Access rules

Access rules provide user authorization to system resources and entities. It is managed using Role-based access control (RBAC) which is a policy-neutral access control mechanism defined around roles and privileges. The components of RBAC make it simple to manage access to system resources and entities. For more information, see Access control.

Create an access rule.

Use to bind a predefined role to a subject (user, group or application) in a scope.

SecuritybearerAuth
Request
Request Body schema: application/json
required

The access rule to create.

subjectId
required
string
subjectType
required
string (SubjectType)
Enum: "user" "app" "group"
roleId
required
integer <int32>
scopeId
required
string
scopeType
required
string (ScopeType)
Enum: "system" "tenant" "cluster" "department" "project"
clusterId
string <uuid> (ClusterId)

The id of the cluster.

Responses
201

Created

400

Bad request.

401

Unauthorized

403

Forbidden

404

The specified resource was not found

500

unexpected error

503

unexpected error

post/api/v1/authorization/access-rules
Request samples
application/json
{
  • "subjectId": "user@run.ai",
  • "subjectType": "user",
  • "roleId": 53142648,
  • "scopeId": "a418ed33-9399-48c0-a890-122cadd13bfd",
  • "scopeType": "system",
  • "clusterId": "71f69d83-ba66-4822-adf5-55ce55efd210"
}
Response samples
application/json
{
  • "subjectId": "user@run.ai",
  • "subjectType": "user",
  • "roleId": 53142648,
  • "scopeId": "a418ed33-9399-48c0-a890-122cadd13bfd",
  • "scopeType": "system",
  • "clusterId": "71f69d83-ba66-4822-adf5-55ce55efd210",
  • "roleName": "admin",
  • "scopeName": "tenant-x",
  • "id": 32,
  • "createdAt": "2019-08-24T14:15:22Z",
  • "updatedAt": "2019-08-24T14:15:22Z",
  • "deletedAt": "2019-08-24T14:15:22Z",
  • "tenantId": 1001,
  • "createdBy": "user@run.ai"
}

List the access rules.

Retrieve a list of access rules.

SecuritybearerAuth
Request
query Parameters
subjectType
string

The type of resource we want to filter by.

Example: subjectType=user
subjectIdFilter
string
Deprecated

Part of the subject id that we want to filter by.

Example: subjectIdFilter=some.user
subjectIds
Array of strings

The ids of the subjects to filter the response for.

Example: subjectIds=some.user@run.ai
limit
integer <int32> [ 1 .. 500 ]
Default: 50

The maximum number of entries to return.

offset
integer <int32>

The offset of the first item returned in the collection.

Example: offset=100
lastUpdated
string

Filter by last update time.

Example: lastUpdated=2021-12-14T16:04:15.099Z
includeDeleted
boolean
Default: false

True to include deleted objects in the result.

Example: includeDeleted=false
clusterId
string <uuid>

Filter using the Universally Unique Identifier (UUID) of the cluster.

Example: clusterId=d73a738f-fab3-430a-8fa3-5241493d7128
scopeType
string
Deprecated

The type of resource we want to filter by.

Example: scopeType=project
scopeId
string

The scope resource id that we want to filter by.

Example: scopeId=2
roleId
integer <int32> >= 1
Deprecated

The role id we want to filter by.

sortOrder
string
Default: "asc"

Sort results in descending or ascending order.

Enum: "asc" "desc"
sortBy
string (AccessRulesSortFilterFields)

Sort results by a parameter.

Enum: "subjectId" "subjectType" "roleId" "scopeId" "scopeType" "roleName" "scopeName" "createdAt" "deletedAt" "createdBy"
filterBy
Array of strings

Filter results by a parameter. Use the format field-name operator value. Operators are == Equals, != Not equals, <= Less than or equal, >= Greater than or equal, =@ contains, !@ Does not contains, =^ Starts with and =$ Ends with. Dates are in ISO 8601 timestamp format and available for operators ==, !=, <= and >=.

Example: filterBy=name!=some-access-rule-name&filterBy=createdAt>=2023-01-01T00:00:00Z
Responses
200

Executed successfully.

401

Unauthorized

403

Forbidden

500

unexpected error

503

unexpected error

get/api/v1/authorization/access-rules
Response samples
application/json
{
  • "totalRecords": 1,
  • "displayRecords": 1,
  • "accessRules": [
    ]
}

Get an access rule.

Use to retrieve the details of an access rule by id.

SecuritybearerAuth
Request
path Parameters
accessRuleId
required
integer <int32> >= 0

The id of the access rule to retrieve

Example: 32
Responses
200

Executed successfully.

401

Unauthorized

403

Forbidden

404

The specified resource was not found

500

unexpected error

503

unexpected error

get/api/v1/authorization/access-rules/{accessRuleId}
Response samples
application/json
{
  • "subjectId": "user@run.ai",
  • "subjectType": "user",
  • "roleId": 53142648,
  • "scopeId": "a418ed33-9399-48c0-a890-122cadd13bfd",
  • "scopeType": "system",
  • "clusterId": "71f69d83-ba66-4822-adf5-55ce55efd210",
  • "roleName": "admin",
  • "scopeName": "tenant-x",
  • "id": 32,
  • "createdAt": "2019-08-24T14:15:22Z",
  • "updatedAt": "2019-08-24T14:15:22Z",
  • "deletedAt": "2019-08-24T14:15:22Z",
  • "tenantId": 1001,
  • "createdBy": "user@run.ai",
  • "scopePath": "runai/production-cluster/dep-42/prj-73"
}

Delete an access rule.

Use to delete the subject permissions assigned by access rule id.

SecuritybearerAuth
Request
path Parameters
accessRuleId
required
integer <int32> >= 0

The id of the access rule to retrieve

Example: 32
Responses
204

No Content.

401

Unauthorized

403

Forbidden

404

The specified resource was not found

500

unexpected error

503

unexpected error

delete/api/v1/authorization/access-rules/{accessRuleId}
Response samples
application/json
{
  • "code": 401,
  • "message": "Issuer is not familiar."
}

Count access rules.

Use to retrieve the number of access rules.

SecuritybearerAuth
Request
query Parameters
includeDeleted
boolean
Default: false

True to include deleted objects in the result.

Example: includeDeleted=false
filterBy
Array of strings

Filter results by a parameter. Use the format field-name operator value. Operators are == Equals, != Not equals, <= Less than or equal, >= Greater than or equal, =@ contains, !@ Does not contains, =^ Starts with and =$ Ends with. Dates are in ISO 8601 timestamp format and available for operators ==, !=, <= and >=.

Example: filterBy=name!=some-access-rule-name&filterBy=createdAt>=2023-01-01T00:00:00Z
Responses
200

Executed successfully.

400

Bad request.

401

Unauthorized

403

Forbidden

500

unexpected error

503

unexpected error

get/api/v1/authorization/access-rules/count
Response samples
application/json
{
  • "count": 1
}