This documentation and the Cisco Observability Platform functionalities it describes are subject to change. Data saved on the platform may disappear and APIs may change without notice.
iam:Role
Description
Defines the roles of a solution.
Schema
{
"name": "Role",
"allowObjectFragments": false,
"allowedLayers": [
"TENANT",
"SOLUTION",
"ACCOUNT"
],
"idGeneration": {
"generateRandomId": false,
"idGenerationMechanism": "{{layer.id}}:{{object.name}}",
"enforceGlobalUniqueness": true
},
"jsonSchema": {
"$schema": "http://json-schema.org/draft-07/schema",
"type": "object",
"title": "Role Definition",
"description": "Schema comprises the role definition.",
"required": [
"name",
"displayName",
"description"
],
"properties": {
"name": {
"type": "string",
"description": "Name of the role",
"pattern": "^[a-z]+[A-Za-z0-9]{0,64}$"
},
"displayName": {
"type": "string",
"description": "Display name of the role",
"minLength": 1,
"maxLength": 512
},
"description": {
"type": "string",
"description": "Description of the role",
"minLength": 1,
"maxLength": 2048
},
"permissions": {
"type": "array",
"uniqueItems": true,
"minItems": 1,
"description": "List of all the permissions. All permissions must have same scopes",
"items": {
"type": "object",
"description": "This specifies permission details.",
"required": [
"id"
],
"properties": {
"id": {
"$ref": "#/definitions/objectReference",
"description": "Namespace + Name of the permission. All permissions and roles in a mapping must have same scopes.",
"examples": [
"uql:canExecuteUqlQuery",
"dashboard:canReadDashboard"
]
},
"when": {
"type": "string",
"description": "A SCIM query predicate",
"examples": [
"referrer.id eq \"dashboard\""
]
}
}
}
},
"scopes": {
"type": "array",
"uniqueItems": true,
"minItems": 1,
"description": "Establishes data ownership for this role.",
"items": {
"type": "string",
"enum": [
"ACCOUNT",
"TENANT"
],
"description": "Decides if this is Account or Tenant Level."
},
"default": ["TENANT"]
},
"internal": {
"type": "boolean",
"description": "Indicates if this role is internal only",
"default": false
}
},
"definitions": {
"objectReference": {
"type": "string",
"description": "A fully qualified identifier of another object in the format <namespace>:<objName>.",
"pattern": "^[a-z0-9]([A-Za-z0-9_\\-]){0,64}:[a-z]+[A-Za-z0-9_.]{0,256}[^._]$",
"examples": [
"fmm:canUpdateMetrics",
"dashbard:canAccessDashboard"
]
}
},
"additionalProperties": false
}
}
Manifest Declaration
To declare roles in manifest.json:
- Add the dependency
iam. - In the
objectsarray, add an object of typeiam:Roleand assign its file path toobjectsFile.
{
"manifestVersion": "<version>",
"name": "spacefleet",
"solutionVersion": "<version>",
"dependencies": [
"...",
"iam"
],
"description": "Space Fleet reference solution",
"contact": "support@appd.com",
"gitRepoUrl": "https://<repo_domain>/spacefleet-solution",
"readme": "readme.md",
"objects": [
"...",
{
"type": "iam:Role",
"objectsFile": "<file_path>/roles.json"
},
"..."
]
}
Syntax
[
{
"name": "<string>",
"displayName": "<string>",
"description": "<string>"
},
"..."
]
Attributes
| Attribute | Description | Type | Required | Example |
|---|---|---|---|---|
name |
The name of the role that can be mapped to permissions. | string | Yes | "name": "commandingOfficer" |
displayName |
The role name displayed in Accounts. | string | Yes | "displayName": "Commanding Officer" |
description |
The description of the role. | string | Yes | "description": "A member of the crew" |
Example
[
{
"name": "commandingOfficer",
"displayName": "Commanding Officer",
"description": "Commanding Officer of the Space Fleet"
},
{
"name": "crewMember",
"displayName": "Crew Member",
"description": "A member of the crew"
}
]