NSX-T Data Center REST API
Associated URIs:
| API Description | API Path |
|---|---|
List RBAC featuresList all the RBAC features and their properties. |
GET /policy/api/v1/aaa/features-with-properties
GET /api/v1/aaa/features-with-properties |
Get all users and groups with their rolesGet all users and groups with their roles. If the root_path is provided then only return role bindings that start-with or are sub-trees of the provided root path. Also filter the roles_for_paths such that only those roles_for_paths appear that start-with or are sub-tree of the provided root path. |
GET /policy/api/v1/aaa/role-bindings
GET /api/v1/aaa/role-bindings |
Delete all stale role assignments |
POST /policy/api/v1/aaa/role-bindings?action=delete_stale_bindings
POST /api/v1/aaa/role-bindings?action=delete_stale_bindings |
Assign roles to User or GroupThis API is used to assign a user/group any role(s) of choice. It is recommended to use the new property roles_for_paths instead of roles. When using the roles_for_paths, set the read_roles_for_paths as true. User has union of all the roles assigned to it on a particular path and its sub-tree. User name is dealt case-insensitively. |
POST /policy/api/v1/aaa/role-bindings
POST /api/v1/aaa/role-bindings |
Delete user/group's roles assignmentDelete the user/group's role assignment. If the path is provided then deletes only the roles_for_paths that matches the path. If path is provided for the last roles_for_paths then the whole role binding is deleted provided it is not that of a local user. For deleting multiple paths, please provide semi-colon ';' separated paths in the request parameter. |
DELETE /policy/api/v1/aaa/role-bindings/{binding-id}
DELETE /api/v1/aaa/role-bindings/{binding-id} |
Get user/group's role information |
GET /policy/api/v1/aaa/role-bindings/{binding-id}
GET /api/v1/aaa/role-bindings/{binding-id} |
Update User or Group's rolesThis API is used to update a user/group any role(s) of choice. It is recommended to use the new property roles_for_paths instead of roles. When using the roles_for_paths, set the read_roles_for_paths as true. User has union of all the roles assigned to it on a particular path and its sub-tree. User name is dealt case-insensitively. This API will merge the existing roles_for_paths with the newly provided roles_for_paths excluding roles_for_paths those are marked for deletion. |
PUT /policy/api/v1/aaa/role-bindings/{binding-id}
PUT /api/v1/aaa/role-bindings/{binding-id} |
Get information about all roles |
GET /policy/api/v1/aaa/roles
GET /api/v1/aaa/roles |
Validate a new feature permission setValidate the permissions of an incoming role. Also, recommend the permissions which need to be corrected. |
POST /policy/api/v1/aaa/roles?action=validate
POST /api/v1/aaa/roles?action=validate |
Get information about all roles with features and their permissions |
GET /policy/api/v1/aaa/roles-with-feature-permissions
GET /api/v1/aaa/roles-with-feature-permissions |
Delete custom roleIf a role is assigned to a role binding then the deletion of the role is not allowed. Precanned roles cannot be deleted. |
DELETE /policy/api/v1/aaa/roles/{role}
DELETE /api/v1/aaa/roles/{role} |
Get role information |
GET /policy/api/v1/aaa/roles/{role}
GET /api/v1/aaa/roles/{role} |
Clone an already present roleThe role with id <role> is cloned and the new id, name and description are the ones provided in the request body. |
POST /policy/api/v1/aaa/roles/{role}?action=clone
POST /api/v1/aaa/roles/{role}?action=clone |
Update custom roleCreates a new role with id as <role> if there does not exist any role with id <role>, else updates the existing role. Permissions for features marked is_internal as true will be ignored if provided in request payload. These features' permission are set internally. |
PUT /policy/api/v1/aaa/roles/{role}
PUT /api/v1/aaa/roles/{role} |
Set role assignment permission configurationProvides a means to allow or disallow project administrators and VPC administrators to assign roles to other users on projects and VPCs. |
PUT /policy/api/v1/aaa/roles/{role}/role-assignment-permission-config
PUT /api/v1/aaa/roles/{role}/role-assignment-permission-config |
Get all users and groups with their rolesGet all users and groups with their roles from CSP. If the root_path is provided then only return role bindings that start-with or are sub-trees of the provided root path. Also filter the roles_for_paths such that only those roles_for_paths appear that start-with or are sub-tree of the provided root path. |
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/aaa/role-bindings
|
Assign roles to User or GroupThis API is used to assign a user/group any role(s) of choice on CSP. It is recommended to use the new property roles_for_paths instead of roles. When using the roles_for_paths, set the read_roles_for_paths as true. User has union of all the roles assigned to it on a particular path and its sub-tree. User name is dealt case-insensitively. |
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/aaa/role-bindings
|
Delete user/group's roles assignmentDelete the user/group's role assignment on CSP. If the path is provided then deletes only the roles_for_paths that matches the path. If path is provided for the last roles_for_paths then the whole role binding is deleted provided it is not that of a local user. |
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/aaa/role-bindings/{binding-id}
|
Get user/group's role information from CSP |
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/aaa/role-bindings/{binding-id}
|
Get information about all roles |
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/aaa/roles
|
Get all users and groups with their rolesGet all users and groups with their roles from CSP. If the root_path is provided then only return role bindings that start-with or are sub-trees of the provided root path. Also filter the roles_for_paths such that only those roles_for_paths appear that start-with or are sub-tree of the provided root path. |
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/vpcs/{vpc-id}/aaa/role-bindings
|
Assign roles to User or GroupThis API is used to assign a user/group any role(s) of choice on CSP. It is recommended to use the new property roles_for_paths instead of roles. When using the roles_for_paths, set the read_roles_for_paths as true. User has union of all the roles assigned to it on a particular path and its sub-tree. User name is dealt case-insensitively. |
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/vpcs/{vpc-id}/aaa/role-bindings
|
Delete user/group's roles assignmentDelete the user/group's role assignment on CSP. If the path is provided then deletes only the roles_for_paths that matches the path. If path is provided for the last roles_for_paths then the whole role binding is deleted provided it is not that of a local user. |
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/vpcs/{vpc-id}/aaa/role-bindings/{binding-id}
|
Get user/group's role information from CSP |
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/vpcs/{vpc-id}/aaa/role-bindings/{binding-id}
|
Get information about all roles |
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/vpcs/{vpc-id}/aaa/roles
|