Forum Discussion
wuench_99164
Altocumulus
AltocumulusiWorkflow 2.0 - Allowed REST URI Mask in User Roles
What are the rules to enter the "Allowed REST URI Mask" under User Roles in iWorkflow? Can we put asterisks anywhere? Does it allow reg-ex?
It looks like even the example URI in the dialog do...
When I've tested this out I also see the red square, but I'm still able to save the URI Mask. Here's an example for limiting access to only allow to add/remove pool members. Replace UUID / Partition / Pool name with your own value.
GET /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/sys GET /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool GET /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool/~Docker~www_pool GET, POST /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool/~Docker~www_pool/members/ GET, DELETE /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool/~Docker~www_pool/members/*Another example with asterisks (will replace the entire path segment, does not appear to allow you to do partial paths)
GET /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/sys GET /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool GET /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool/* GET, POST /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool/*/members/ GET, DELETE /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool/*/members/*
When I've tested this out I also see the red square, but I'm still able to save the URI Mask. Here's an example for limiting access to only allow to add/remove pool members. Replace UUID / Partition / Pool name with your own value.
GET /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/sys
GET /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool
GET /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool/~Docker~www_pool
GET, POST /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool/~Docker~www_pool/members/
GET, DELETE /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool/~Docker~www_pool/members/*
Another example with asterisks (will replace the entire path segment, does not appear to allow you to do partial paths)
GET /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/sys
GET /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool
GET /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool/*
GET, POST /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool/*/members/
GET, DELETE /mgmt/shared/resolver/device-groups/cm-cloud-managed-devices/devices/[UUID]/rest-proxy/mgmt/tm/ltm/pool/*/members/*
wuench_99164Altocumulus
AltocumulusThanks Eric. I need to up/down pool members right now so those more specific calls will work for my use case.