Role management

The Provisioning API can be used to create, update, and delete custom roles. There are always 2 default roles in each domain that cannot be deleted neither modified (Admin and No Privileges). We call custom roles to the roles that can be created and fully managed. A role is an entity that can be assigned to users in order to provide them with permissions or access to resources.

Those resources are:

Policies: Allow the user to perform specific operations on the platform.
Custom finder: The set of accessible tables for a specific role.
User resources: Activeboards, Panels and Dashboards.
Applications
Alert permissions: Specific permissions for allowing a role access or management control to an alert category, subcategory, or the alert itself.
Vaulting values: Maximum and default vault values for establishing the priority when the role users perform a query.

User resources are those assets that are created by a user; that’s why applications are not user resources. Applications have a different ownership lifecycle. For example, if a user is deleted, the resources he created will be reassigned to the domain’s owner. That does not happen with an application.

Domain custom roles

`POST /domain/{domainName}/roles`

Creates a new custom role. See the required parameters and more information here.

`GET /domain/{domainName}/roles`

Retrieves all the roles belonging to the specified domain.

`GET /domain/{domainName}/roles/{roleName}`

Retrieves information about the specified role.

`DELETE /domain/{domainName}/roles/{roleName}`

Deletes the specified role. Note that roles cannot be deleted if they are assigned to one or several users.

`PUT /domain/{domainName}/roles/{roleName}`

Updates a specified role.