Role-based access control enables you to control the actions a user can perform within the ChaosSearch platform. Roles control access to the different sections (Storage, Refinery, Analytics, & Dashboard), indices, and even the fields and documents users can access.
The User Permission Group APIs are HTTP-based APIs allowing a caller to perform CRUDoperations on permission groups for the ChaosSearch service. The format of the endpoints uses singular nouns representing objects of the service, and HTTP verbs to perform operations. For example, an HTTP POST is a Create operation for a given object such as a group. Singularobjects use identifiers in the HTTP path, whereas plural (bulk) object operations require the caller to provide a JSON document describing the data to be operated on.
User permission groups contain the following fields of information:
Id : String - unique identifier for the group generated by the ChaosSearch service
name : String - label or some type of name for the group
permissions : Array[PermissionContainer] - a collection of permissions for the group
Version : String (e.g. "1.0") - A version for the data format (internal use?)
Effect : String - The type of effect for the permission of this container (e.g. Allow/Deny)
Actions : Array[String] - The action(s) to which this container applies
Resources : Array[String] -The resource(s) to which this container applies
Condition : JSON object - Logical conditions to be applied by the policy at the time of enforcement
Updated about a month ago