Role¶
Role is used for determining if the operation is allowed. You can specify which operations should be permitted or denied by specifying operation key regex patterns. Every operation has its own key, that could be found here.
Operation key structure: api.{operation type}.{object}.{operation name}
. E.q.: api.read.applications.get_by_id
.
Elements¶
id:
Id of role.
name:
Role name.
allowedOperationsKeyIdPatterns:
Regular expression patterns for allowed operations.
deniedOperationsKeyIdPatterns:
Regular expression patterns for denied operations.
Patterns priority¶
Denied patterns are checked first, so they have greater priority than allowed patterns. E.g. if role has pattern that allows specific operation, and another pattern that denies the same operation, operation will not be permitted.