User Roles

Owned by JM Lopez
Last updated: Feb 09, 2022

Introduction

The RESTful API grants Read or ReadWrite access through role-based authorization named Access Roles. This also applies for virtual machine resources such as Memory, CPU, Storage, Domain Migration, VM Prune and Concurrent Virtual Machines deployed, requested in every PUT/POST action. Resource authorization is handled by Request Roles.

Every user in the API gets an Access (read-write) and Request (basic) role assigned by default. The /user/role resource provides information of which access and request role has been assigned to you.

On this page:

The following table shows a brief description and HTTP methods allowed to interact with the user account data:

ResourceURIDescriptionGETPOSTPUTDELETEPATCHOPTIONS
Roles/user/roleUser roles: access and request(tick) 



(tick)

OPTIONS HTTP method

Remember, you can also show what methods are allowed and method description, parameters, etc. by making an OPTIONS HTTP request to /v2/user.

http OPTIONS "https://vss-api.eis.utoronto.ca/v2/user/role"
curl -X OPTIONS "https://vss-api.eis.utoronto.ca/v2/user/role"

List

To list your account access roles, just do a GET request to /user/role as follows:

http GET "https://vss-api.eis.utoronto.ca/v2/user/role" "Authorization: Bearer $TK"
curl -X GET -H "Authorization: Bearer $TK" "https://vss-api.eis.utoronto.ca/v2/user/role"

The response would look something like:

{
    "_links": {
        "self": "http://vss-api.eis.utoronto.ca/v2/user/role",
        "user": "http://vss-api.eis.utoronto.ca/v2/user"
    },
    "data": {
        "access": {
            "description": "general users",
            "entitlements": [
                "ro-access: 1",
                "rw-access: 2"
            ],
            "name": "general"
        },
        "request": {
            "description": "basic resources",
            "entitlements": [
                "memory: 32GB as maximum memory",
                "cpu: Maximum CPU of 8",
                "storage: Maximum disk size 500GB",
                "vm: 5 concurrent vm deployment",
                "domain: Fault domain migration not allowed"
            ],
            "name": "basic"
        }
    },
    "meta": {
        "count": 2,
        "time": "0.00311s",
        "user": "user"
    }
}

In this particular case, the current user holds the "general" access role and the "basic" request role. The basic request role contains the following entitlements:

  • Memory: Maximum memory requested for a virtual machine
  • CPU: Maximum cpu requested for a virtual machine
  • Storage: Maximum size per disk in a given virtual machine.
  • VM: Number of concurrent VM deployment.
  • Domain: Fault domain migration capabilities.

If you happen to require more resources, please, contact us to promote your account.