...
For a seemless transition to AAF, the first roles we use for our clients will be called org.onap.aai.resources_all and org.onap.aai.traversal_all with read and write permissionadvanced and org.onap.aai.resources_readonly and org.onap.aai.traversal_readonly with read only permissionbasic. These roles will be assigned to all users/applications which access A&AI web services.
Role name | Meaning |
---|
org.onap.aai. |
traversalallPermission type | instances | all | read + write access to the resources web service |
actiontraversal* | get | resources_readonly | read-only access to the resources web service |
org.onap.aai.traversal |
* | put | _advanced | applications may issue basic and advanced queries in the traversal web service |
org.onap.aai.traversal_basic | applications may issue only basic queries in the traversal web service |
Role | * | post | org.onap.aai.traversal_advanced |
---|
Permission type | instances | action | * | delete |
---|
org.onap.aai.traversal | * | patchadvanced |
|
Role org.onap.aai.resources_all |
---|
Permission type | instances | action |
---|
org.onap.aai.resources | * | get | org.onap.aai.resources | * | put | org.onap.aai.resources | * | post | org.onap.aai.resources | * | delete | org.onap.aai.resources | * | patch |
|
...
Role org.onap.aai.traversal_readonlybasic |
---|
Permission type | instances | action |
---|
org.onap.aai.traversal | ??? | * | basic??? |
|
Resources webservice AAF role and permission setup
Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
title | AAF role permission setup |
---|
|
role create org.onap.aai.resources_all
perm create org.onap.aai.resources * get org.onap.aai.resources_all
perm create org.onap.aai.resources * put org.onap.aai.resources_all
perm create org.onap.aai.resources * post org.onap.aai.resources_all
perm create org.onap.aai.resources * patch org.onap.aai.resources_all
perm create org.onap.aai.resources * delete org.onap.aai.resources_all
user role add demo@people.osaaf.org org.onap.aai.resources_all #just an example, add role to the correct user
role create org.onap.aai.resources_readonly
perm create org.onap.aai.resources * get org.onap.aai.resources_readonly |
Open questions
...
role create org.onap.aai.traversal_basic
perm create org.onap.aai.traversal * basic org.onap.aai.traversal_basic
role create org.onap.aai.traversal_advanced
perm create org.onap.aai.traversal * advanced org.onap.aai.traversal_advanced
user role add demo@people.osaaf.org org.onap.aai.traversal_advanced #just an example, add role to the correct user |
Open questions
...