Setting up user roles

From DreamFactory
Jump to: navigation, search
DreamFactoryTutorialsSetting up user roles

Tutorial

Setting up user roles.

Background

Roles govern HTTP access to the REST API endpoints in DreamFactory. When an end user authenticates and receives a JWT token, her role determines which API endpoints she can access.

Roles tie together end users, applications, and services (REST API endpoints) in DreamFactory. More specifically, end users are associated with roles, and roles are associated with both applications and services (REST API endpoints). This data model grants explicit end user access to services in the context of specific applications.

Applications in DreamFactory can have multiple roles. For example, your application might have different classes of users (i.e. user roles) with different API permissions. Applications can also have a default role, which specifies public API access. For example, you might expose some API endpoints without requiring any authentication.

Likewise, end users can have multiple roles. For example, end user John Doe might have different API permissions for different applications.

Example - Creating roles in the DreamFactory admin console

1. Log into the DreamFactory admin console as an Admin.
2. Click on 'Roles' > 'Create'.
3. Fill out role information, service access, and lookup keys (optional). Click to create the role.

Create-role.png

Example - Creating roles with the REST API

You can create roles en masse directly with the API. Click on API docs in the DreamFactory Admin Console and view the '/system/role' API calls.

Swagger-role.png

For example, the POST below to the /system/role API will create two roles.

{
  "resource": [
    {
      "name": "CRM Sales Role",
      "description": "Sales Role for CRM Application",
      "is_active": true
    },
    {
      "name": "CRM Marketing Role",
      "description": "Marketing Role for CRM Application",
      "is_active": true
    }
  ]
}

Example - Creating GET only Role on Apps tab in DreamFactory admin panel

If you would like your users to only be able to GET API Keys from the admin panel and not update or delete them, then this is the role for you!

Apps-tab-role.png