Role
A role is a collection of permissions across resource types.
Roles are used to define the access rights for a subject on a resource. A role can be assigned to a subject by adding the subject as a member to a resource. The Permissions Space Block differentiates between built-in and user-defined roles.
Common examples for roles are:
- "Internal", with permissions
create,read,modifyanddeleteon Invoice and Offer resources - "Tax Accountant", with permission
readon Invoice resources only
Built-in roles
Built-in roles are defined globally by you and are available across all tenants. They can not be changed by users and are available to anyone, to assign them to a subject on a resource.
User-defined roles
In addition to built-in roles, you can allow your users to define custom roles which are only available in the tenant, where they were created.
Manage roles
- API
The Role API is used to manage built-in roles on a global level and user-defined roles on a tenant level.
/config/rolesfor built-in roles/tenants/<TENANT_ID>/rolesfor user-defined roles
Create a built-in role
curl -i --location "https://api.spaceblocks.cloud/public/projects/<PROJECT_ID>/environments/<ENVIRONMENT_ID>/permissions/config/roles" \
--request POST \
--header "Content-Type: application/json" \
--header "Authentication: Bearer <YOUR_ACCESS_TOKEN>" \
--header "apiKey: <YOUR_API_KEY>"
--data '{
"name": "<ROLE_NAME>",
"permissions": {
"<RESOURCE_TYPE>": [ "<PERMISSION_ID>", "<PERMISSION_ID>" ],
"offer": [ "<PERMISSION_ID>" ],
}
}'
Create a user-defined role
curl -i --location https://<YOUR_API_URL>/management/tenants/<TENANT_ID>/roles \
--request POST \
--header "Content-Type: application/json" \
--header "Authentication: Bearer <YOUR_ACCESS_TOKEN>" \
--header "apiKey: <YOUR_API_KEY>"
--data '{
"name": "<ROLE_NAME>",
"permissions": {
"<RESOURCE_TYPE>": [ "<PERMISSION_ID>", "<PERMISSION_ID>" ],
"offer": [ "<PERMISSION_ID>" ],
}
}'