• Native OpenStack API

noa
  1. Help Center
  2. Native OpenStack API
  3. API Reference
  4. Keystone
  5. Permission
  6. Querying Permissions of a User Group Corresponding to a Project

Querying Permissions of a User Group Corresponding to a Project

Function Description

This interface is used to query the permissions of a specified user group corresponding to a project. This interface applies only to domain names in the Global zone.

URI

  • URI format

    GET /v3/projects/{project_id}/groups/{group_id}/roles

  • URI parameter description

    Parameter

    Mandatory

    Type

    Description

    project_id

    Yes

    String

    ID of a project.

    group_id

    Yes

    String

    ID of a user group.

Request

  • Request header parameter description

    Parameter

    Mandatory

    Type

    Description

    Content-Type

    Yes

    String

    Fill application/json;charset=utf8 in this field.

    X-Auth-Token

    Yes

    String

    Valid token (the token of a user with the op_auth permission or the token of a user with the secu_admin permission under the current domain)

  • Sample request
    curl -i -k -H "X-Auth-Token:$token" -H 'Content-Type:application/json;charset=utf8' -X GET https://10.22.44.158:31943/v3/projects/073bbf60da374853841cf6624c94de4b/groups/47d79cabc2cf4c35b13493d919a5bb3d/roles

Response

  • Response body parameter description

    Parameter

    Mandatory

    Type

    Description

    links

    Yes

    Dict

    Links of a role, including nextprevious, and self.

    roles

    Yes

    Array

    List of roles.

  • Role parameter description

    Parameter

    Mandatory

    Type

    Description

    id

    Yes

    String

    ID of a role.

    links

    Yes

    Dict

    Links of a role.

    name

    Yes

    String

    Name of a role.

    domain_id

    Yes

    String

    ID of the domain to which a role belongs.

    type

    Yes

    String

    Display mode of a role.

    AX: A role is displayed at the domain layer.

    XA: A role is displayed at the project layer.

    AA: A role is displayed at both the domain and project layers.

    XX: A role is not displayed at the domain or project layer.

    display_name

    No

    String

    Displayed name of a role.

    catalog

    No

    String

    Directory where a role locates.

    policy

    No

    Dict

    Policy of a role.

    description

    No

    String

    Description of a role.

  • Sample response
    {
        "links": {
            "self": " www.example.com/v3/projects/3a4cd4d559d8492bbe7bd355643f9763/groups/728da352c017480f80b5a96beb15f0e6/roles",
            "previous": null,
            "next": null
        },
        "roles": [
            {
                "catalog": "BASE",
                "display_name": "Guest",
                "name": "readonly",
                "links": {
                    "self": " www.example.com/v3/roles/13d132b7856945788f6df7eb3ed5c35e"
                },
                "policy": {
                    "Version": "1.0",
                    "Statement": [
                        {
                            "Action": [
                                "*:*:Get*",
                                "*:*:List*"
                            ],
                            "Effect": "Allow"
                        },
                        {
                            "Action": [
                                "identity:*"
                            ],
                            "Effect": "Deny"
                        }
                    ]
                },
                "domain_id": null,
                "type": "AA",
                "id": "13d132b7856945788f6df7eb3ed5c35e",
                "description": "Guest"
            },
            {
                "catalog": "BASE",
                "display_name": "Tenant Administrator",
                "name": "te_admin",
                "links": {
                    "self": " www.example.com/v3/roles/1def304b73f14e8eb8d1eb9bf8337ae6"
                },
                "policy": {
                    "Version": "1.0",
                    "Statement": [
                        {
                            "Action": [
                                "*"
                            ],
                            "Effect": "Allow"
                        },
                        {
                            "Action": [
                                "identity:*"
                            ],
                            "Effect": "Deny"
                        }
                    ]
                },
                "domain_id": null,
                "type": "AA",
                "id": "1def304b73f14e8eb8d1eb9bf8337ae6",
                "description": "Tenant Administrator"
            }
        ]
    }

Status Codes

Status Code

Description

200

The request is successful.

400

The server failed to process the request.

401

You must enter a username and password to access the requested page.

403

You are forbidden to access the requested page.