• Native OpenStack API

noa
  1. Help Center
  2. Native OpenStack API
  3. API Reference
  4. Keystone
  5. Permission Management
  6. Querying a Role List

Querying a Role List

Function Description

This interface is used to query a role list, including the permission policies of a role. A role is a set of permissions and represents a group of actions.

URI

  • URI format

    GET /v3/roles

  • URI parameter description

    Parameter

    Mandatory

    Type

    Description

    name

    No

    String

    Name of a role.

    domain_id

    No

    String

    ID of a domain.

Request

  • Request header parameter description

    Parameter

    Mandatory

    Type

    Description

    Content-Type

    Yes

    String

    Fill application/json;charset=utf8 in this field.

    X-Auth-Token

    Yes

    String

    Authenticated token with the Security Administrator permission.

  • Sample request
    curl -i -k -H "X-Auth-Token:$token" -H 'Content-Type:application/json;charset=utf8' -X GET https://10.22.44.158:31943/v3/roles?name=readonly

Response

  • Response body parameter description

    Parameter

    Mandatory

    Type

    Description

    links

    Yes

    Dict

    Resource links of a role.

    roles

    Yes

    Array

    List of roles.

  • Description for the role format

    Parameter

    Mandatory

    Type

    Description

    id

    Yes

    String

    ID of a role.

    links

    Yes

    Dict

    Resource links of a role.

    display_name

    No

    String

    Displayed name of a role.

    name

    Yes

    String

    Name of a role.

    This parameter is carried in the token of a user. The cloud service determines whether the user has the access permission based on the role name.

    domain_id

    Yes

    String

    ID of the domain to which a role belongs.

    type

    Yes

    String

    Display mode of a role.

    AX: A role is displayed at the domain layer.

    XA: A role is displayed at the project layer.

    AA: A role is displayed at both the domain and project layers.

    XX: A role is not displayed at the domain or project layer.

    catalog

    No

    String

    Directory where a role locates.

    flag

    No

    String

    A tag for indicating an internal fine-grained role.

    policy

    No

    Dict

    Policy of a role.

    • Version: indicates policy version.
      • 1.0: Preset cloud service permission (non-fine-grained permission)
      • 1.1: Fine-grained permission
    • The Statement field provides detailed information about a policy and contains the Effect and Action elements.
      • Effect:

        The value can be Allow and Deny. If both Allow and Deny are found in statements, the policy evaluation starts with Deny.

      • Action:

        The value can be one or more resource authorization items.

        The value format is Service name:Resource type:Action.

        For example: vpc:ports:create.

    description

    No

    String

    Description of a role.

  • Sample response
    {
      "links": {
        "self": "www.example.com/v3/roles?name=readonly",
        "previous": null,
        "next": null
      },
      "roles": [
        {
          "display_name": "Tanent Guest",
          "description": "Tanent Guest",
          "links": {
            "self": "www.example.com/v3/roles/19bb93eec4ca4f08aefdc02da76d8f3c"
          },
          "domain_id": null,
          "catalog": "BASE",
          "policy": {
            "Version": "1.0",
            "Statement": [
              {
                "Action": [
                  "::Get",
                  "::List"
                ],
                "Effect": "Allow"
              },
              {
                "Action": [
                  "identity:*"
                ],
                "Effect": "Deny"
              }
            ]
          },
          "id": "19bb93eec4ca4f08aefdc02da76d8f3c",
          "type": "AA",
          "name": "readonly"
        }
      ]
    }

Status Codes

Status Code

Description

200

The request is successful.

400

The server failed to process the request.

401

You must enter a username and password to access the requested page.

403

You are forbidden to access the requested page.