unauthorized (HTTP 401), but if If the same user requests with the following JSON: , it will get access because vesselName attribute is part of the minimal view of Vessel resource:
Code Block |
---|
{ "vessel":{ "vesselName":"*" } } |
will get access because vesselName attribute is part of the minimal view of Vessel resource.
The same access control is performed when a WebhookSubscription is requested. If the user tries to subscribe for an object that has an Endpoint in the system, the subscription will be created only if the user can access to the Endpoint, otherwise Bad request (HTTP 400) exception will be thrown.
...
To create a new SecurityRole it has to be used the endpoint . Post the following JSON to /ws/rest/SecurityRole posting a JSON like this:
Code Block |
---|
{ "roleName":"testRole" } |
To ad add a SecurityPermission SecurityPermission to a SecurityRole it has to be used the endpoint . Post the following JSON to /ws/rest/SecurityRole putting a JSON like this:
Code Block |
---|
{ "securityPermissions": [ { "key":335928939 } ] } |
To ad add a SecurityRole SecurityRole to a User it has to be used the endpoint . Post the following JSON to /ws/rest/User putting a JSON like thisSecurityRole:
Code Block |
---|
{ "securityRoles": [ { "key":335927922 } ] } |