Accessing and using the Role-Based Access Control Service API

Use the Role-Based Access Control Service API to manage the lifecycle of role-based access control policies from the command line.

About this task

Complete role-based access tasks such as creating, viewing, updating, and deleting roles. Add and delete a set of users or user groups from a specific role. Grant permissions to a specific role. View a list of roles, users, user groups, and permissions that are defined in the system.

You can create scripts for automating such tasks as defining new roles and assigning users, user groups, and permissions to these roles.

Procedure

  1. Complete step 1 to step 9 in the Exploring the APIs topic.
    Step 10 and step 11 provide additional details.
  2. Click USE and select a key, for example, Key1.
    Note: Click Hide to show your client-Id and client secret. Make a note of them because, if you are making API calls with external tools outside of API Explorer, they are needed. Then, click Show to hide them.
  3. Populate all required headers, denoted with an asterisk.
    X-IBM-Service-Location
    * header is the geographic location of your subscription such as na for North America
    Authorisation
    * header is your base64-encoded string of the IBM ID and password. When you encode the IBM ID and password in the based64-encoder tool, the format must be IBMid:password, for example, Basic YXBtYWRtaW46YXBtcGFzcw==.
  4. You must include a referer header in all POST, PUT, and DELETE requests. The value for the referer header is always: 
    -H 'Referer: https://api.ibm.com'
  5. Scroll to locate and click Test.

Example

The following example uses the curl command to create a new role. 
POST /1.0/authzn/roles
Note: The body of the POST request must contain a JSON object that defines the role as shown by the -d parameter.

curl -X POST \
  https://api.ibm.com/perfmgmt/run/1.0/authzn/roles  \
  -H 'Referer: https://api.ibm.com' \
  -H 'authorization: Basic REPLACE_BASE64_ENCODED_STRING' \
  -H 'content-type: application/json' \
  -H 'x-ibm-client-id: REPLACE_KEY_VALUE' \
  -H 'x-ibm-client-secret: REPLACE_KEY_VALUE' \ 
  -d '{
    "description": "Your Role Description",
    "id": "/authzn/roles/Your_Role_Id",
    "label": "Your Role Name"
}'