Querying Role Assignments

Function

This API is used to query the user groups to which a specified role has been assigned.

URI

  • URI format

    GET /v3/role_assignments{?role.id,user.id,group.id,scope.project.id,scope.domain.id, scope.OS-INHERIT:inherited_to,include_subtree}

  • URI parameters: Specify any of the role.id, user.id, group.id, scope.project.id, and scope.domain.id parameters.

    Parameter

    Mandatory

    Type

    Description

    role.id

    No

    String

    Role ID.

    This parameter must be specified in conjunction with any of user.id, group.id, scope.project.id, and scope.domain.id.

    user.id

    No

    String

    User ID.

    This parameter cannot be specified in conjunction with group.id.

    group.id

    No

    String

    User group ID.

    This parameter cannot be specified in conjunction with user.id.

    scope.project.id

    No

    String

    Project ID.

    This parameter cannot be specified in conjunction with scope.domain.id.

    scope.domain.id

    No

    String

    Domain ID.

    This parameter cannot be specified in conjunction with scope.project.id.

    scope.OS-INHERIT:inherited_to

    No

    String

    Used to filter based on role assignments that are inherited.

    The only value of this parameter that is currently supported is projects.

    include_subtree

    No

    Boolean

    The value true means listing all role assignments involving the specified project and all subprojects. Any non-zero value of this parameter will be interpreted as true.

    This parameter must be specified in conjunction with scope.project.id.

Request Parameters

  • Parameters in the request header

    Parameter

    Mandatory

    Type

    Description

    Content-Type

    Yes

    String

    Fill application/json;charset=utf8 in this field.

    X-Auth-Token

    Yes

    String

    Authenticated token with the Security Administrator permission.

  • Example request

    curl -i -k -H "X-Auth-Token:$token" -H 'Content-Type:application/json;charset=utf8' -X GET https://sample.domain.com/v3/role_assignments?group.id=06c904fddd807cd93f0ec018b5d30a34&role.id=bc61db25975247758de0d5e254a85915&scope.domain.id=06c904fdca807cd90f0ac018001...
    

Response Parameters

  • Parameters in the response body

    Parameter

    Mandatory

    Type

    Description

    role_assignments

    Yes

    List

    Role assignments.

    links

    Yes

    Dict

    Role resource link.

  • role_assignments

    Parameter

    Mandatory

    Type

    Description

    scope

    Yes

    Dict

    Application scope of the role. The value can be domain or project.

    Domain:

    "scope": {
           "domain": {
                "id": "06c9..."
                         }
                 }
    

    Project:

    "scope": {
           "project": {
                "id": "06c9..."
                         }
                 }
    

    role

    Yes

    Dict

    Role information, including the role ID.

    Example:

    "role": {
           " id ": " bc61..."
                }
    

    group

    No

    Dict

    Group information, which is returned if the role has been assigned to a user group.

    Example:

    "group": {
           " id ": " 06c9..."
                }
    

    agency

    No

    Dict

    Group information, which is returned if the role has been assigned to an agency.

    Example:

    "agency": {
           " id ": " 06c9..."
                }
    

    links

    Yes

    Dict

    Assignment resource link information.

    Example:

    "links": {
           "assignment": "https://sample.domain.com/v3/projects/06c9../groups/06c9../roles/bc61.. "
                }
    
  • links

    Parameter

    Mandatory

    Type

    Description

    self

    Yes

    String

    Resource link.

    Example:

    "self": "https://sample.domain.com/v3/role_assignments? group.id=06c..."

    previous

    Yes

    String

    Previous resource link.

    Example:

    "previous": null

    next

    No

    String

    Next resource link.

    Example:

    "next": null

  • Example response

    {
        "role_assignments": [
            {
                "scope": {
                    "domain": {
                        "id": "06c904fdca807cd90f0ac01800167760"
                    }
                },
                "role": {
                    "id": "bc61db25975247758de0d5e254a85915"
                },
                "group": {
                    "id": "06c904fddd807cd93f0ec018b5d30a34"
                },
                "links": {
                    "assignment": "https://sample.domain.com/v3/domains/06c904fdca807cd90f0ac01800167760/groups/06c904fddd807cd93f0ec018b5d30a34/roles/bc61db25975247758de0d5e254a85915"
                }
            }
        ],
        "links": {
            "self": "https://sample.domain.com/v3/role_assignments?group.id=06c904fddd807cd93f0ec018b5d30a34&role.id=bc61db25975247758de0d5e254a85915&scope.domain.id=06c904fdca807cd90f0ac01800167760",
            "previous": null,
            "next": null
        }
    }
    

Status Codes

Status Code

Description

200

The request is successful.

400

The server failed to process the request.

401

Authentication failed.

403

Access denied.

404

The requested resource cannot be found.

405

The method specified in the request is not allowed for the requested resource.

413

The request entity is too large.

503

Service unavailable.