ROCKITPLAY API
  1. ROCKIT Edge - Backend API
ROCKITPLAY API
  • ROCKIT Edge - Admin API
    • Minimal Tests
      • ping
      • submit test task
    • Admin Edge Organizations
      • Create Organization
      • Delete Organization
  • ROCKIT Edge - Backend API
    • Backend Edge Organizations
      • Create Organization
      • Delete Organization
    • Authentication
      • user login
      • authentication
    • Account Management
      • get user details
      • list users
      • Modify user
      • delete users
      • Create User / Create Machine User
    • Deployments
      • Creating Deployments
      • Get Deployments
      • Get Deployment Details
      • Modify Deployment
      • Deleting Deployments
    • Apps
      • Creating Apps
      • Import native builds
      • App Details
      • List Apps
      • patch app
      • Delete Apps
    • Triggers
      • Process Traces
      • Retry Task
    • Tasks
      • Listing Tasks
      • Task Details
      • Acknowledge Warning / Expire Task
    • Subscriptions
      • Subscribe
      • List Subscriptions
      • Unsubscribe
    • Roles
      • List Roles
      • Create Role
      • Patch Role
      • Role Details
      • Delete Roles
  • Changelog
    • Changelog
  1. ROCKIT Edge - Backend API

Roles

Access Control#

The ROCKITPLAY API follows the CRUDX (Create, Read, Update, Delete, Execute) approach. Every endpoint can access a resource such as Apps, Backend Users, Bundles, Consumption, Dependencies, Deployments, Keys, Roles, Sources, Subscriptions, Tasks, or Trainings. The request method specifies how the endpoint accesses the corresponding resource. Typically, that is
Create:
POST /be/v1/*
Read:
GET /be/v1/*
Update:
PATCH /be/v1/*
Delete:
DELETE /be/v1/*
eXecute:
POST /be/v1/trigger
ROCKITPLAY allows to define Roles which specify these CRUDX permissions for each individual resource. By associating Users with one or many Roles the resource access can be controlled for individually.

Bit masks#

The access is defined as bitmask with the following values:
eXecuteDeleteUpdateReadCreate
168421
Example: To grant Read and Update permissions define a value of 6 = 4 + 2.
The following table defines the maximum supported permission values for each resource:
Resource IdCRUDXMax. Value
appscreate, read, update, delete15
beUserscreate, read, update, delete15
bundlescreate, read, update, delete15
consumptionread2
dependenciescreate, read, update, delete15
deploymentscreate, read, update, delete15
keyscreate, read, update, delete15
rolescreate, read, update, delete15
sourcescreate, read, update, delete15
subscriptionscreate, read, update, delete15
taskscreate, read, update, delete, execute31
trainingsread, update6
Each ROCKITPLAY Organization will always have an Administrators Role with the above mentioned maximum permission values.

Example Roles#

Depending on the workflow and policies the following Roles may be useful:
Account Admins:
Grant full access to manage ROCKITPLAY Roles and backend users.
CI Pipeline Services:
Allow CI machine users full access to Apps only.
Managers:
Grant broad access to ROCKITPLAY training cycle except for
configuring external services such as CDN origins or subscriptions
(web hooks, Slack).
System Engineers:
Grant only access to CDN origins and subscriptions (web hooks, Slack).
and when supporting ROCKIT StreamInstaller:
Access Control:
Allow creation of ROCKIT StreamInstaller bundles and control training.
Testers:
Grant access to ROCKIT StreamInstaller bundles.
These example Roles would be configured with the following permission values:
RoleappsbeUsersbundlesconsumptiondependenciesdeploymentskeysrolessourcessubscriptionstaskstrainings
Access Control0020001500002
Account Admins01500000150000
CI Pipeline Services1500000000000
Managers1503101521502066
System Engineers000001500151500
Testers002000000000
Previous
Unsubscribe
Next
List Roles
Built with