• Native OpenStack API

noa
  1. Help Center
  2. Native OpenStack API
  3. API Reference
  4. Keystone
  5. Permission Management
  6. Querying Permissions of a User Group Under a Domain

Querying Permissions of a User Group Under a Domain

Function Description

This interface is used to query the permissions of a user group under a domain. A role is a set of permissions and represents a group of actions.

URI

  • URI format

    GET /v3/domains/{domain_id}/groups/{group_id}/roles

  • URI parameter description

    Parameter

    Mandatory

    Type

    Description

    domain_id

    Yes

    String

    ID of the domain to which a user group belongs.

    group_id

    Yes

    String

    ID of a user group.

Request

  • Request header parameter description

    Parameter

    Mandatory

    Type

    Description

    X-Auth-Token

    Yes

    String

    Authenticated token with the Security Administrator permission.

  • Sample request
    curl -i -k -H "X-Auth-Token:$token" -H 'Content-Type:application/json;charset=utf8' -X GET https://10.22.44.158:31943/v3/domains/d54061ebcb5145dd814f8eb3fe9b7ac0/groups/47d79cabc2cf4c35b13493d919a5bb3d/roles

Response

  • Response body parameter description

    Parameter

    Mandatory

    Type

    Description

    links

    Yes

    Dict

    Resource links of a role of a specified user group under a domain.

    roles

    Yes

    Array

    Role of a specified user group under a domain.

  • Role parameter description

    Parameter

    Mandatory

    Type

    Description

    id

    Yes

    String

    ID of a role of a specified user group under a domain.

    links

    Yes

    Dict

    Resource links of a role.

    name

    Yes

    String

    Name of a role.

    domain_id

    Yes

    String

    ID of the domain to which a role belongs.

    type

    Yes

    String

    Display mode of a role.

    • AX: A role is displayed at the domain layer.
    • XA: A role is displayed at the project layer.
    • AA: A role is displayed at both the domain and project layers.
    • XX: A role is not displayed at the domain or project layer.

    display_name

    No

    String

    Displayed name of a role.

    catalog

    No

    String

    Directory where a role locates.

    policy

    No

    Dict

    Policy of a role.

    description

    No

    String

    Description of a role.

  • Sample response
    {
      "links": {
        "self": "www.example.com/v3/domains/d54061ebcb5145dd814f8eb3fe9b7ac0/groups/47d79cabc2cf4c35b13493d919a5bb3d/roles",
        "previous": null,
        "next": null
      },
      "roles": [
        {
          "display_name": "Security Administrator",
          "description": "Security Administrator",
          "links": {
            "self": "www.example.com/v3/roles/005cf92cfd364105afaa5df2eec25012"
          },
          "domain_id": null,
          "name": "secu_admin",
          "type": "AX",
          "catalog": "BASE",
          "policy": {
            "Version": "1.0",
            "Statement": [
              {
                "Action": [
                  "identity:*"
                ],
                "Effect": "Allow"
              }
            ]
          },
          "id": "005cf92cfd364105afaa5df2eec25012"
        },
        {
          "display_name": "Agent Operator",
          "description": "Agent Operator",
          "links": {
            "self": "www.example.com/v3/roles/d160d30477c642a486ad10e3b4d9820f"
          },
          "domain_id": null,
          "name": "te_agency",
          "type": "AX",
          "catalog": "IAM",
          "policy": {
            "Version": "1.0",
            "Statement": [
              {
                "Action": [
                  "identity:assume role"
                ],
                "Effect": "Allow"
              }
            ]
          },
          "id": "d160d30477c642a486ad10e3b4d9820f"
        }
      ]
    }

Status Codes

Status Code

Description

200

The request is successful.

400

The server failed to process the request.

401

You must enter a username and password to access the requested page.

403

You are forbidden to access the requested page.

404

The server could not find the requested page.