User roles for REST API access
Set up role-based access control for the REST API.
The following table describes the user roles and the access
that each role has to the REST API.
User role | Level of access |
---|---|
iaRESTReader | Read only |
iaRESTWriter | Read, create, update, and delete |
If you have read-only iaRESTReader access, the actions that you can take by using the REST API are limited. For example, you can send a GET request but not a PUT request.
If you have
iaRESTWriter access, you can create and manage entities by using the
GET, POST, PUT, and DELETE methods. The following table lists the
requests that are accessible for each user role.
REST request | Purpose | User role |
---|---|---|
GET (single entity) | Retrieving entities | iaRESTReader and iaRESTWriter |
GET | Retrieving entities and aggregates | iaRESTReader and iaRESTWriter |
POST | Creating entities | iaRESTWriter |
PUT | Updating entity data | |
DELETE | Deleting entities |
To set up the access control, modify the server.xml configuration
file and add a <security-role> element for each
user role.
<authorization-roles id="iaAuthorization">
<security-role name="iaRESTWriter">
<user name="admin"/>
</security-role>
<security-role name="iaRESTReader">
<user name="tester"/>
</security-role>
</authorization-roles>
Important: The id="iaAuthorization" attribute
is required in the <authorization-roles> element
to associate the user roles with access to the REST API.
The WebSphere® Application
Server documentation
provides examples to help you map additional users and groups in the
OSGi bundle manifest file. See Securing an application endpoint.