Member
A member is a subject or group that has been assigned to a resources with a specific role.
Members are used to define the access rights of a subject or group to a resource and have to be assigned to a specific resource. In a hierarchical structure, the access rights of a member are inherited to all sub-resources. So a subject can have access to a sub-resource even if it is not assigned to it directly as a member.
Examples:
- User Alice has the Administrator role on the most upper "Tenant" level
- User Bob has the Viewer role on folder "Foo" of a file system
- The Developers group has tue Viewer role on folder "Foo" of a file system
Manage members
- API
The Member API can be used to manage members of a tenant or a resource.
- Use
/tenants/<TENANT_ID>/membersto manage members of a tenant - Use
/tenants/<TENANT_ID>/resource/<RESOURCE_ID>/membersto manage members of a resource
Get members
You can list all members of a tenant or resource with their roles.
curl -i --location "https://<YOUR_API_URL>/management/tenants/<TENANT_ID>/members"
--header "Content-Type: application/json" \
--header "Authentication: Bearer <YOUR_ACCESS_TOKEN>" \
--header "apiKey: <YOUR_API_KEY>"
Add members
To assign one or multiple members to a resource, you have to specify a role for each member.
curl -i --location "https://<YOUR_API_URL>/management/tenants/<TENANT_ID>/members" \
--request PATCH \
--header "Content-Type: application/json" \
--header "Authentication: Bearer <YOUR_ACCESS_TOKEN>" \
--header "apiKey: <YOUR_API_KEY>"
--data '{
"subjects": {
"<SUBJECT_ID>": "<ROLE_ID>",
"<SUBJECT_ID>": "<ROLE_ID>"
},
"groups": {
"<GROUP_ID>": "<ROLE_ID>",
"<GROUP_ID>": "<ROLE_ID>"
}
}'