Skip to main content

IAM Service RBAC Events 0.1.0 documentation

info

In this document, PUB means "publish" and SUB means "subscribe". This refers to the "publish/subscribe" (pub/sub) messaging framework, where "publish" means that the service sends data to Kafka topics, and "subscribe" means the service acts as a consumer that subscribes to specific Kafka topics to receive data.

  • Specification ID: http://iam-service
  • Protobuf File Spec: rbac.proto

Table of Contents

Operations

PUB role Operation

Accepts one of the following messages:

Message roleCreated

message is sent when role is created

Payload
NameTypeDescriptionValueConstraintsNotes
(root)object allOf---additional properties are allowed
payloadobject---additional properties are allowed
payload.roleobject---additional properties are allowed
payload.role.roleIdstringrole id---
payload.role.namestringrole name---
payload.role.adminbooleana flag indicates whether this role is an admin role---
payload.role.roleIsWildcardbooleana flag indicates whether this role is an global role---
0 (allOf item)object---additional properties are allowed
idstring----
versioninteger----
namestring----
namespacestring----
parentNamespacestring----
timestampstring--format (date-time)-
clientIdstring----
userIdstring----
traceIdstring----
sessionIdstring----

Examples of payload (generated)

{
"payload": {
"role": {
"roleId": "string",
"name": "string",
"admin": true,
"roleIsWildcard": true
}
},
"id": "string",
"version": 0,
"name": "string",
"namespace": "string",
"parentNamespace": "string",
"timestamp": "2019-08-24T14:15:22Z",
"clientId": "string",
"userId": "string",
"traceId": "string",
"sessionId": "string"
}

Message roleDeleted

message is sent when role is deleted

Payload
NameTypeDescriptionValueConstraintsNotes
(root)object allOf---additional properties are allowed
payloadobject---additional properties are allowed
payload.roleobject---additional properties are allowed
payload.role.roleIdstringrole id---
payload.role.namestringrole name---
payload.role.adminbooleana flag indicates whether this role is an admin role---
payload.role.roleIsWildcardbooleana flag indicates whether this role is an global role---
0 (allOf item)object---additional properties are allowed
idstring----
versioninteger----
namestring----
namespacestring----
parentNamespacestring----
timestampstring--format (date-time)-
clientIdstring----
userIdstring----
traceIdstring----
sessionIdstring----

Examples of payload (generated)

{
"payload": {
"role": {
"roleId": "string",
"name": "string",
"admin": true,
"roleIsWildcard": true
}
},
"id": "string",
"version": 0,
"name": "string",
"namespace": "string",
"parentNamespace": "string",
"timestamp": "2019-08-24T14:15:22Z",
"clientId": "string",
"userId": "string",
"traceId": "string",
"sessionId": "string"
}

Message roleUpdated

message is sent when role is updated

Payload
NameTypeDescriptionValueConstraintsNotes
(root)object allOf---additional properties are allowed
payloadobject---additional properties are allowed
payload.roleobject---additional properties are allowed
payload.role.roleIdstringrole id---
payload.role.namestringrole name---
payload.role.adminbooleana flag indicates whether this role is an admin role---
payload.role.roleIsWildcardbooleana flag indicates whether this role is an global role---
0 (allOf item)object---additional properties are allowed
idstring----
versioninteger----
namestring----
namespacestring----
parentNamespacestring----
timestampstring--format (date-time)-
clientIdstring----
userIdstring----
traceIdstring----
sessionIdstring----

Examples of payload (generated)

{
"payload": {
"role": {
"roleId": "string",
"name": "string",
"admin": true,
"roleIsWildcard": true
}
},
"id": "string",
"version": 0,
"name": "string",
"namespace": "string",
"parentNamespace": "string",
"timestamp": "2019-08-24T14:15:22Z",
"clientId": "string",
"userId": "string",
"traceId": "string",
"sessionId": "string"
}

PUB rolePermissions Operation

Accepts one of the following messages:

Message rolePermissionCreated

message is sent when adding role permissions

Payload
NameTypeDescriptionValueConstraintsNotes
(root)object allOf---additional properties are allowed
payloadobject---additional properties are allowed
payload.roleobject---additional properties are allowed
payload.role.roleIdstringrole id---
payload.role.namestringrole name---
payload.role.adminbooleana flag indicates whether this role is an admin role---
payload.role.roleIsWildcardbooleana flag indicates whether this role is an global role---
payload.permissionsarray<object>----
payload.permissions.resourestringresource---
payload.permissions.actionstringaction---
payload.permissions.SchedActionintegeraction, between 1 to 15--deprecated
payload.permissions.SchedCronstringcron string or date range (both are UTC, also in cron syntax) to indicate when a permission and action are in effect--deprecated
payload.permissions.SchedRangearray<string>start and end date when a permission and action are in effect--deprecated
payload.permissions.SchedRange (single item)string----
0 (allOf item)object---additional properties are allowed
idstring----
versioninteger----
namestring----
namespacestring----
parentNamespacestring----
timestampstring--format (date-time)-
clientIdstring----
userIdstring----
traceIdstring----
sessionIdstring----

Examples of payload (generated)

{
"payload": {
"role": {
"roleId": "string",
"name": "string",
"admin": true,
"roleIsWildcard": true
},
"permissions": [
{
"resoure": "string",
"action": "string",
"SchedAction": 0,
"SchedCron": "string",
"SchedRange": [
"string"
]
}
]
},
"id": "string",
"version": 0,
"name": "string",
"namespace": "string",
"parentNamespace": "string",
"timestamp": "2019-08-24T14:15:22Z",
"clientId": "string",
"userId": "string",
"traceId": "string",
"sessionId": "string"
}

Message rolePermissionDeleted

message is sent when role permission is deleted

Payload
NameTypeDescriptionValueConstraintsNotes
(root)object allOf---additional properties are allowed
payloadobject---additional properties are allowed
payload.roleobject---additional properties are allowed
payload.role.roleIdstringrole id---
payload.role.namestringrole name---
payload.role.adminbooleana flag indicates whether this role is an admin role---
payload.role.roleIsWildcardbooleana flag indicates whether this role is an global role---
payload.permissionsarray<object>----
payload.permissions.resourestringresource---
payload.permissions.actionstringaction---
payload.permissions.SchedActionintegeraction, between 1 to 15--deprecated
payload.permissions.SchedCronstringcron string or date range (both are UTC, also in cron syntax) to indicate when a permission and action are in effect--deprecated
payload.permissions.SchedRangearray<string>start and end date when a permission and action are in effect--deprecated
payload.permissions.SchedRange (single item)string----
0 (allOf item)object---additional properties are allowed
idstring----
versioninteger----
namestring----
namespacestring----
parentNamespacestring----
timestampstring--format (date-time)-
clientIdstring----
userIdstring----
traceIdstring----
sessionIdstring----

Examples of payload (generated)

{
"payload": {
"role": {
"roleId": "string",
"name": "string",
"admin": true,
"roleIsWildcard": true
},
"permissions": [
{
"resoure": "string",
"action": "string",
"SchedAction": 0,
"SchedCron": "string",
"SchedRange": [
"string"
]
}
]
},
"id": "string",
"version": 0,
"name": "string",
"namespace": "string",
"parentNamespace": "string",
"timestamp": "2019-08-24T14:15:22Z",
"clientId": "string",
"userId": "string",
"traceId": "string",
"sessionId": "string"
}

Message rolePermissionUpdated

message is sent when role permission is updated

Payload
NameTypeDescriptionValueConstraintsNotes
(root)object allOf---additional properties are allowed
payloadobject---additional properties are allowed
payload.roleobject---additional properties are allowed
payload.role.roleIdstringrole id---
payload.role.namestringrole name---
payload.role.adminbooleana flag indicates whether this role is an admin role---
payload.role.roleIsWildcardbooleana flag indicates whether this role is an global role---
payload.permissionsarray<object>----
payload.permissions.resourestringresource---
payload.permissions.actionstringaction---
payload.permissions.SchedActionintegeraction, between 1 to 15--deprecated
payload.permissions.SchedCronstringcron string or date range (both are UTC, also in cron syntax) to indicate when a permission and action are in effect--deprecated
payload.permissions.SchedRangearray<string>start and end date when a permission and action are in effect--deprecated
payload.permissions.SchedRange (single item)string----
0 (allOf item)object---additional properties are allowed
idstring----
versioninteger----
namestring----
namespacestring----
parentNamespacestring----
timestampstring--format (date-time)-
clientIdstring----
userIdstring----
traceIdstring----
sessionIdstring----

Examples of payload (generated)

{
"payload": {
"role": {
"roleId": "string",
"name": "string",
"admin": true,
"roleIsWildcard": true
},
"permissions": [
{
"resoure": "string",
"action": "string",
"SchedAction": 0,
"SchedCron": "string",
"SchedRange": [
"string"
]
}
]
},
"id": "string",
"version": 0,
"name": "string",
"namespace": "string",
"parentNamespace": "string",
"timestamp": "2019-08-24T14:15:22Z",
"clientId": "string",
"userId": "string",
"traceId": "string",
"sessionId": "string"
}

PUB roleManager Operation

Accepts one of the following messages:

Message roleManagerCreated

deprecated

Payload
NameTypeDescriptionValueConstraintsNotes
(root)object allOf---additional properties are allowed
payloadobject---additional properties are allowed
payload.roleobject---additional properties are allowed
payload.role.roleIdstringrole id---
payload.role.namestringrole name---
payload.role.adminbooleana flag indicates whether this role is an admin role---
payload.role.roleIsWildcardbooleana flag indicates whether this role is an global role---
payload.roleManagerarray<object>----
payload.roleManager.userIdstring----
payload.roleManager.namespacestring----
payload.roleManager.displayNamestring----
0 (allOf item)object---additional properties are allowed
idstring----
versioninteger----
namestring----
namespacestring----
parentNamespacestring----
timestampstring--format (date-time)-
clientIdstring----
userIdstring----
traceIdstring----
sessionIdstring----

Examples of payload (generated)

{
"payload": {
"role": {
"roleId": "string",
"name": "string",
"admin": true,
"roleIsWildcard": true
},
"roleManager": [
{
"userId": "string",
"namespace": "string",
"displayName": "string"
}
]
},
"id": "string",
"version": 0,
"name": "string",
"namespace": "string",
"parentNamespace": "string",
"timestamp": "2019-08-24T14:15:22Z",
"clientId": "string",
"userId": "string",
"traceId": "string",
"sessionId": "string"
}

Message roleManagerDeleted

deprecated

Payload
NameTypeDescriptionValueConstraintsNotes
(root)object allOf---additional properties are allowed
payloadobject---additional properties are allowed
payload.roleobject---additional properties are allowed
payload.role.roleIdstringrole id---
payload.role.namestringrole name---
payload.role.adminbooleana flag indicates whether this role is an admin role---
payload.role.roleIsWildcardbooleana flag indicates whether this role is an global role---
payload.roleManagerarray<object>----
payload.roleManager.userIdstring----
payload.roleManager.namespacestring----
payload.roleManager.displayNamestring----
0 (allOf item)object---additional properties are allowed
idstring----
versioninteger----
namestring----
namespacestring----
parentNamespacestring----
timestampstring--format (date-time)-
clientIdstring----
userIdstring----
traceIdstring----
sessionIdstring----

Examples of payload (generated)

{
"payload": {
"role": {
"roleId": "string",
"name": "string",
"admin": true,
"roleIsWildcard": true
},
"roleManager": [
{
"userId": "string",
"namespace": "string",
"displayName": "string"
}
]
},
"id": "string",
"version": 0,
"name": "string",
"namespace": "string",
"parentNamespace": "string",
"timestamp": "2019-08-24T14:15:22Z",
"clientId": "string",
"userId": "string",
"traceId": "string",
"sessionId": "string"
}

PUB roleMember Operation

Accepts one of the following messages:

Message roleMemberCreated

message is sent when role is assigned to user

Payload
NameTypeDescriptionValueConstraintsNotes
(root)object allOf---additional properties are allowed
payloadobject---additional properties are allowed
payload.roleobject---additional properties are allowed
payload.role.roleIdstringrole id---
payload.role.namestringrole name---
payload.role.adminbooleana flag indicates whether this role is an admin role---
payload.role.roleIsWildcardbooleana flag indicates whether this role is an global role---
payload.roleMemberarray<object>----
payload.roleMember.userIdstringuser id---
payload.roleMember.namespacestringnamespace---
payload.roleMember.displayNamestringdisplay name---
0 (allOf item)object---additional properties are allowed
idstring----
versioninteger----
namestring----
namespacestring----
parentNamespacestring----
timestampstring--format (date-time)-
clientIdstring----
userIdstring----
traceIdstring----
sessionIdstring----

Examples of payload (generated)

{
"payload": {
"role": {
"roleId": "string",
"name": "string",
"admin": true,
"roleIsWildcard": true
},
"roleMember": [
{
"userId": "string",
"namespace": "string",
"displayName": "string"
}
]
},
"id": "string",
"version": 0,
"name": "string",
"namespace": "string",
"parentNamespace": "string",
"timestamp": "2019-08-24T14:15:22Z",
"clientId": "string",
"userId": "string",
"traceId": "string",
"sessionId": "string"
}

Message roleMemberDeleted

message is sent when user's role is removed

Payload
NameTypeDescriptionValueConstraintsNotes
(root)object allOf---additional properties are allowed
payloadobject---additional properties are allowed
payload.roleobject---additional properties are allowed
payload.role.roleIdstringrole id---
payload.role.namestringrole name---
payload.role.adminbooleana flag indicates whether this role is an admin role---
payload.role.roleIsWildcardbooleana flag indicates whether this role is an global role---
payload.roleMemberarray<object>----
payload.roleMember.userIdstringuser id---
payload.roleMember.namespacestringnamespace---
payload.roleMember.displayNamestringdisplay name---
0 (allOf item)object---additional properties are allowed
idstring----
versioninteger----
namestring----
namespacestring----
parentNamespacestring----
timestampstring--format (date-time)-
clientIdstring----
userIdstring----
traceIdstring----
sessionIdstring----

Examples of payload (generated)

{
"payload": {
"role": {
"roleId": "string",
"name": "string",
"admin": true,
"roleIsWildcard": true
},
"roleMember": [
{
"userId": "string",
"namespace": "string",
"displayName": "string"
}
]
},
"id": "string",
"version": 0,
"name": "string",
"namespace": "string",
"parentNamespace": "string",
"timestamp": "2019-08-24T14:15:22Z",
"clientId": "string",
"userId": "string",
"traceId": "string",
"sessionId": "string"
}