Skip to main content

RBAC API

Role-Based Access Control (RBAC) allows you to manage roles, permissions, and directory federation.

Roles & Permissions

List Permissions

GET /api/rbac/permissions Returns a catalog of all available permissions in the tenant.

Get RBAC Capabilities

GET /api/rbac/capabilities Returns the capabilities of the RBAC system, such as whether Directory Management is enabled.

List Roles

GET /api/rbac/roles Returns all roles available in the tenant.

List Members

GET /api/rbac/members Returns all members (users) assigned to roles in the tenant.

Add Member

POST /api/rbac/members Adds a new member and assigns them roles.

Set Role Permissions

PUT /api/rbac/roles/{role}/permissions Updates the permissions assigned to a specific role.

Reset Role Permissions

POST /api/rbac/roles/{role}/reset Resets a role's permissions to the default state.

Set Member Roles

PUT /api/rbac/members/{subject}/roles Updates the roles assigned to a specific member.

Directory Federation (LDAP/AD)

Note: Directory Federation endpoints are only available when Directory Management is enabled (e.g., in Managed/On-Prem deployments).

Get Directory Federation

GET /api/rbac/directory Gets the current LDAP/AD directory federation configuration.

Configure Directory Federation

PUT /api/rbac/directory Configures LDAP/AD directory federation.

Remove Directory Federation

DELETE /api/rbac/directory Removes the LDAP/AD directory federation.

Test Directory Connection

POST /api/rbac/directory/test Tests the LDAP/AD connection using the provided configuration.

Trigger Directory Sync

POST /api/rbac/directory/sync Triggers a synchronization with the configured directory.

List Directory Groups

GET /api/rbac/directory/groups Lists all groups synchronized from the directory.

Get Group Binding

GET /api/rbac/group-bindings/{groupId} Gets the role binding for a specific directory group.

Set Group Binding

PUT /api/rbac/group-bindings/{groupId} Binds a directory group to a specific role.

Remove Group Binding

DELETE /api/rbac/group-bindings/{groupId} Removes a role binding from a directory group.