Mod Roles Keycloak API
Update a role
| id required | string <uuid> Example: 1e985e76-e9ca-401c-ad8e-0d121a11111e Role identifier |
| id | string <uuid> Role identifier | ||||||||
| name required | string A human-readable name/label for this role | ||||||||
| description | string Free form description of the role | ||||||||
| type | string (roleType) Enum: "DEFAULT" "REGULAR" "CONSORTIUM" Role type | ||||||||
object (Metadata Schema) Metadata about creation and changes to records, provided by the server (client should not provide) | |||||||||
| |||||||||
{ }{ }Get roles by query
| query | string Example: query=role A query string to filter users based on matching criteria in fields. |
| limit | integer >= 0 Default: 10 Example: limit=20 Limit the number of elements returned in the response. |
| offset | integer >= 0 Default: 0 Example: offset=2 Skip over a number of elements by specifying an offset value for the query. |
{ }Create a role
| id | string <uuid> Role identifier | ||||||||
| name required | string A human-readable name/label for this role | ||||||||
| description | string Free form description of the role | ||||||||
| type | string (roleType) Enum: "DEFAULT" "REGULAR" "CONSORTIUM" Role type | ||||||||
object (Metadata Schema) Metadata about creation and changes to records, provided by the server (client should not provide) | |||||||||
| |||||||||
{ }{ }Create one or more roles
required | Array of objects (Role schema) [ 1 .. 255 ] items Collection of roles | ||||||||||
Array ([ 1 .. 255 ] items)
| |||||||||||
{ }{ }Create a record associating role with user
| userId | string <uuid> User identifier (UUID) |
| roleIds | Array of strings <uuid> [ items <uuid > ] Role identifiers |
{ }{ }Search user-role relations by CQL query
| query | string Example: query=role A query string to filter users based on matching criteria in fields. |
| limit | integer >= 0 Default: 10 Example: limit=20 Limit the number of elements returned in the response. |
| offset | integer >= 0 Default: 0 Example: offset=2 Skip over a number of elements by specifying an offset value for the query. |
{ }Update a roles user by user ID
| id required | string <uuid> Example: 1e111e76-1111-401c-ad8e-0d121a11111e User identifier |
| userId | string <uuid> User identifier (UUID) |
| roleIds | Array of strings <uuid> [ items <uuid > ] Role identifiers |
{ }{ }Create a record associating one or more capabilities with the role
| roleId required | string <uuid> ID of the role |
| capabilityIds | Array of strings <uuid> [ items <uuid > ] List of capability identifiers |
| capabilityNames | Array of strings List of capability names |
{ }{ }Get role-capability relation items by CQL query and pagination parameters
| query | string Example: query=role A query string to filter users based on matching criteria in fields. |
| limit | integer >= 0 Default: 10 Example: limit=20 Limit the number of elements returned in the response. |
| offset | integer >= 0 Default: 0 Example: offset=2 Skip over a number of elements by specifying an offset value for the query. |
{ }Get capabilities assigned to role by role identifier
| id required | string <uuid> Example: 1e985e76-e9ca-401c-ad8e-0d121a11111e Role identifier |
| expand | boolean Default: false Defines if capability sets must be expanded |
| includeDummy | boolean Default: false Include dummy capabilities. |
| limit | integer >= 0 Default: 10 Example: limit=20 Limit the number of elements returned in the response. |
| offset | integer >= 0 Default: 0 Example: offset=2 Skip over a number of elements by specifying an offset value for the query. |
{ }Modifies the set of capabilities assigned to the specified role.
| id required | string <uuid> Example: 1e985e76-e9ca-401c-ad8e-0d121a11111e Role identifier |
| capabilityIds | Array of strings <uuid> [ items <uuid > ] List of capability identifiers |
| capabilityNames | Array of strings List of capability names |
{ }{ }Create a record associating one or more capabilities with the role
| roleId required | string <uuid> ID of the role |
| capabilitySetIds | Array of strings <uuid> [ items <uuid > ] List of capability set identifiers |
| capabilitySetNames | Array of strings List of capability set names |
{ }{ }Get role-capability-set relation items by CQL query
| query | string Example: query=role A query string to filter users based on matching criteria in fields. |
| limit | integer >= 0 Default: 10 Example: limit=20 Limit the number of elements returned in the response. |
| offset | integer >= 0 Default: 0 Example: offset=2 Skip over a number of elements by specifying an offset value for the query. |
{ }Get capability sets assigned to role by role identifier
| id required | string <uuid> Example: 1e985e76-e9ca-401c-ad8e-0d121a11111e Role identifier |
| limit | integer >= 0 Default: 10 Example: limit=20 Limit the number of elements returned in the response. |
| offset | integer >= 0 Default: 0 Example: offset=2 Skip over a number of elements by specifying an offset value for the query. |
{ }Modifies the set of capability sets assigned to the specified role.
| id required | string <uuid> Example: 1e985e76-e9ca-401c-ad8e-0d121a11111e Role identifier |
| capabilitySetIds | Array of strings <uuid> [ items <uuid > ] List of capability set identifiers |
| capabilitySetNames | Array of strings List of capability names |
{ }{ }Update a policy
| id required | string <uuid> Example: 1e589e76-e9ca-401c-ad8e-0d121a11111e Policy identifier |
| id | string <uuid> A unique identifier for this policy. System-generated if not provided. | ||||||||||||||||||||||||
| name required | string A human-readable name/label for this policy. Required. | ||||||||||||||||||||||||
| description | string Free form description of the policy. Optional. | ||||||||||||||||||||||||
| type required | string (policyType) Enum: "USER" "TIME" "ROLE" The type of policy. Required. | ||||||||||||||||||||||||
| source | string (sourceType) Enum: "SYSTEM" "USER" "CONSORTIUM" Source type for roles and policies. | ||||||||||||||||||||||||
object (userPolicy) Object containing the details of the user-based policy | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
object (timePolicy) Object containing the details of the time-based policy. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
object (rolePolicy) Object containing the details of the aggregated policy. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
object (Metadata Schema) Metadata about creation and changes to records, provided by the server (client should not provide) | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
{ }{ }Get policies by query
| query | string Example: query=role A query string to filter users based on matching criteria in fields. |
| limit | integer >= 0 Default: 10 Example: limit=20 Limit the number of elements returned in the response. |
| offset | integer >= 0 Default: 0 Example: offset=2 Skip over a number of elements by specifying an offset value for the query. |
{ }Create a policy
| id | string <uuid> A unique identifier for this policy. System-generated if not provided. | ||||||||||||||||||||||||
| name required | string A human-readable name/label for this policy. Required. | ||||||||||||||||||||||||
| description | string Free form description of the policy. Optional. | ||||||||||||||||||||||||
| type required | string (policyType) Enum: "USER" "TIME" "ROLE" The type of policy. Required. | ||||||||||||||||||||||||
| source | string (sourceType) Enum: "SYSTEM" "USER" "CONSORTIUM" Source type for roles and policies. | ||||||||||||||||||||||||
object (userPolicy) Object containing the details of the user-based policy | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
object (timePolicy) Object containing the details of the time-based policy. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
object (rolePolicy) Object containing the details of the aggregated policy. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
object (Metadata Schema) Metadata about creation and changes to records, provided by the server (client should not provide) | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
{ }{ }Create one or more policies
required | Array of objects (policy) [ 1 .. 255 ] items A list of policies. | ||||||||||||||||||
Array ([ 1 .. 255 ] items)
| |||||||||||||||||||
{ }{ }Retrieve a list of permission migrations
| query | string Example: query=role A query string to filter users based on matching criteria in fields. |
| offset | integer >= 0 Default: 0 Example: offset=2 Skip over a number of elements by specifying an offset value for the query. |
| limit | integer >= 0 Default: 10 Example: limit=20 Limit the number of elements returned in the response. |
{- "migrations": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "status": "in_progress",
- "startedAt": "2019-08-24T14:15:22Z",
- "finishedAt": "2019-08-24T14:15:22Z"
}
], - "totalRecords": 0
}Retrieve a permission migration
| id required | string <uuid> Entity id |
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "status": "in_progress",
- "startedAt": "2019-08-24T14:15:22Z",
- "finishedAt": "2019-08-24T14:15:22Z"
}Get capabilities by query
| query | string Example: query=role A query string to filter users based on matching criteria in fields. |
| limit | integer >= 0 Default: 10 Example: limit=20 Limit the number of elements returned in the response. |
| offset | integer >= 0 Default: 0 Example: offset=2 Skip over a number of elements by specifying an offset value for the query. |
{ }Find capabilities by capability set ID
| id required | string <uuid> Entity id |
| includeDummy | boolean Default: false Include dummy capabilities. |
| limit | integer >= 0 Default: 10 Example: limit=20 Limit the number of elements returned in the response. |
| offset | integer >= 0 Default: 0 Example: offset=2 Skip over a number of elements by specifying an offset value for the query. |
{ }Get capabilities by query
| query | string Example: query=role A query string to filter users based on matching criteria in fields. |
| limit | integer >= 0 Default: 10 Example: limit=20 Limit the number of elements returned in the response. |
| offset | integer >= 0 Default: 0 Example: offset=2 Skip over a number of elements by specifying an offset value for the query. |
{ }Create a record associating one or more capabilities with a user.
| userId required | string <uuid> User identifier |
| capabilityIds required | Array of strings <uuid> non-empty [ items <uuid > ] List of capability identifiers |
{ }{ }Search user capabilities by CQL query
| query | string Example: query=role A query string to filter users based on matching criteria in fields. |
| limit | integer >= 0 Default: 10 Example: limit=20 Limit the number of elements returned in the response. |
| offset | integer >= 0 Default: 0 Example: offset=2 Skip over a number of elements by specifying an offset value for the query. |
{ }Retrieve capabilities assigned to role by role identifier
| id required | string <uuid> Example: 1e111e76-1111-401c-ad8e-0d121a11111e User identifier |
| expand | boolean Default: false Defines if capability sets must be expanded |
| includeDummy | boolean Default: false Include dummy capabilities. |
| limit | integer >= 0 Default: 10 Example: limit=20 Limit the number of elements returned in the response. |
| offset | integer >= 0 Default: 0 Example: offset=2 Skip over a number of elements by specifying an offset value for the query. |
{ }Modifies the set of capabilities assigned to the specified user.
| id required | string <uuid> Example: 1e111e76-1111-401c-ad8e-0d121a11111e User identifier |
| capabilityIds | Array of strings <uuid> [ items <uuid > ] List of capability identifiers |
| capabilityNames | Array of strings List of capability names |
{ }{ }Create a record associating one or more capabilities with a user.
| userId | string <uuid> User identifier |
| capabilitySetIds required | Array of strings <uuid> non-empty [ items <uuid > ] List of capability identifiers |
{ }{ }Get user capabilities by CQL query and pagination parameters
| query | string Example: query=role A query string to filter users based on matching criteria in fields. |
| limit | integer >= 0 Default: 10 Example: limit=20 Limit the number of elements returned in the response. |
| offset | integer >= 0 Default: 0 Example: offset=2 Skip over a number of elements by specifying an offset value for the query. |
{ }Retrieve capability sets assigned to role by role identifier
| id required | string <uuid> Example: 1e111e76-1111-401c-ad8e-0d121a11111e User identifier |
| limit | integer >= 0 Default: 10 Example: limit=20 Limit the number of elements returned in the response. |
| offset | integer >= 0 Default: 0 Example: offset=2 Skip over a number of elements by specifying an offset value for the query. |
{ }Modifies the set of capability sets assigned to the specified user.
| id required | string <uuid> Example: 1e111e76-1111-401c-ad8e-0d121a11111e User identifier |
| capabilitySetIds | Array of strings <uuid> [ items <uuid > ] List of capability set identifiers |
| capabilitySetNames | Array of strings List of capability names |
{ }{ }Get permissions by user ID. If there is onlyVisible=true, then desiredPermissions are ignored.
| id required | string <uuid> Entity id |
| onlyVisible | boolean Default: false Return only visible permission sets |
| desiredPermissions | Array of strings Example: desiredPermissions=users.item.get&desiredPermissions=users.collection.* A list of permissions to filter by |
{ }Get loadable roles by query
| query | string Example: query=role A query string to filter users based on matching criteria in fields. |
| limit | integer >= 0 Default: 10 Example: limit=20 Limit the number of elements returned in the response. |
| offset | integer >= 0 Default: 0 Example: offset=2 Skip over a number of elements by specifying an offset value for the query. |
{- "loadableRoles": [
- {
- "permissions": [
- {
- "roleId": "7382d58e-652a-4905-b7c9-bcca1e0e5391",
- "permissionName": "string",
- "capabilityId": "486ae165-7fa3-4fe9-8d0b-0636c8459cb3",
- "capabilitySetId": "33e4a9bc-70af-4091-ab8d-abd76df9315e",
- "metadata": {
- "createdDate": "2019-08-24T14:15:22Z",
- "createdByUserId": "4d2aef9a-17b0-44e6-902e-616812033620",
- "updatedDate": "2019-08-24T14:15:22Z",
- "updatedByUserId": "b38eaad7-8efa-49e7-b0aa-619916a3821e"
}
}
], - "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "string",
- "description": "string",
- "type": "DEFAULT",
- "metadata": {
- "createdDate": "2019-08-24T14:15:22Z",
- "createdByUserId": "4d2aef9a-17b0-44e6-902e-616812033620",
- "updatedDate": "2019-08-24T14:15:22Z",
- "updatedByUserId": "b38eaad7-8efa-49e7-b0aa-619916a3821e"
}
}
], - "totalRecords": 0
}A default role is created or updated, role is populated with the specified permissions (capabilities and capability sets) as they become available in the system. Default role cannot be changed via Roles API.
Array of objects (Loadable Permission schema) List of permissions associated with role | |||||||||||
Array
| |||||||||||
| id | string <uuid> Role identifier | ||||||||||
| name required | string A human-readable name/label for this role | ||||||||||
| description | string Free form description of the role | ||||||||||
| type | string (roleType) Enum: "DEFAULT" "REGULAR" "CONSORTIUM" Role type | ||||||||||
object (Metadata Schema) Metadata about creation and changes to records, provided by the server (client should not provide) | |||||||||||
| |||||||||||
{- "permissions": [
- {
- "roleId": "7382d58e-652a-4905-b7c9-bcca1e0e5391",
- "permissionName": "string",
- "capabilityId": "486ae165-7fa3-4fe9-8d0b-0636c8459cb3",
- "capabilitySetId": "33e4a9bc-70af-4091-ab8d-abd76df9315e",
- "metadata": {
- "createdDate": "2019-08-24T14:15:22Z",
- "createdByUserId": "4d2aef9a-17b0-44e6-902e-616812033620",
- "updatedDate": "2019-08-24T14:15:22Z",
- "updatedByUserId": "b38eaad7-8efa-49e7-b0aa-619916a3821e"
}
}
], - "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "string",
- "description": "string",
- "type": "DEFAULT",
- "metadata": {
- "createdDate": "2019-08-24T14:15:22Z",
- "createdByUserId": "4d2aef9a-17b0-44e6-902e-616812033620",
- "updatedDate": "2019-08-24T14:15:22Z",
- "updatedByUserId": "b38eaad7-8efa-49e7-b0aa-619916a3821e"
}
}{- "permissions": [
- {
- "roleId": "7382d58e-652a-4905-b7c9-bcca1e0e5391",
- "permissionName": "string",
- "capabilityId": "486ae165-7fa3-4fe9-8d0b-0636c8459cb3",
- "capabilitySetId": "33e4a9bc-70af-4091-ab8d-abd76df9315e",
- "metadata": {
- "createdDate": "2019-08-24T14:15:22Z",
- "createdByUserId": "4d2aef9a-17b0-44e6-902e-616812033620",
- "updatedDate": "2019-08-24T14:15:22Z",
- "updatedByUserId": "b38eaad7-8efa-49e7-b0aa-619916a3821e"
}
}
], - "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "string",
- "description": "string",
- "type": "DEFAULT",
- "metadata": {
- "createdDate": "2019-08-24T14:15:22Z",
- "createdByUserId": "4d2aef9a-17b0-44e6-902e-616812033620",
- "updatedDate": "2019-08-24T14:15:22Z",
- "updatedByUserId": "b38eaad7-8efa-49e7-b0aa-619916a3821e"
}
}