Cisco Observability Platform

This documentation and the Cisco Observability Platform functionalities it describes are subject to change. Data saved on the platform may disappear and APIs may change without notice.

iam:SolutionPermissions

Description

This page defines the permission configuration for accessing resources from the platform or other solutions. It also lists the permissions for accessing platform resources.

Schema

json

Copy{
    "name": "SolutionPermissions",
    "allowObjectFragments": false,
    "allowedLayers": [
        "SOLUTION"
    ],
    "identifyingProperties": ["/name"],
    "jsonSchema": {
        "$schema": "http://json-schema.org/draft-07/schema",
        "type": "object",
        "title": "Solution Principal Permissions Access",
        "description": "Schema comprises the permissions which a solution principal can access.",
        "required": [
            "permissions",
            "name"
        ],
        "properties": {
            "permissions": {
                "type": "array",
                "uniqueItems": true,
                "minItems": 1,
                "description": "List of all the permissions the solution has access to and if it can run in background.",
                "items": {
                    "type": "object",
                    "description": "This specifies permission id the solution has access to.",
                    "required": [
                        "id"
                    ],
                    "properties": {
                        "id": {
                            "$ref": "#/definitions/objectReference",
                            "description": "Namespace + Name of the permission.",
                            "examples": [
                                "uql:canExecuteUqlQuery",
                                "dashboard:canReadDashboard"
                            ]
                        },
                        "can_access_in_background": {
                            "type": "boolean",
                            "description": "Indicates whether this permission is granted to solution principal without users context.",
                            "default": false
                        }
                    }
                }
            },
            "name": {
                "type": "string",
                "description": "A unique name."
            }
        },
        "definitions": {
            "objectReference": {
                "type": "string",
                "description": "A fully qualified identifier of another object in the format <namespace>:<objName>.",
                "pattern": "^[a-z0-9]([A-Za-z0-9_\\-]){0,64}:[a-z]+[A-Za-z0-9_.]{0,256}[^._]$",
                "examples": [
                    "fmm:canUpdateMetrics",
                    "dashbard:canAccessDashboard"
                ]
            }
        },
        "additionalProperties": false
    }
}

Syntax

json

Copy{
    "permissions": [
        {
            "id": "<string>",
            "can_access_in_background": "<boolean>"
            "name": "<string>"
         },
         {
             "..."
         }
    ]
}

Attributes

Attribute	Description	Type	Required	Example
`permissions`	List of all the permissions the solution has access to and if it can run in the background.	array	Yes	`[ { "permissions": [ { "id": "healthruleapiservice:getHealthRules", "can_access_in_background": true }, { "id": "healthruleapiservice:getHealthRulesV2", "can_access_in_background": false }, { "id": "iampolicymgmtsa:readAccessConfigs" }, { "id": "iamappprincipalmgmtsa:readServicePrincipals", "can_access_in_background": true } ], "name": "default" } ]`
`id`	The ID consists of the namespace and the name of the permission. The `id` has the following syntax: `<namespace>:<permission_name>`	string	No	`"uql:canExecuteUqlQuery"` `"dashboard:canReadDashboard"`
`can_access_in_background`	Indicates whether this permission requires user interaction. The default is `false`, which indicates that the action requires user interaction to be performed.	boolean	No	`can_access_in_background: false`
`name`	The name should be "default", or the value is ignored by the platform.	string	Yes	`name: "default"`

Default Platform Permissions

ID Description API/Object

testing:getAllDashboards testing:getAllDashboards /v1/testing/dashboards

testing:getDashboard testing:getDashboard" /v1/testing/dashboards/{id}

testing:createDashboard testing:createDashboard /v1/testing/dashboards

testing:updateDashboard testing:updateDashboard /v1/testing/dashboards

testing:deleteAllDashboards testing:deleteAllDashboards /v1/testing/dashboards

testing:deleteDashboard testing:deleteDashboard /v1/testing/dashboards/{id}

optimize:canAccessServoApi Connects to the /servo path /co/v1/optimizers/{id}/servo

policymgmtsa:createRoles Creates a role for a given tenant. /v1beta2/roles

policymgmtsa:updateRoles Updates the role of a given ID of a particular tenant. /v1beta2/roles/{id}

policymgmtsa:deleteRoles Deletes the role of a given ID for a particular tenant. /v1beta2/roles/{id}

policymgmtsa:readAccessConfigs

Reads roles, permissions, and roles for a given policy and policy configurations.

/v1beta2/roles
/v1beta2/roles/{id}
/v1beta2/roles/{id}/permissions
/v1beta/permissions
/v1beta2/permissions
/v1beta2/permissions/{id}
/v1beta2/principals/roles
/v1beta2/roles/{id}/principals
/v1/principal/{principal-id}/attribute/{attribute-name}
/v1beta/policy
/v1beta/policy/{id}

policymgmtsa:configurePrincipalAccess

Updates the roles, policies, or principals for a given tenant.

/v1beta2/roles/{roleId}/principals
/v1beta2/principals/roles
/v1beta/policy/{id}

tenantmgmtsa:tenantWrite

Creates or updates tenants in the system.

/v1/tenant/upgrade
/v1/publish
/v1/publish/license
/v1beta/publish
/v1beta/publish/license
/v1beta/tenant
/v1/publish
/v1beta/tenant

optimize:readOptimizer Reads the Optimizer configuration object. optimize:optimizer

optimize:createOptimizer Creates the Optimizer configuration object. optimize:optimizer

optimize:updateOptimizer Updates the Optimizer configuration object. optimize:optimizer

optimize:deleteOptimizer Deletes the Optimizer configuration object. optimize:optimizer

optimize:readStatus Reads the Optimizer status. optimize:status

logs:readDataMaskingExpression Reads the data-masking expression. logs:dataMaskingExpression

logs:updateDataMaskingExpression Creates or updates the data-masking expression. logs:dataMaskingExpression

logs:deleteDataMaskingExpression Deletes the data-masking expression. logs:dataMaskingExpression

logs:readDataMaskingRule Readd the data-masking rule. logs:dataMaskingRule

logs:updateDataMaskingRule Creates or updates the data-masking rule. logs:dataMaskingRule

logs:deleteDataMaskingRule Deletes the data-masking rule. logs:dataMaskingRule

logs:logParsingValidation Log Parsing Test and Validation /parsers/v1beta/types/{type}/test

mloutlierservice:viewMLOutliers mloutlierservice:viewoutliers /api/v1beta/outliers

appprincipalmgmtsa:rotateServicePrincipals Rotates the Service Principal secrets for a given ID. /v1beta/clients/services/{clientId}/secret/rotate

appprincipalmgmtsa:readServicePrincipals

Gets the Service Principals of a tenant.

/v1beta/clients/services
/v1beta/clients/services/{clientId}

appprincipalmgmtsa:updateAgentPrincipals Updates the Agent Principal for a given ID of a tenant. /v1beta/clients/agents/{clientId}

appprincipalmgmtsa:readAgentPrincipals

Gets the Agent Principals of a tenant.

/v1beta/clients/agents
/v1beta/clients/agents/{clientId}

appprincipalmgmtsa:updateServicePrincipals Updates the Service Principal for a given ID of a tenant. /v1beta/clients/services/{clientId}

appprincipalmgmtsa:revokeServicePrincipals Revokes the secret of a given Service Principal of a tenant. /v1beta/clients/services/{clientId}/secret/revokeRotated

appprincipalmgmtsa:deleteAgentPrincipals Deletes the Agent Principal for a given ID of a tenant. /v1beta/clients/agents/{clientId}

appprincipalmgmtsa:createServicePrincipals Creates the Service Principal for a given ID of a tenant. /v1beta/clients/services

appprincipalmgmtsa:deleteServicePrincipals Deletes the Service Principal for a given ID of a tenant. /v1beta/clients/services/{clientId}

appprincipalmgmtsa:revokeAgentPrincipals Revokes the secret of a given Agent Principal of a tenant. /v1beta/clients/agents/{clientId}/secret/revokeRotated

appprincipalmgmtsa:rotateAgentPrincipals Rotates the Agent Principal secrets for a given ID of a tenant. /v1beta/clients/agents/{clientId}/secret/rotate

appprincipalmgmtsa:createAgentPrincipals Creates the Agent Principal for a given ID of a tenant. /v1beta/clients/agents

licensing:readTier Reads the tenant tier. licensing:tier

commoningestionservice:exportMetricsGrpc Export OpenTelemetry metrics collected in gRPC format /opentelemetry.proto.collector.metrics.v1.MetricsService/Export

commoningestionservice:exportLogsGrpc Export OpenTelemetry logs collected in gRPC format /opentelemetry.proto.collector.logs.v1.LogsService/Export

commoningestionservice:exportTraceGrpc Export OpenTelemetry traces collected in gRPC format /opentelemetry.proto.collector.trace.v1.TraceService/Export

commoningestionservice:exportMetricsHttp

Export OpenTelemetry metrics collected in HTTP/1.1 format

/data/v1/metrics
/data/v1beta/metrics

commoningestionservice:exportLogsHttp

Export OpenTelemetry logs collected in HTTP/1.1 format

/data/v1/logs
/data/v1beta/logs

commoningestionservice:exportTraceHttp

Export OpenTelemetry traces collected in HTTP/1.1 format

/data/v1/trace
/data/v1beta/trace

solutionmanagement:uploadSolution

Upload a solution bundle.

code>/v1beta/solutions
/v1/solutions

solutionmanagement:downloadSolution

Download a solution bundle.

/v1beta/solutions/{solutionName}
/v1/solutions/{solutionName}

cogengapi:createADConfiguration cogengapi:createADConfiguration /api/v1beta/adConfig

cogengapi:updateADConfiguration cogengapi:updateADConfiguration /api/v1beta/adConfig/{id}

cogengapi:deleteADConfiguration cogengapi:deleteADConfiguration /api/v1beta/adConfig/{id}

cogengapi:getADConfiguration cogengapi:getADConfiguration /api/v1beta/adConfig/{id}

cogengapi:getAllADConfiguration cogengapi:getAllADConfigurations /api/v1beta/adConfig

cogengapi:patchADConfigurationForTenant cogengapi:patchADConfigurationForTenant /api/v1beta/adConfig/{adConfigId}

cogengapi:processBatchADConfiguration cogengapi:processBatchADConfiguration /api/v1beta/adConfigBatch

tintinservice:uqlQuery

uql:uqlQuery

/monitoring/v1beta/query/execute
/monitoring/v1/query/execute
/monitoring/v1beta/query/continue
/monitoring/v1/query/continue

tintinservice:uqlHttpOptions

uql:uqlHttpOptions

/monitoring/v1beta/query/execute

/monitoring/v1/query/execute

/monitoring/v1beta/query/continue

/monitoring/v1/query/continue

loganalyticsservice:viewLogAnalytics loganalyticsservice:read /api/v1beta/ranking

baselinecomputeservice:getBaselineData Get Baseline Data /v1beta/baselineData

baselinecomputeservice:getBaselineDataDeprecated Get Baseline Data(deprecated) /v1beta/baselineData/deprecated

baselinereaderserver:getBaselines Get all Baselines /v1beta/baselines

baselinereaderserver:getBaselineById Get a specific Baseline By ID /v1beta/baselines/{baselineId}

baselinereaderserver:getBaselineValues Get all baseline Values /v1beta/data

baselinereaderserver:createBaseline Create a new Baseline /v1beta/baselines

baselinereaderserver:deleteBaseline Delete a specific Baseline By ID /v1beta/baselines/{baselineId}

actionsconfigapiservice:getTriggers Get all triggers for a specific tenantId /api/v1beta/triggers

actionsconfigapiservice:getTriggerById Get a specific Trigger by Trigger ID /api/v1beta/triggers/{triggerId}

actionsconfigapiservice:editTrigger Edit a specific Trigger by Trigger ID /api/v1beta/triggers/{triggerId}

actionsconfigapiservice:createTrigger Create a new Trigger /api/v1beta/triggers

actionsconfigapiservice:deleteTrigger Delete a specific Trigger by Trigger ID /api/v1beta/triggers/{triggerId}

actionsconfigapiservice:getActions Get all actions for a tenant /api/v1beta/actions

actionsconfigapiservice:getActionById Get a specific action by Action ID /api/v1beta/actions/{actionId}

actionsconfigapiservice:editAction Edit a specific action by action ID /api/v1beta/actions/{actionId}

actionsconfigapiservice:createAction Create a new action /api/v1beta/actions

actionsconfigapiservice:deleteAction Delete a specific Action by ID /api/v1beta/actions/{actionId}

actionsconfigapiservice:getSmtpConfigs Get all Smtp Configs /api/v1beta/actions

actionsconfigapiservice:getSmtpConfigById Get a specific Smtp Config by ID /api/v1beta/actions/{actionId}

actionsconfigapiservice:editSmtpConfig Edit a specific Smtp Config by ID /api/v1beta/actions/{actionId}

actionsconfigapiservice:createSmtpConfig Create a new smtp Config /api/v1beta/actions

actionsconfigapiservice:deleteSmtpConfig Delete a specific Smtp Config /api/v1beta/actions/{actionId}

actionsconfigapiservice:createActionPreview Create a new Action Preview /api/v1beta/actions/simulator/preview

healthruleapiservice:getHealth Get the Health of all entities /api/v1beta/health

healthruleapiservice:getHealthForEntities Get the Health of a specific entity /api/v1beta/health/entity

healthruleapiservice:getEntityTypes Get all entity Types /api/v1beta/metadata/entityTypes

healthruleapiservice:getRollUpPathsForEntityType Get the Roll Up Path for a specific entity Type /api/v1beta/healthRollupPaths/{entityType}

healthruleapiservice:getHealthRules Get all health Rules in a specific tenant /api/v1beta/healthRules

healthruleapiservice:getHealthRulesByIds Get a list of specified health Rules by ID /api/v1beta/healthRules/list

healthruleapiservice:getHealthRuleById Get a single specific health Rule by ID /api/v1beta/healthRules/{healthRuleId}

healthruleapiservice:editHealthRule Edit a specific health Rule by ID /api/v1beta/healthRules/{healthRuleId}

healthruleapiservice:createHealthRule Create a new Health Rule /api/v1beta/healthRules

healthruleapiservice:deleteHealthRule Delete a specific health Rule by ID /api/v1beta/healthRules/{healthRuleId}

healthruleapiservice:enableHealthRules Enable a specific health Rule /api/v1beta/healthRules/enable

healthruleapiservice:disableHealthRules Disable a specific health Rule /api/v1beta/healthRules/disable

healthruleapiservice:getHealthV2 Get all health Rules for a tenant /api/v1beta2/health

healthruleapiservice:getHealthForEntitiesV2 Get Health of a specific entity /api/v1beta2/health/entity

healthruleapiservice:getEntityTypesV2 Get all entity Types /api/v1beta2/metadata/entityTypes

healthruleapiservice:getRollUpPathsForEntityTypeV2 Get Roll Up Path for a specific entity Type /api/v1beta2/healthRollupPaths/{entityType}

healthruleapiservice:getHealthRulesV2 Get all health Rules in a specific tenant /api/v1beta2/healthRules

healthruleapiservice:getHealthRulesByIdsV2 Get a list of specified health Rules by ID /api/v1beta2/healthRules/list

healthruleapiservice:getHealthRuleByIdV2 Get a single specific health Rule by ID /api/v1beta2/healthRules/{healthRuleId}

healthruleapiservice:editHealthRuleV2 Edit a specific health Rule by ID /api/v1beta2/healthRules/{healthRuleId}

healthruleapiservice:createHealthRuleV2 Create a new Health Rule with V2 Configurations /api/v1beta2/healthRules

healthruleapiservice:deleteHealthRuleV2 Delete a specific health Rule by ID /api/v1beta2/healthRules/{healthRuleId}

healthruleapiservice:enableHealthRulesV2 Enable a specific health Rule /api/v1beta2/healthRules/enable

healthruleapiservice:disableHealthRulesV2 Disable a specific health Rule /api/v1beta2/healthRules/disable

licensingservice:readLicenseInfo

Get license revision(s).

/v1beta/license/revisions

/v1beta/license/revisions/{revisionId}

/v1beta/license/timeline

/v1beta/license/info

licensingservice:readUsage

Get license unit consumption.

/v1beta/usage

licensingservice:readReports

Get consumption report.

/v1beta/report

cloudmonconnectionservice:readCloudmon

cloudmonconnectionservice:readCloudmon

/api/v1/connections

/api/v2/connections

/api/v1/connections/{id}

/api/v2/connections/{id}

/api/v1/configurations

/api/v2/configurations

/api/v1/configurations/{id}

/api/v2/configurations/{id}

/api/v1/regions

/api/v2/regions

/api/v1/services

/api/v2/services

cloudmonconnectionservice:configureCloudmon

cloudmonconnectionservice:configureCloudmon"

/api/v1/connections

/api/v2/connections

/api/v1/configurations

/api/v2/configurations

/api/v1/connections/{id}

/api/v2/connections/{id}

/api/v1/configurations/{id}

/api/v2/configurations/{id}

/api/v1/connections/{id}

/api/v2/connections/{id}

/api/v1/configurations/{id}

/api/v2/configurations/{id}

topology:topologyTypeQuery

schemaservice:topologyTypeQuery

/monitoring/v1/types/association

/monitoring/v1/types/entity

/monitoring/v1/types/event

/monitoring/v1/types/metric

/monitoring/v1/types/extension

/monitoring/v1beta2/types/association

/monitoring/v1beta2/types/entity

/monitoring/v1beta2/types/event

/monitoring/v1beta2/types/metric

/monitoring/v1beta2/types/extension

knowledgestore:readSolution Read solution info extensibility:solution

knowledgestore:patchSolution Patches solution object, creates subscription for the tenant extensibility:solution

knowledgestore:readSolutionRelease Read solution release info extensibility:solutionRelease

knowledgestore:readSolutionInstall Read solutoin install info extensibility:solutionInstall

nextuicloud:exchange

nextuicloud:exchange

/ui/api/dashui/exchange/subscribe/{solutionName}

/ui/api/dashui/exchange/unsubscribe/{solutionName}

entitymetadata:readFavoritesRule Read Favorites Rule entitymetadata:favorites

entitymetadata:updateFavoritesRule

Create or Update Favorites Rule

entitymetadata:favorites

entitymetadata:deleteFavoritesRule Delete Favorites Rule entitymetadata:favorites

knowledgestore:readSubscription Read subscription environment:subscription

knowledgestore:readTenant Read tenant info environment:tenant

eumcollector:otelDataIngestion

eumcollector:otelDataIngestion

/v1/traces

/v1/logs

codex:readCodexWorkflow The permission for reading codex workflow type codex:workflow

codex:createOrUpdateCodexWorkflow

The permission for creating and updating codex workflow type

codex:workflow

codex:deleteCodexWorkflow The permission for deleting codex workflow type codex:workflow

businesstransaction:readDetectionRule Read Detection Rule businesstransaction:DetectionRule

businesstransaction:updateDetectionRule

Create or Update Detection Rule

businesstransaction:DetectionRule

businesstransaction:deleteDetectionRule Delete Detection Rule businesstransaction:DetectionRule

businesstransaction:readExclusionRule Read Exclusion Rule businesstransaction:ExclusionRule

businesstransaction:updateExclusionRule

Create or Update Exclusion Rule

businesstransaction:ExclusionRule

businesstransaction:deleteExclusionRule Delete Exclusion Rule businesstransaction:ExclusionRule

dashui:crudEntityPage

The permissions to handle crud of entity page

dashui:entityPage

dashui:crudEntityPresentation

The permissions to handle crud of entity presentation

dashui:entityPresentation

dashui:crudNavPresentation

The permissions to handle crud of nav presentation

dashui:navPresentation

dashui:crudSettingsConfig

The permissions to handle crud of settings config

dashui:settingsConfig

dashui:crudTemplate

The permissions to handle crud of dashui template

dashui:template

dashui:crudTemplatePropsExtension

The permissions to handle crud of dashui template Props Extension

dashui:templatePropsExtension

fsoexchange:listExchangable The permissions to list the exchangable objects fsoexchange:exchangable

actions:readEmailActionTemplate The permission for reading Email Actions Template type actions:emailactiontemplate

actions:createOrUpdateEmailActionTemplate

The permission for creating and updating Email Actions Template type

actions:emailactiontemplate

actions:deleteEmailActionTemplate The permission for deleting Email Actions Template type actions:emailactiontemplate

actions:readHttpActionTemplate The permission for reading Http Actions Template type actions:httpactiontemplate

actions:createOrUpdateHttpActionTemplate

The permission for creating and updating Http Actions Template type

actions:httpactiontemplate

actions:deleteHttpActionTemplate The permission for deleting Http Actions Template type actions:httpactiontemplate

fmm:readFmmObject

The permission for reading fmm objects

fmm:entity

fmm:adConfigOobTemplate

fmm:association

fmm:associationDeclaration

fmm:associationDerivation

fmm:attributePromotion

fmm:enrichment

fmm:entityGrouping

fmm:entityPriority

fmm:event

fmm:extension

fmm:extensionDerivation

fmm:metric

fmm:metricAggregation

fmm:metricAttributeMapping

fmm:metricDerivation

fmm:metricMapping

fmm:namespace

fmm:resourceMapping

fmm:sourceMapping

fmm:tagPropagation

dashui:crudForm

The permissions to handle crud of dashui forms

dashui:form

dashui:crudFormDev

The permissions to handle crud of dashui form dev

dashui:formDev

healthrule:readHealthRuleScopeOverrides The permission for reading HealthRule Scope Overrides type healthrule:healthRuleScopeOverrides

healthrule:createOrUpdateHealthRuleScopeOverrides

The permission for creating and updating HealthRule Scope Overrides type

healthrule:healthRuleScopeOverrides

healthrule:deleteHealthRuleScopeOverrides The permission for deleting HealthRule Scope Overrides type healthrule:healthRuleScopeOverrides

healthrule:readHealthRuleTemplate The The permission for reading HealthRule Template type healthrule:healthRuleTemplate

healthrule:createOrUpdateHealthRuleTemplate

The The permission for creating and updating HealthRuleTemplate type.

healthrule:healthRuleTemplate

healthrule:deleteHealthRuleTemplate The permission for deleting HealthRule Template type healthrule:healthRuleTemplate

tenantprovisioningservice:provisionTenant

Provisions tenants.

/api/v1beta/tenants

/api/v1beta/tenants/{tenantId}

/api/v1beta/tenants/{tenantId}/adminUser

/api/v1beta/tenants/{tenantId}/workflows/{workflowId}

tenantprovisioningservice:troubleshootTenantProvisioning

Troubleshoots the provisioning of Tenant

/api/v1beta/admin/tenants/{tenantId}/workflows/{workflowId}/{stepName}

/api/v1beta/admin/tenants/{tenantId}/state/{state}

tenantprovisioningservice:provisionLicense Provision licenses. /api/v1beta/tenants/{tenantId}/license

featureflagproxy:featureflagObserver

Query Feature Flags.

/a/{envId}.gif

/eval/{envId}/{user}

/ping/{envId}

/sdk/eval/{envId}/users/{user}

/sdk/evalx/{envId}/users/{user}

/sdk/goals/{envId}

/all

/status

/eval/{envId}

/sdk/eval/{envId}/users

/sdk/evalx/{envId}/users

/events/bulk/{envId}

/events/diagnostic/{envId}

tmsserviceaccount:getTags

tagmanagement:getTags

/tags/v1/keys

/tags/v1/keys/{tagKey}

/tags/v1/keys/{tagKey}/{tagKey}

/tags/v1/keys/{tagKey}/{tagKey}/{tagKey}

tmsserviceaccount:getResources tagmanagement:getResources /tags/v1/resources

tmsserviceaccount:updateTags tagmanagement:updateTags /tags/v1/keys

tmsserviceaccount:tagManagementHttpOptions

tagmanagement:tagManagementHttpOptions

/tags/v1/keys

/tags/v1/keys/{tagKey}

/tags/v1/keys/{tagKey}/{tagKey}

/tags/v1/keys/{tagKey}/{tagKey}/{tagKey}

/tags/v1/resources

licensing:readDataRetention Read Data Retention licensing:dataRetention

policymgmtsa:readCurrentPermissionsForPrincipal Reads the permissions for a given principal. /v1beta2/principals/self/permissions

uishell:crudPreferences

The CRUD permissions for preferences type.

uishell:preferences

uishell:crudShellPreferences

The CRUD permissions for the ShellPreference type.

uishell:shellPreferences

uishell:crudTimeRangePresetsPreferences

The CRUD permissions for the TimeRangePresets type.

uishell:timerangePresets

uishell:crudTimeRangeRecentsPreferences

CRUD The permissions for TimeRangeRecents type

uishell:timerangeRecents

helloworldv14:sayhello helloworldv14:sayhello /hello

httpbinv14:sayget httpbinv14:sayget /get

dashui:crudEventContent

The permissions to handle crud of event content

dashui:eventContent

httpbin:sayget httpbin:sayget /get

fs:createFile The permission to create the fs:file object fs:file

fs:updateFile The permission to update fs:file object fs:file

orionsystemsolutionc0:readTheme Read orionsystemsolutionc0 info orionsystemsolutionc0:theme

orionsystemsolutionc0:createTheme Create theme object orionsystemsolutionc0:theme

orionsystemsolutionc0:deleteTheme Delete theme object orionsystemsolutionc0:theme

orionsystemsolutionc0:updateTheme Update theme object orionsystemsolutionc0:theme

healthruleapiservice:getMetricFunctionTypeV2 Get a specific metric Function type. /api/v1beta2/metric/{contentType}/functions

policymgmtsa:performAuthorizationCheck policymgmtsa:performAuthorizationCheck /authorizer/v1/authorize

logs:readLogParsingRule Read the log-parsing rule logs:logParsingRule

logs:updateLogParsingRule

Create or Update logs:logParsingRule

logs:logParsingRule

logs:deleteLogParsingRule Delete logs:logParsingRule logs:logParsingRule

logs:readDataMaskingRuleV1 Read data-masking rule logs:dataMaskingRuleV1

logs:updateDataMaskingRuleV1

Creates or updates the data-masking rule

logs:dataMaskingRuleV1

logs:deleteDataMaskingRuleV1 Deletes the data-masking rule. logs:dataMaskingRuleV1

fs:readFiles The permissions to read fs:file object/objects. fs:file

tenantprovisioningservice:optionsObjects

The Options objects.

/api/v1beta/tenants

/api/v1beta/tenants/{tenantId}

/api/v1beta/tenants/{tenantId}/adminUser

/api/v1beta/tenants/{tenantId}/workflows/{workflowId}

/api/v1beta/admin/tenants/{tenantId}/workflows/{workflowId}/{stepName}

/api/v1beta/admin/tenants/{tenantId}/state/{state}

/api/v1beta/tenants/{tenantId}/license

qesol:readObject The permissions for reading an object. /qesol-rest-endpoints/read

qesol:createObject The permissions for creating objects. /qesol-rest-endpoints/create

qesol:updateObject The permissions for updating objects. /qesol-rest-endpoints/update

qesol:deleteObject The permissions for deleting objects. /qesol-rest-endpoints/delete

uishell:crudAppSwitcher

The CRUD The permissions for AppSwitcher Type.

uishell:appSwitcher

dashui:crudEntityPagePropSet

The The permissions to handle the CRUD actions of entity page property sets.

dashui:entityPagePropSet

agent:registerAndReadOpAMPConfigs The permission to register and read OpAMP configs via the Agent Mgmt server API. /service/v1/opamp

agent:readCoreTypes

The permission to read Agent Mgmt core types.

agent:config

agent:orchestrationClientConfig

agent:smartAgentConfig

agent:deploymentDefinition

agent:descriptor

agent:createCoreTypes

The permission to create Agent Mgmt core types.

agent:config

agent:orchestrationClientConfig

agent:smartAgentConfig

agent:deploymentDefinition

agent:updateCoreTypes

The permission to update Agent Mgmt core types

agent:config

agent:orchestrationClientConfig

agent:smartAgentConfig

agent:deploymentDefinition

agent:deleteCoreTypes

The permission to delete Agent Mgmt core types.

agent:config

agent:orchestrationClientConfig

agent:smartAgentConfig

agent:deploymentDefinition

agent:readInternalTypes

The permission to read Agent Mgmt internal types.

agent:agentCache

agent:dataCache

agent:configStatus

agent:readOpAMPPackages The permission to read OpAMP packages via the Agent Mgmt server API. /service/v1/package

provisioning:readTenant Read the tenant. provisioning:tenant

Example

json

Copy{
    "permissions": [
        {
            "id": "healthruleapiservice:getHealthRules",
            "can_access_in_background": true
        },
        {
            "id": "healthruleapiservice:getHealthRulesV2",
            "can_access_in_background": false
        },
        {
            "id": "iampolicymgmtsa:readAccessConfigs"
        },
        {
            "id": "iamappprincipalmgmtsa:readServicePrincipals",
            "can_access_in_background": true
        }
    ],
    "name": "default"
}