NSX-T Data Center REST API
Associated URIs:
| API Description | API Path | 
|---|---|
| List RBAC featuresList all the RBAC features and their properties. | GET /policy/api/v1/aaa/features-with-properties GET /api/v1/aaa/features-with-properties | 
| Get all users and groups with their rolesGet all users and groups with their roles. If the root_path is provided then only return role bindings that start-with or are sub-trees of the provided root path. Also filter the roles_for_paths such that only those roles_for_paths appear that start-with or are sub-tree of the provided root path. | GET /policy/api/v1/aaa/role-bindings GET /api/v1/aaa/role-bindings | 
| Delete all stale role assignments | POST /policy/api/v1/aaa/role-bindings?action=delete_stale_bindings POST /api/v1/aaa/role-bindings?action=delete_stale_bindings | 
| Assign roles to User or GroupThis API is used to assign a user/group any role(s) of choice. It is recommended to use the new property roles_for_paths instead of roles. When using the roles_for_paths, set the read_roles_for_paths as true. User has union of all the roles assigned to it on a particular path and its sub-tree. User name is dealt case-insensitively. | POST /policy/api/v1/aaa/role-bindings POST /api/v1/aaa/role-bindings | 
| Delete user/group's roles assignmentDelete the user/group's role assignment. If the path is provided then deletes only the roles_for_paths that matches the path. If path is provided for the last roles_for_paths then the whole role binding is deleted provided it is not that of a local user. For deleting multiple paths, please provide semi-colon ';' separated paths in the request parameter. | DELETE /policy/api/v1/aaa/role-bindings/{binding-id} DELETE /api/v1/aaa/role-bindings/{binding-id} | 
| Get user/group's role information | GET /policy/api/v1/aaa/role-bindings/{binding-id} GET /api/v1/aaa/role-bindings/{binding-id} | 
| Update User or Group's rolesThis API is used to update a user/group any role(s) of choice. It is recommended to use the new property roles_for_paths instead of roles. When using the roles_for_paths, set the read_roles_for_paths as true. User has union of all the roles assigned to it on a particular path and its sub-tree. User name is dealt case-insensitively. This API will merge the existing roles_for_paths with the newly provided roles_for_paths excluding roles_for_paths those are marked for deletion. | PUT /policy/api/v1/aaa/role-bindings/{binding-id} PUT /api/v1/aaa/role-bindings/{binding-id} | 
| Get information about all roles | GET /policy/api/v1/aaa/roles GET /api/v1/aaa/roles | 
| Validate a new feature permission setValidate the permissions of an incoming role. Also, recommend the permissions which need to be corrected. | POST /policy/api/v1/aaa/roles?action=validate POST /api/v1/aaa/roles?action=validate | 
| Get information about all roles with features and their permissions | GET /policy/api/v1/aaa/roles-with-feature-permissions GET /api/v1/aaa/roles-with-feature-permissions | 
| Delete custom roleIf a role is assigned to a role binding then the deletion of the role is not allowed. Precanned roles cannot be deleted. | DELETE /policy/api/v1/aaa/roles/{role} DELETE /api/v1/aaa/roles/{role} | 
| Get role information | GET /policy/api/v1/aaa/roles/{role} GET /api/v1/aaa/roles/{role} | 
| Clone an already present roleThe role with id <role> is cloned and the new id, name and description are the ones provided in the request body. | POST /policy/api/v1/aaa/roles/{role}?action=clone POST /api/v1/aaa/roles/{role}?action=clone | 
| Update custom roleCreates a new role with id as <role> if there does not exist any role with id <role>, else updates the existing role. Permissions for features marked is_internal as true will be ignored if provided in request payload. These features' permission are set internally. | PUT /policy/api/v1/aaa/roles/{role} PUT /api/v1/aaa/roles/{role} | 
| Set role assignment permission configurationProvides a means to allow or disallow project administrators and VPC administrators to assign roles to other users on projects and VPCs. | PUT /policy/api/v1/aaa/roles/{role}/role-assignment-permission-config PUT /api/v1/aaa/roles/{role}/role-assignment-permission-config | 
| Get all users and groups with their rolesGet all users and groups with their roles from CSP. If the root_path is provided then only return role bindings that start-with or are sub-trees of the provided root path. Also filter the roles_for_paths such that only those roles_for_paths appear that start-with or are sub-tree of the provided root path. | GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/aaa/role-bindings | 
| Assign roles to User or GroupThis API is used to assign a user/group any role(s) of choice on CSP. It is recommended to use the new property roles_for_paths instead of roles. When using the roles_for_paths, set the read_roles_for_paths as true. User has union of all the roles assigned to it on a particular path and its sub-tree. User name is dealt case-insensitively. | PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/aaa/role-bindings | 
| Delete user/group's roles assignmentDelete the user/group's role assignment on CSP. If the path is provided then deletes only the roles_for_paths that matches the path. If path is provided for the last roles_for_paths then the whole role binding is deleted provided it is not that of a local user. | DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/aaa/role-bindings/{binding-id} | 
| Get user/group's role information from CSP | GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/aaa/role-bindings/{binding-id} | 
| Get information about all roles | GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/aaa/roles | 
| Get all users and groups with their rolesGet all users and groups with their roles from CSP. If the root_path is provided then only return role bindings that start-with or are sub-trees of the provided root path. Also filter the roles_for_paths such that only those roles_for_paths appear that start-with or are sub-tree of the provided root path. | GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/vpcs/{vpc-id}/aaa/role-bindings | 
| Assign roles to User or GroupThis API is used to assign a user/group any role(s) of choice on CSP. It is recommended to use the new property roles_for_paths instead of roles. When using the roles_for_paths, set the read_roles_for_paths as true. User has union of all the roles assigned to it on a particular path and its sub-tree. User name is dealt case-insensitively. | PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/vpcs/{vpc-id}/aaa/role-bindings | 
| Delete user/group's roles assignmentDelete the user/group's role assignment on CSP. If the path is provided then deletes only the roles_for_paths that matches the path. If path is provided for the last roles_for_paths then the whole role binding is deleted provided it is not that of a local user. | DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/vpcs/{vpc-id}/aaa/role-bindings/{binding-id} | 
| Get user/group's role information from CSP | GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/vpcs/{vpc-id}/aaa/role-bindings/{binding-id} | 
| Get information about all roles | GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/vpcs/{vpc-id}/aaa/roles | 
