Roles is the collection of permissions, it defines what a user can and cannot access in the resources. In a more specific context, when a user is registered in an admin client application for the first time, the particular user will only have a role as a user. Thus, the user will only be able to access the resources that are related to the particular user, for example; update a personal account information. Then, you can also add another role to the particular user, for example as an admin role, a role that has privileges to manage other users. In doing so, you need to be a role assigner or a role manager, a special role that has the ability to add a role to a user as well as remove a role. The user that has been given a new role as an admin role, will be a role member of the admin role.
You can also change each of the permissions inside a role according to your needs, this way you can easily manage which permissions will be added or removed to or from a role. There are also permissions that specifically appointed to a user instead of a role, this way a user will have a user permission and a role. As for a reference, each of the permissions are bound to the related endpoints and in the AccelByte IAM these endpoints are distinguished as follows:
- Public Endpoints. The public endpoints can be accessed without any authorization or authentication process. In the context of AccelByte IAM, the public endpoints are used for example in the user registration process.
- Protected Endpoints. The protected endpoints can only be accessed with a token. In the context of AccelByte IAM, the private endpoints are used for example when you are updating an account information in which to update the information, you will need a special permission to access the resources.
The roles management service includes:
- Adding a User Permission
- Saving a User Permissions
- Deleting a User Permission
- Creating a Role
- Assigning Roles
- Managing Roles
- Getting Role Members
- Setting a Role as an Admin Role
- Adding a Role Manager
- Getting a Role Manager
- Deleting Roles
Here, you need to be authorized in order to access this service feature.
For more information, please read AccelByte IAM API References.