Versions Compared

Old Version 16

changes.mady.by.user Former user

Saved on

compared with

New Version 17

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Integration details

...

There will be a separate permission for traversal and resources web services. Let's call these permissions org.onap.aai.resources and org.onap.aai.traversal. For now we will not distinguish between different objects we could affect, so the instance will always be "*" meaning everything. Actions will be mapped to HTTP verbs - GET, PUT, POST, DELETE, PATCH.

For a seemless transition to AAF, the first roles we use for our clients will be called org.onap.aai.resources_all and org.onap.aai.traversal_all with read and write permissionadvanced and org.onap.aai.resources_readonly and org.onap.aai.traversal_readonly with read only permissionbasic. These roles will be assigned to all users/applications which access A&AI web services.

Role nameMeaning
org.onap.aai.
traversal
resources_
allPermission typeinstancesaction
allread + write access to the resources web service
org.onap.aai.
traversal*get
resources_readonlyread-only access to the resources web service
org.onap.aai.traversal
*put
_advancedapplications may issue basic and advanced queries in the traversal web service
org.onap.aai.traversal
*post
_basicapplications may issue only basic queries in the traversal web service


delete
Role org.onap.aai.traversal*_advanced
Permission typeinstancesaction
org.onap.aai.traversal*patchadvanced
Role org.onap.aai.resources_all
Permission typeinstancesaction
org.onap.aai.resources*get
org.onap.aai.resources*put
org.onap.aai.resources*post
org.onap.aai.resources*delete
org.onap.aai.resources*patch

...

Role org.onap.aai.traversal_readonlybasic
Permission typeinstancesaction
org.onap.aai.traversal??????*basic

Resources webservice AAF role and permission setup

Code Block
languagebash
themeMidnight
titleAAF role permission setup
role create org.onap.aai.resources_all
perm create org.onap.aai.resources * get org.onap.aai.resources_all
perm create org.onap.aai.resources * put org.onap.aai.resources_all
perm create org.onap.aai.resources * post org.onap.aai.resources_all
perm create org.onap.aai.resources * patch org.onap.aai.resources_all
perm create org.onap.aai.resources * delete org.onap.aai.resources_all
user role add demo@people.osaaf.org org.onap.aai.resources_all #just an example, add role to the correct user
role create org.onap.aai.resources_readonly
perm create org.onap.aai.resources * get org.onap.aai.resources_readonly

Open questions

...


role create org.onap.aai.traversal_basic
perm create org.onap.aai.traversal * basic org.onap.aai.traversal_basic
role create org.onap.aai.traversal_advanced
perm create org.onap.aai.traversal * advanced org.onap.aai.traversal_advanced
user role add demo@people.osaaf.org org.onap.aai.traversal_advanced #just an example, add role to the correct user



Open questions