Forum Discussion

wuench_99164's avatar
wuench_99164
Icon for Altocumulus rankAltocumulus
Aug 04, 2016

iWorkflow 2.0 - Allowed REST URI Mask in User Roles

What are the rules to enter the "Allowed REST URI Mask" under User Roles in iWorkflow? Can we put asterisks anywhere? Does it allow reg-ex?   It looks like even the example URI in the dialog do...
  • Eric_Chen_12394's avatar
    Aug 05, 2016

    When I've tested this out I also see the red square, but I'm still able to save the URI Mask. Here's an example for limiting access to only allow to add/remove pool members. Replace UUID / Partition / Pool name with your own value.

     

    GET         /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/sys 
    GET         /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool
    GET         /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool/~Docker~www_pool
    GET, POST   /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool/~Docker~www_pool/members/
    GET, DELETE /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool/~Docker~www_pool/members/*
    

     

    Another example with asterisks (will replace the entire path segment, does not appear to allow you to do partial paths)

     

    GET         /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/sys 
    GET         /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool
    GET         /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool/*
    GET, POST   /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool/*/members/
    GET, DELETE /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool/*/members/*