Skip to content

Roles configuration

ARLAS allows the configuration of roles with permissions. Most of the permissions are access rules that define a URL path with the allowed HTTP verbs.

A rule is an expression composed of three parts separated with the character : :

  • the r prefix for declaring the expression as a rule (h is for declaring a header)
  • the path as a pattern (e.g. `/shop/.*)
  • a comma separated list of HTTP verbs

For instance, the following line is the rule for allowing GET and DELETE on any path starting with /aproc/jobs/:

      - r:/aproc/jobs/.*:GET,DELETE

A role is defined with:

  • a role name
  • a description
  • a list of permissions

Note

The role name must start with role/arlas/ in order to be taken into account by ARLAS.

Example

  role/arlas/downloader:
    description:
    - "Can interact with the download API: Describe download process, launch download processes, get and delete a task status."
    permissions:
    - r:/aproc/processes/download:GET
    - r:/aproc/processes/download/execution:POST
    - r:/aproc/jobs/.*:GET,DELETE