Groups
The Groups resource provide methods to read and create groups as well as associate roles to groups.
This method allows client applications to retrieve a group and is associated roles/permissions.
GET /groups/{groupName}
| Name | Location | Type | Description |
|---|---|---|---|
| groupName | path | string | The group to retreive |
This request requires authorization with the following scopes:
fabric/authorization.read
Do not supply a request body with this method
[
{
"groupName": string,
"roles": [
{
"id": guid,
"grain": string,
"securableItem": string,
"name": string,
"permissions": [
{
"id": guid,
"grain": string,
"securableItem": string,
"name": string
}
]
}
]
}
]
A Forbidden response will be returned in the following cases:
- If the access token can not be validated (i.e. is forged or doesn't have the correct scope)
This method allows clients to add groups to the Authorization service store.
POST /groups/
| Name | Location | Type | Description |
|---|---|---|---|
| None | N/A | N/A | N/A |
This request requires authorization with the following scopes:
fabric/authorization.write
{
"groupName": string
}
A 201 created response will be returned if the group is successfully created and will include the group object that was created:
{
"id": Guid,
"groupName": string
}
A 400 Bad Request will be returned in the following cases:
- If the request is malformed
- If the group already exists
A Forbidden response will be returned in the following cases:
- If the access token can not be validated (i.e. is forged or doesn't have the correct scope)
This method allows clients to add roles to groups that exist in the Authorization service store.
POST /groups/{groupName}/roles
| Name | Location | Type | Description |
|---|---|---|---|
| groupName | path | string | The group to add roles to |
This request requires authorization with the following scopes:
fabric/authorization.write
[
{
"id": guid,
"grain": string,
"securableItem": string,
"name": string
}
]
A 204 No Content response will be returned if the roles are added to the group successfully.
A 400 Bad Request will be returned in the following cases:
- If the request is malformed
- If the group or role doesn't exist
A Forbidden response will be returned in the following cases:
- If the grain/securableItem on the roles to be added does not match the clientid presented
- If the access token can not be validated (i.e. is forged or doesn't have the correct scope)
DELETE /groups/{groupName}
| Name | Location | Type | Description |
|---|---|---|---|
| groupName | path | guid | The name of the group to delete |
This request requires authorization with the following scopes:
fabric/authorization.write
Do not supply a request body with this method
A 204 no content response will be returned if the group is successfully deleted.
A 400 Bad Request response will be returned in the following cases:
- The group being deleted does not exist in the Authorization service data store
- The request is malformed
A Forbidden response will be returned in the following cases:
- If the access token can not be validated (i.e. is forged or doesn't have the correct scope)
This method allows clients to delete roles from a group that exist in the Authorization service store.
DELETE /groups/{groupName}/roles
| Name | Location | Type | Description |
|---|---|---|---|
| groupName | path | string | The group to delete the roles from |
This request requires authorization with the following scopes:
fabric/authorization.write
[
{
"id": guid,
"grain": string,
"securableItem": string,
"name": string
}
]
A 204 No Content response will be returned if the roles are deleted from the group successfully.
A 400 Bad Request will be returned in the following cases:
- If the request is malformed
- If the role or group doesn't exist
A Forbidden response will be returned in the following cases:
- If the requested grain/securableItem does not match the clientid presented
- If the access token can not be validated (i.e. is forged or doesn't have the correct scope)