This documentation and the Cisco Observability Platform functionalities it describes are subject to change. Data saved on the platform may disappear and APIs may change without notice.
iam:Permission
Description
Defines the permissions for accessing the resources owned and managed by the solution.
Schema
{
"name": "Permission",
"allowObjectFragments": false,
"allowedLayers": ["SOLUTION"],
"idGeneration": {
"generateRandomId": false,
"idGenerationMechanism": "{{layer.id}}:{{object.name}}",
"enforceGlobalUniqueness": true
},
"jsonSchema": {
"$schema": "http://json-schema.org/draft-07/schema",
"type": "object",
"title": "Permission Definition",
"description": "The schema comprises the permission definition",
"required": [
"name",
"displayName",
"description",
"actionAndResources"
],
"properties": {
"name": {
"type": "string",
"description": "Name of the permission. This must be unique within a solution.",
"pattern": "^[a-z]+[A-Za-z0-9]{0,64}$"
},
"displayName": {
"type": "string",
"description": "Display name of the permission",
"minLength": 1,
"maxLength": 512
},
"description": {
"type": "string",
"description": "Description of the permission",
"minLength": 1,
"maxLength": 2048
},
"actionAndResources": {
"type": "array",
"uniqueItems": true,
"minItems": 1,
"description": "This specifies the list of action/resources for this permission",
"items": {
"type": "object",
"description": "This specifies the action on a resource for the permission.",
"required": [
"action"
],
"properties": {
"action": {
"type": "object",
"description": "The schema comprises the definition of an action on a resource",
"anyOf": [
{
"type": "object",
"description": "Action",
"required": [
"classification"
],
"properties": {
"classification": {
"type": "string",
"description": "Classification",
"enum": ["CREATE", "UPDATE", "DELETE", "READ", "UNKNOWN"]
}
}
},
{
"type": "object",
"description": "Http Action",
"required": [
"method",
"pathPattern"
],
"properties": {
"type": {
"type": "string",
"description": "Http Action type",
"const": "HttpAction"
},
"classification": {
"type": "string",
"description": "Classification",
"enum": ["CREATE", "UPDATE", "DELETE", "READ", "UNKNOWN"]
},
"pathPattern": {
"type": "string",
"description": "Provides api path pattern",
"examples": ["/uql/execute", "/dashboard/{dashboardId}"]
},
"method": {
"type": "string",
"description": "Method for the api",
"examples": ["POST", "GET", "PUT", "DELETE", "PATCH"]
}
}
}
]
},
"resource": {
"type": "object",
"description": "Resource like dashboard, tag or any other object.",
"required": [
"type"
],
"properties": {
"type": {
"$ref": "#/definitions/typeReference",
"description": "Json type name",
"examples": [
"dashboard:Dashboard"
]
}
}
},
"when": {
"type": "string",
"description": "An expression which can be used to do fine grain access control",
"examples": ["referrer.id eq \"dashboard\""]
}
}
}
},
"scopes": {
"type": "array",
"uniqueItems": true,
"minItems": 1,
"description": "Establishes ownership of the resources attached to this permission.",
"items": {
"type": "string",
"enum": [
"ACCOUNT",
"TENANT"
],
"description": "Decides if this is Account or Tenant Level.",
"default": ["TENANT"]
}
}
},
"definitions": {
"typeReference": {
"type": "string",
"description": "A fully qualified identifier of another type in the format <namespace>:<TypeName>.",
"pattern": "^[a-z0-9]([A-Za-z0-9_\\-]){0,64}:[A-Za-z]+[A-Za-z0-9_.]{0,256}[^._]$",
"examples": [
"dashboard:Dashboard",
"fmm:Metric"
]
}
},
"additionalProperties": false
}
}
Manifest Declaration
To declare permissions in manifest.json:
- Add the dependency
iam. - In the
objectsarray, add an object oftype"iam:Permission"and assign its file path toobjectsFile.
{
"manifestVersion": "<version>",
"name": "spacefleet",
"solutionVersion": "<version>",
"dependencies": [
"...",
"iam"
],
"description": "Space Fleet reference solution",
"contact": "support@appd.com",
"gitRepoUrl": "https://<repo_url>/projects/FSORS/repos/spacefleet-solution",
"readme": "readme.md",
"objects": [
"...",
{
"type": "iam:Permission",
"objectsFile": "<file_path>/permissions.json"
},
"..."
]
}
Syntax
[
{
"name": "<string>",
"description": "<string>",
"displayName": "<string>",
"actionAndResources": [
{
"action": {
"classification": "<string>"
},
"resource": {
"type": "<solution>:<object>"
}
},
"..."
]
},
"..."
]
Attributes
| Attribute | Description | Type | Required | Example |
|---|---|---|---|---|
permissions |
List of all the permissions the solution has access to and if it can run in the background. | array | Yes |
[
{
"name": "readNotdConfigSettingsConfig",
"description": "Permissions to get notd config settings config",
"displayName": "Notd Config Settings Config",
"actionAndResources": [
{
"action": {
"classification": "READ"
},
"resource": {
"type": "spacefleet:notdConfigSettingsConfig"
}
}
]
},
{
"..."
}
]
|
description |
Description of the permission. | string | Yes | "description": "Update dashboard" |
name |
The name should be "default", or the value is ignored by the platform. |
string | Yes | name: "default" |
displayName |
The value for displayName will be displayed in the UI. We recommend creating displayName by prefixing the solution name (dashboard in this example) and colon to the permission name. |
string | Yes | "displayName": "dashboard:updateDashboard" |
actionAndResources |
The array containing objects that describe the resources and the actions for the solution. | array | Yes |
"actionAndResources": [
{
"action": {
"method": "GET",
"pathPattern": "/v1/testing/dashboards",
"classification": "READ",
"type": "HttpAction"
}
},
"..."
]
|
action
|
The object describing the method, path, classification, and type for a solution resource. | object | No |
"action": {
"method": "GET",
"pathPattern": "/v1/testing/dashboards",
"classification": "READ",
"type": "HttpAction"
}
|
method |
The HTTP request method used to access the resource. Common methods include PUT, GET, and POST. |
string | No | "method": "PUT" |
pathPattern |
The path of the URI or object. | string | No | "pathPattern": "/v1/testing/dashboards/{id}" |
classification |
The classification or category of the action. The possible values are "CREATE", "UPDATE", "DELETE", "READ", or "UNKNOWN".
|
enum | "classification": "UPDATE" |
|
type |
The type of action for the URI or the object type. The only supported value for the action for a URI is "HttpAction".
|
string | No | "type": "HttpAction" |
Example
[
{
"name": "readDashboard",
"displayName": "dashboard:readDashboard",
"description": "Read Dashboard",
"actionAndResources": [
{
"action": {
"method": "GET",
"pathPattern": "/v1/testing/dashboards",
"classification": "READ",
"type": "HttpAction"
}
},
{
"action": {
"method": "GET",
"pathPattern": "/v1/testing/dashboards/{id}",
"classification": "READ",
"type": "HttpAction"
}
}
]
},
"objects": [
{
"type": "iam:Permission",
"objectsFile": "objects/permissions.json"
}
]
]