πŸ“˜

Enterprise Feature

Role policies allow developers to link an Application User role to a particular schema, and define the shape of the resources they can interact with. For example, a role for a device engineer that only allows them to create Thngs that have a pre-defined set of fields, and guarantee that all required properties is present.

If multiple schemas are required to be associated with a role, this can be easily achieved by creating multiple policies for that same role.

πŸ“˜

Note

Once created, policies cannot be updated. You must delete the original policy and create a new one with the new data.


API Status
General Availability:
/roles/:roleId/policies

PolicyDocument Data Model

.schema (string, read-only)
    ID of the schema to apply to this role.

.id (string, read-only)
    The ID of this resource.

.createdAt (integer, read-only)
    Timestamp when the resource was created.

.role (string, read-only)
    ID of the role this policy applies to.
{
  "type": "object",
  "description": "Object representing a role policy.",
  "properties": {
    "schema": {
      "type": "string",
      "description": "ID of the schema to apply to this role.",
      "pattern": "^[abcdefghkmnpqrstwxyABCDEFGHKMNPQRSTUVWXY0123456789]{24}$",
      "readOnly": true
    },
    "id": {
      "type": "string",
      "description": "The ID of this resource.",
      "pattern": "^[abcdefghkmnpqrstwxyABCDEFGHKMNPQRSTUVWXY0123456789]{24}$",
      "readOnly": true
    },
    "createdAt": {
      "type": "integer",
      "description": "Timestamp when the resource was created.",
      "readOnly": true,
      "minimum": 0
    },
    "role": {
      "type": "string",
      "description": "ID of the role this policy applies to.",
      "pattern": "^[abcdefghkmnpqrstwxyABCDEFGHKMNPQRSTUVWXY0123456789]{24}$",
      "readOnly": true
    }
  }
}
{
  "schema": "U3qcEeh9qQ9BhPaRahAXKPsm",
  "id": "Um8f62yBeMPrQ7waRFTSpc6p",
  "createdAt": 1508231204076,
  "role": "59b8f735d3fa773000b27691"
}

Create a Policy

Create a new policy to link a role with a schema.

POST /roles/:roleId/policies
Content-Type: application/json
Authorization: $OPERATOR_API_KEY

PolicyDocument
curl -H "Content-Type: application/json" \
  -H "Authorization: $OPERATOR_API_KEY" \
  -X POST 'https://api.evrythng.com/roles/592d70418c5e3f2800408a74/policies' \
  -d '{
    "schema": "UmB5GSEqBD8w95aRwFWrmEph"
  }'
const roleId = '593fa5dd7acb792c000223b5';
const policy = { 
  schema: 'UGBHm6BFVDsaQKRwaFCrGhmp'
};

operator.role(roleId).policy().create(policy).then(console.log);
HTTP/1.1 201 Created
Content-Type: application/json

{
  "schema": "UGBHm6BFVDsaQKRwaFCrGhmp",
  "id": "UGBKmeNEBDPa9pRaa2CN3Epk",
  "createdAt": 1498125527441,
  "role": "593fa5dd7acb792c000223b5"
}

Read all Policies

Read all policies associated with a role. The result may be paginated if there are more than 30 items.

GET /roles/:roleId/policies
Authorization: $OPERATOR_API_KEY
curl -H "Authorization: $OPERATOR_API_KEY" \
  -X GET 'https://api.evrythng.com/roles/592d70418c5e3f2800408a74/policies'
const roleId = '593fa5dd7acb792c000223b5';

operator.role(roleId).policy().read().then(console.log);
HTTP/1.1 200 OK
Content-Type: application/json

[
  {
    "schema": "UmB5GSEqBD8w95aRwFWrmEph",
    "id": "UGBKmeNEBDPa9pRaa2CN3Epk",
    "createdAt": 1498125527441,
    "role": "593fa5dd7acb792c000223b5"
  }
]

Read a Policy

Read a single policy by ID.

GET /roles/:roleId/policies/:policyId
Authorization: $OPERATOR_API_KEY
curl -H "Authorization: $OPERATOR_API_KEY" \
  -X GET 'https://api.evrythng.com/roles/592d70418c5e3f2800408a74/policies/UGBKmeNEBDPa9pRaa2CN3Epk'
const roleId = '593fa5dd7acb792c000223b5';
const policyId = 'UmfeqsrXBMs7QraRaE2ysqmk';

operator.role(roleId).policy(policyId).read().then(console.log);
HTTP/1.1 200 OK
Content-Type: application/json

{
  "schema": "UmB5GSEqBD8w95aRwFWrmEph",
  "id": "UGBKmeNEBDPa9pRaa2CN3Epk",
  "createdAt": 1498125527441,
  "role": "592d70418c5e3f2800408a74"
}

Delete a Policy

Delete a policy by ID.

DELETE /roles/:roleId/policies/:policyId
Authorization: $OPERATOR_API_KEY
curl -H "Authorization: $OPERATOR_API_KEY" \
  -X DELETE 'https://api.evrythng.com/roles/592d70418c5e3f2800408a74/policies/UGBKmeNEBDPa9pRaa2CN3Epk'
const roleId = '593fa5dd7acb792c000223b5';
const policyId = 'UmfeqsrXBMs7QraRaE2ysqmk';

operator.role(roleId).policy(policyId).delete().then(() => console.log('Deleted'));
HTTP/1.1 204 No Content