clarify the permision system of the api in the docs

Clarify that the permission system used by the api isn't equivalent
with the system used by the Icinga Web 2 frontend. And that its rather based
on the url scheme of the API endpoints.
This commit is contained in:
Leah Oswald 2018-06-05 16:20:09 +02:00
parent 592fb22c7f
commit 1f681e195d
1 changed files with 4 additions and 2 deletions

View File

@ -196,13 +196,15 @@ actions on the URL endpoints.
Permissions for API users must be specified in the `permissions` attribute Permissions for API users must be specified in the `permissions` attribute
as array. The array items can be a list of permission strings with wildcard as array. The array items can be a list of permission strings with wildcard
matches. matches. Please notice, that the permission system that is used by the API differs from the permission system used by the Icinga Web 2 frontend or other parts of Icinga 2.
The permission system mainly relies on the url scheme of the API endpoints (See listing below).
Example for an API user with all permissions: Example for an API user with all permissions:
permissions = [ "*" ] permissions = [ "*" ]
Note that you can use wildcards. Here's another example that only allows the user Note that you can use wildcards to include all possible hierarchically lower items. Here's another example that only allows the user
to perform read-only object queries for hosts and services: to perform read-only object queries for hosts and services:
permissions = [ "objects/query/Host", "objects/query/Service" ] permissions = [ "objects/query/Host", "objects/query/Service" ]