Assign roles
Give user Sebastian the admin role on
folderFoo.
Assigning roles basically means managing members for a resource. Permissions are never directly assigned to subjects directly but always through roles. This operation updates the members of a resource by adding or removing roles for subjects or groups.
Give users or groups access to a resource or remove it.
Flow
Scenario: User Bob wants to give user Linda read-only access to a folder in your application. For this, you need to make sure to have a role, which includes only those permissions, that readers can have and make Bob assign this role to Linda on the folder he wants to share.
➊ Your Frontend, user Bob requests at Space Blocks directly, to add Linda with the reader role to the members of folder Foo
➋ Space Blocks verifies Bob’s permissions to update the members and confirms the change
For communicating directly with Space Blocks, your Frontend needs an impersonated Access Token, with should be issued by your backend.
Usage
- API
To manage members of a resource, use the UpsertResourceMembers. To manage members of a tenant, use UpsertTenantMembers API.
/tenants/<TENANT_ID>/resource/<RESOURCE_ID>/membersfor resources/tenants/<TENANT_ID>/membersfor tenants
Examples:
/tenants/456/resource/123 /membersfor resources/tenants/456/membersfor tenants
Request:
curl -i --location "https://<YOUR_API_URL>/management/tenants/<TENANT_ID>/members" \
--request PATCH \
--header "Content-Type: application/json" \
--header "Authentication: Bearer <YOUR_ACCESS_TOKEN>" \
--header "apiKey: <YOUR_API_KEY>"
--data '{
"subjects": {
"<SUBJECT_ID>": "<ROLE_ID>",
"<SUBJECT_ID>": "<ROLE_ID>"
},
"groups": {
"<GROUP_ID>": "<ROLE_ID>",
"<GROUP_ID>": "<ROLE_ID>"
}
}'