RBAC - Group Management API

Use the ChaosSearch API to manage groups for your organization.

The ChaosSearch API endpoint /user/groups supports operations for creating, updating, and deleting groups for RBAC access management.

Create Groups Example—Kibana Access

This example shows how to create an RBAC group that allows users access only to the Analytics features (that is, Kibana) in the ChaosSearch console.

The following sample code is a JSON body with all required group information to create new groups. Any groups you add with the endpoint must not already exist in the user context. This call is atomic; either all of the groups in the JSON document are created successfully, or none of the groups are created.

Endpoint: /user/groups
Method: POST
Example JSON body: Create two new groups foo and bar that grant access to foo-view and bar-view.

[{ 
            "name": "Foo",
            "permissions": [{
              "Effect": "Allow",
              "Action": "kibana:*",
              "Resources": "crn:view:::foo-view"
            }]
          },{
            "name": "Bar",
            "permissions": [{
              "Effect": "Allow",
              "Action": "kibana:*",
              "Resources": "crn:view:::bar-view"
            }]
          }]

Responses: 201

[{ 
              "id": "id-output",
              "name": "Foo",
              "permissions": [{
                "Effect": "Allow",
                "Action": "kibana:*",
                "Resources": "crn:view:::foo-view"
              }]
            }, {
              "id": "id-output"
              "name": "Bar",
              "permissions": [{
                "Effect": "Allow",
                "Action": "kibana:*",
                "Resources": "crn:view:::bar-view"
              }]
            }]

Update Existing Groups

This example shows how to update an RBAC group. This call is atomic; either all of the groups in the JSON document are updated successfully, or none of the groups are updated.

Endpoint: /user/groups
Method: PUT
Example JSON body: Updates the sample groups to grant access to all defined views.

[{ 
            "id": "id-output",
            "name": "Foo",
            "permissions": [{
              "Effect": "Allow",
              "Action": "kibana:*",
              "Resources": "crn:view:::*"
            }]
          }, {
            "id": "id-output"
            "name": "Bar",
              "permissions": [{
                "Effect": "Allow",
                "Action": "kibana:*",
                "Resources": "crn:view:::*"
            }]
          }]

Responses: 201

[{ 
              "id": "id-output",
              "name": "Foo",
              "permissions": [{
                "Effect": "Allow",
                "Action": "kibana:*",
                "Resources": "crn:view:::*"
              }]
            }, {
              "id": "id-output"
              "name": "Bar",
                "permissions": [{
                  "Effect": "Allow",
                  "Action": "kibana:*",
                  "Resources": "crn:view:::*"
              }]
            }]

Fetch All Groups

This example shows how to fetch all RBAC groups.

Endpoint: /user/groups
Method: GET

[
  {
    "id": "group-id",
    "name": "Foo",
    "permissions": [
      {
        "Effect": "Allow",
        "Action": "kibana:*",
        "Resources": "crn:view:::foo-view"
      }
    ]
  }
]

Delete Groups

This example shows how to delete an RBAC group. The groups must already exist in the user context. This call is atomic; either all of the groups in the JSON document are deleted successfully, or none of the groups are deleted.

Endpoint: /user/groups
Method: Delete
Response: 200
Example JSON Body: Delete two existing groups for this user context.

[ "group-id1","group-id2" ]

Fetch or Delete a Specific Group

You can use the /user/groups/{id} endpoint to fetch or delete a specific group identified by its ID. There is no JSON body sent for this endpoint, but JSON documents are returned for the information. If you require bulk group operations, see the /user/groups endpoint.

Fetch Group

Endpoint: /user/group/{id}
Method: GET
Example: To fetch a group identified by the group ID
Response: 200

{
             "id": "group-id",
              "name": "Foo",
              "permissions": [ {
                "Effect": "Allow",
                "Action": "kibana:*",
                "Resources": "crn:view:::foo-view"
              }]
            }

Delete Group

Endpoint: /user/group/{id}
Method: Delete
Response: 200
Example: Delete a group identified by group-id

[ "group-id" ]

Did this page help you?