Version 2.20 has reached end of support. Upgrade to a newer supported version.
Ctrlk
Contact support

Access rules

Access rules provide user authorization to system resources and entities. It is managed using Role-based access control (RBAC) which is a policy-neutral access control mechanism defined around roles and privileges. The components of RBAC make it simple to manage access to system resources and entities. For more information, see Access control.

List the access rules.

get

Retrieve a list of access rules.

Authorizations
AuthorizationstringRequired

Bearer authentication

Query parameters
subjectTypestringOptional

The type of resource we want to filter by.

Example: user
subjectIdFilterstringOptionalDeprecated

Part of the subject id that we want to filter by.

Example: some.user
subjectIdsstring[]Optional

The ids of the subjects to filter the response for.

Example: some.user@run.ai
limitinteger · int32 · min: 1 · max: 500Optional

The maximum number of entries to return.

Default: 50
offsetinteger · int32Optional

The offset of the first item returned in the collection.

Example: 100
lastUpdatedstringOptional

Filter by last update time.

Example: 2021-12-14T16:04:15.099Z
includeDeletedbooleanOptional

True to include deleted objects in the result.

Default: falseExample: false
clusterIdstring · uuidOptional

Filter using the Universally Unique Identifier (UUID) of the cluster.

Example: d73a738f-fab3-430a-8fa3-5241493d7128
scopeTypestringOptionalDeprecated

The type of resource we want to filter by.

Example: project
scopeIdstringOptional

The scope resource id that we want to filter by.

Example: 2
roleIdinteger · int32 · min: 1OptionalDeprecated

The role id we want to filter by.

sortOrderstring · enumOptional

Sort results in descending or ascending order.

Default: ascPossible values:
sortBystring · enumOptional

Sort results by a parameter.

Possible values:
filterBystring[]Optional

Filter results by a parameter. Use the format field-name operator value. Operators are == Equals, != Not equals, <= Less than or equal, >= Greater than or equal, =@ contains, !@ Does not contains, =^ Starts with and =$ Ends with. Dates are in ISO 8601 timestamp format and available for operators ==, !=, <= and >=.

Example: ["name!=some-access-rule-name","createdAt>=2023-01-01T00:00:00Z"]
searchstringOptional

Filter results by a free text search.

Example: test project
Responses
get
/api/v1/authorization/access-rules

Create an access rule.

post

Use to bind a predefined role to a subject (user, group or application) in a scope.

Authorizations
AuthorizationstringRequired

Bearer authentication

Body
subjectIdstringRequiredExample: user@run.ai
subjectTypestring · enumRequiredPossible values:
roleIdinteger · int32RequiredExample: 53142648
scopeIdstringRequiredExample: a418ed33-9399-48c0-a890-122cadd13bfd
scopeTypestring · enumRequiredPossible values:
clusterIdstring · uuidOptional

The id of the cluster.

Example: 71f69d83-ba66-4822-adf5-55ce55efd210
Responses
201

Created

application/json
subjectIdstringRequiredExample: user@run.ai
subjectTypestring · enumRequiredPossible values:
roleIdinteger · int32RequiredExample: 53142648
scopeIdstringRequiredExample: a418ed33-9399-48c0-a890-122cadd13bfd
scopeTypestring · enumRequiredPossible values:
clusterIdstring · uuidOptional

The id of the cluster.

Example: 71f69d83-ba66-4822-adf5-55ce55efd210
roleNamestringRequiredExample: admin
scopeNamestringRequiredExample: tenant-x
idinteger · int32RequiredExample: 32
createdAtstring · date-timeRequired
updatedAtstring · date-timeRequired
deletedAtstring · date-time · nullableOptional
tenantIdinteger · int32Required

The id of the tenant.

Example: 1001
createdBystringRequiredExample: user@run.ai
post
/api/v1/authorization/access-rules

Get an access rule.

get

Use to retrieve the details of an access rule by id.

Authorizations
AuthorizationstringRequired

Bearer authentication

Path parameters
accessRuleIdinteger · int32Required

The id of the access rule to retrieve

Example: 32
Responses
get
/api/v1/authorization/access-rules/{accessRuleId}

Delete an access rule.

delete

Use to delete the subject permissions assigned by access rule id.

Authorizations
AuthorizationstringRequired

Bearer authentication

Path parameters
accessRuleIdinteger · int32Required

The id of the access rule to retrieve

Example: 32
Responses
delete
/api/v1/authorization/access-rules/{accessRuleId}
No content

Count access rules.

get

Use to retrieve the number of access rules.

Authorizations
AuthorizationstringRequired

Bearer authentication

Query parameters
includeDeletedbooleanOptional

True to include deleted objects in the result.

Default: falseExample: false
filterBystring[]Optional

Filter results by a parameter. Use the format field-name operator value. Operators are == Equals, != Not equals, <= Less than or equal, >= Greater than or equal, =@ contains, !@ Does not contains, =^ Starts with and =$ Ends with. Dates are in ISO 8601 timestamp format and available for operators ==, !=, <= and >=.

Example: ["name!=some-access-rule-name","createdAt>=2023-01-01T00:00:00Z"]
searchstringOptional

Filter results by a free text search.

Example: test project
Responses
get
/api/v1/authorization/access-rules/count
PreviousAdministrator Command Line InterfaceNextPermissions

Last updated