How can I set policies for an API role?

I’ve cloned user, and am now trying to add more GET polices. However, looks like ‘GET’ /system/something, ‘POST’ etc can’t be added as NewPolicy - only GroupFull etc available.
Can this be done in the UI?
or only using POST /system/roles?
or do I need to post new Policy , POST /system/policies?

It doesn’t appear you can use the UI to do this. The only thing available in the UI are the default policies.

However, you can approach this 1 of 2 ways, which you’ve kind of laid out above, you can re-create the role via API with the specific API policies as you see with what is similar to the user role.


curl -X POST "http://IP:9000/api/v1/system/roles" -H "accept: application/json" -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json" -d "{\"id\":\"api_user\",\"policy\":[\"GET /master/groups\",\"GET /system/info\",\"GET /system/info/*\",\"GET /system/logs\",\"GET /system/logs/search\",\"GET /system/logs/notifications.log\",\"GET /system/logs/group/${groupName}/*\",\"GET /system/settings\",\"GET /system/settings/*\",\"GET /system/instance/distributed\",\"GET /system/instance/distributed/*\",\"GET /version\"]}"

However, if you already have the role created, you can then use the API to create a new policy and just apply it to that role:


curl -X POST "http://IP:9000/api/v1/system/policies" -H "accept: application/json" -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json" -d "{\"id\":\"api_policy\",\"template\":[\"GET /master/groups\",\"GET /system/info\",\"GET /system/info/*\",\"GET /system/logs\",\"GET /system/logs/search\",\"GET /system/logs/notifications.log\",\"GET /system/logs/group/${groupName}/*\",\"GET /system/settings\",\"GET /system/settings/*\",\"GET /system/instance/distributed\",\"GET /system/instance/distributed/*\",\"GET /version\"]}"

Something like above will create a policy with the specific attributes that you need and then you can assign it to the existing role.

2 UpGoats