Arcadia Enterprise provides URL access to the ArcViz server object, roles.
To support installations that store the users
and
groups
information outside the ArcViz environment
(such as LDAP), the role membership lists for users and groups only store
names. During role update and create operations, ArcViz accepts the user and
group names 'as is', without validating them.
Each entry in the privs
list corresponds to a single privilege
row in the ArcViz role edit screen. Each row contains fields for the
privilege type (ptype
), an identifier section, and a list
of permissions (perms
) for the identified objects, such as
datasets or data connections. Each privilege type has a specific identifier,
and set of possible permissions. ArcViz stores the dataset IDs and
connection IDs within the identifier sections as a STRING
,
and uses the special value "-1
" to indicate "All datasets"
or "All connections".
The JSON fields for role's data type are defined as follows:
Field | Detail Only | Updatable | Description |
---|---|---|---|
id |
No | No | Role ID |
name |
No | Yes | Role name |
desc |
No | Yes | Role description |
users |
No | Yes | List of usernames that belong to this role |
groups |
No | Yes | List of groups that belong to this role |
privs |
Yes | Yes | List of privilege structures for this role, as described in Privileges Types |
The Arcadia Enterprise Role-Based Access Control system supports the following permission types:
Permission Name | Description |
---|---|
sys_editperm |
Manage roles and users |
sys_styles |
Manage styles and settings |
sys_viewlogs |
View query logs |
sys_editconn |
Manage data connections |
Field Name | Description | Example |
---|---|---|
dclist |
List of data connection IDs, or
-1 for 'All data
connections' |
"dclist" : ["-1"]
|
Permission Name | Description |
---|---|
dc_aviews |
Manage analytical views |
dc_upload |
Import data |
dc_expore |
Create datasets and explore tables |
Field Name | Description | Example |
---|---|---|
dcid |
Data
connection ID for this privilege, or
-1 for 'All' |
"dcid" : "-1"
|
dslist |
List of dataset IDs for this privilege |
|
Permission Name | Description |
---|---|
dc_aviews |
Manage analytical views |
dc_upload |
Import data |
dc_expore |
Create datasets and explore tables |
The following code creates a new role with groups
dataconn_managers
and
arcviz_admins
. The role has system-level
permissions to view logs, and to create new datasets. It also has
full permissions on all connections and all datasets.
The example in this article use an API Key obtained through the Manage
API Keys interface, on the
host:port/arc/apps/apikeys
browser page of the ArcViz installation (see Creating New API Keys). The actual API Key
and the method of retrieving the key depends on the user system.
curl -s \
-X POST \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "Authorization: apikey api_key" \
-d 'data=[{
"name": "Connection manager",
"desc": "Data connection management",
"groups": ["dataconn_managers", "arcviz_admins"],
"privs": [
{"ptype": "system",
"perms": ["sys_viewlogs", "sys_editconn"]
},
{"ptype": "dataconn",
"dclist": ["-1"],
"perms": ["dc_aviews", "dc_upload", "dc_explore"]
},
{"ptype": "dataset",
"dcid": "-1",
"dslist": ["-1"],
"perms": ["ds_manage", "ds_appedit", "ds_appview"]
}
]
}]' \
127.0.0.1:7999/arc/adminapi/roles
When viewing this role through the ArcViz user interface, it appears on the edit screen like this: