Arcadia Enterprise provides URL access to ArcViz server object, roles.
To support environments where the users
and
groups
information is stored outside the ArcViz
environment, such as LDAP, the role membership lists for users and groups
only store names. During role update and create operations, ArcViz accepts
the user and group names 'as is', without validating them.
Each entry in the privs
list corresponds to a single privilege
row in the ArcViz role edit screen. Each row contains fields for the
privilege type (ptype
), an identifier section, and a list
of permissions (perms
) for the identified objects, such as
datasets or data connections. Each privilege type has a specific identifier,
and set of possible permissions. ArcViz stores the dataset IDs and
connection IDs within the identifier sections as a STRING
,
and uses the special value "-1
" to indicate "All datasets"
or "All connections".
Field | Detail Only | Updatable | Description |
---|---|---|---|
id |
No | No | Role ID |
name |
No | Yes | Role name |
desc |
No | Yes | Role description |
users |
No | Yes | List of usernames that belong to this role |
groups |
No | Yes | List of groups that belong to this role |
privs |
Yes | Yes | List of privilege structures for this role, as described in Privileges Types |
The Arcadia Enterprise Role-Based Access Control system supports the following permission types:
Permission Name | Description |
---|---|
sys_editperm |
Manage roles and users |
sys_styles |
Manage styles and settings |
sys_viewlogs |
View query logs |
sys_editconn |
Manage data connections |
Field Name | Description | Example |
---|---|---|
dclist |
List of data connection IDs, or
-1 for 'All data
connections' |
"dclist" : ["-1"]
|
Permission Name | Description |
---|---|
dc_aviews |
Manage analytical views |
dc_upload |
Import data |
dc_expore |
Create datasets and explore tables |
Field Name | Description | Example |
---|---|---|
dcid |
Data
connection ID for this privilege, or
-1 for 'All' |
"dcid" : "-1"
|
dslist |
List of dataset IDs for this privilege |
|
Permission Name | Description |
---|---|
dc_aviews |
Manage analytical views |
dc_upload |
Import data |
dc_expore |
Create datasets and explore tables |
The following code creates a new role with groups
dataconn_managers
and
arcviz_admins
. The role has system-level
permissions to view logs, and to create new datasets. It also has
full permissions on all connections and all datasets.
The example in this article use an APIKey obtained through the Manage API
Keys interface, on the
host:port/arc/apps/apikeys
browser page of the ArcViz installation (see Creating New API Keys). The actual APIKey
and the method of retrieving the key depends on the user system.
curl -s \
-X POST \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "Authorization: apikey api_key" \
-d 'data=[{
"name": "Connection manager",
"desc": "Data connection management",
"groups": ["dataconn_managers", "arcviz_admins"],
"privs": [
{"ptype": "system",
"perms": ["sys_viewlogs", "sys_editconn"]
},
{"ptype": "dataconn",
"dclist": ["-1"],
"perms": ["dc_aviews", "dc_upload", "dc_explore"]
},
{"ptype": "dataset",
"dcid": "-1",
"dslist": ["-1"],
"perms": ["ds_manage", "ds_appedit", "ds_appview"]
}
]
}]' \
127.0.0.1:7999/arc/adminapi/roles
When viewing this role through the ArcViz GUI, it appears on the edit screen like this: