IAM Service RBAC Events 0.1.0 documentation
In this document, PUB
means "publish" and SUB
means "subscribe". This refers to the "publish/subscribe" (pub/sub) messaging framework, where "publish" means that the service sends data to Kafka topics, and "subscribe" means the service acts as a consumer that subscribes to specific Kafka topics to receive data.
- Specification ID:
http://iam-service
- Protobuf File Spec: rbac.proto
Table of Contents
Operations
PUB role
Operation
Accepts one of the following messages:
Message roleCreated
message is sent when role is created
Payload
Name | Type | Description | Value | Constraints | Notes |
---|---|---|---|---|---|
(root) | object allOf | - | - | - | additional properties are allowed |
payload | object | - | - | - | additional properties are allowed |
payload.role | object | - | - | - | additional properties are allowed |
payload.role.roleId | string | role id | - | - | - |
payload.role.name | string | role name | - | - | - |
payload.role.admin | boolean | a flag indicates whether this role is an admin role | - | - | - |
payload.role.roleIsWildcard | boolean | a flag indicates whether this role is an global role | - | - | - |
0 (allOf item) | object | - | - | - | additional properties are allowed |
id | string | - | - | - | - |
version | integer | - | - | - | - |
name | string | - | - | - | - |
namespace | string | - | - | - | - |
parentNamespace | string | - | - | - | - |
timestamp | string | - | - | format (date-time ) | - |
clientId | string | - | - | - | - |
userId | string | - | - | - | - |
traceId | string | - | - | - | - |
sessionId | string | - | - | - | - |
Examples of payload (generated)
{
"payload": {
"role": {
"roleId": "string",
"name": "string",
"admin": true,
"roleIsWildcard": true
}
},
"id": "string",
"version": 0,
"name": "string",
"namespace": "string",
"parentNamespace": "string",
"timestamp": "2019-08-24T14:15:22Z",
"clientId": "string",
"userId": "string",
"traceId": "string",
"sessionId": "string"
}
Message roleDeleted
message is sent when role is deleted
Payload
Name | Type | Description | Value | Constraints | Notes |
---|---|---|---|---|---|
(root) | object allOf | - | - | - | additional properties are allowed |
payload | object | - | - | - | additional properties are allowed |
payload.role | object | - | - | - | additional properties are allowed |
payload.role.roleId | string | role id | - | - | - |
payload.role.name | string | role name | - | - | - |
payload.role.admin | boolean | a flag indicates whether this role is an admin role | - | - | - |
payload.role.roleIsWildcard | boolean | a flag indicates whether this role is an global role | - | - | - |
0 (allOf item) | object | - | - | - | additional properties are allowed |
id | string | - | - | - | - |
version | integer | - | - | - | - |
name | string | - | - | - | - |
namespace | string | - | - | - | - |
parentNamespace | string | - | - | - | - |
timestamp | string | - | - | format (date-time ) | - |
clientId | string | - | - | - | - |
userId | string | - | - | - | - |
traceId | string | - | - | - | - |
sessionId | string | - | - | - | - |
Examples of payload (generated)
{
"payload": {
"role": {
"roleId": "string",
"name": "string",
"admin": true,
"roleIsWildcard": true
}
},
"id": "string",
"version": 0,
"name": "string",
"namespace": "string",
"parentNamespace": "string",
"timestamp": "2019-08-24T14:15:22Z",
"clientId": "string",
"userId": "string",
"traceId": "string",
"sessionId": "string"
}
Message roleUpdated
message is sent when role is updated
Payload
Name | Type | Description | Value | Constraints | Notes |
---|---|---|---|---|---|
(root) | object allOf | - | - | - | additional properties are allowed |
payload | object | - | - | - | additional properties are allowed |
payload.role | object | - | - | - | additional properties are allowed |
payload.role.roleId | string | role id | - | - | - |
payload.role.name | string | role name | - | - | - |
payload.role.admin | boolean | a flag indicates whether this role is an admin role | - | - | - |
payload.role.roleIsWildcard | boolean | a flag indicates whether this role is an global role | - | - | - |
0 (allOf item) | object | - | - | - | additional properties are allowed |
id | string | - | - | - | - |
version | integer | - | - | - | - |
name | string | - | - | - | - |
namespace | string | - | - | - | - |
parentNamespace | string | - | - | - | - |
timestamp | string | - | - | format (date-time ) | - |
clientId | string | - | - | - | - |
userId | string | - | - | - | - |
traceId | string | - | - | - | - |
sessionId | string | - | - | - | - |
Examples of payload (generated)
{
"payload": {
"role": {
"roleId": "string",
"name": "string",
"admin": true,
"roleIsWildcard": true
}
},
"id": "string",
"version": 0,
"name": "string",
"namespace": "string",
"parentNamespace": "string",
"timestamp": "2019-08-24T14:15:22Z",
"clientId": "string",
"userId": "string",
"traceId": "string",
"sessionId": "string"
}
PUB rolePermissions
Operation
Accepts one of the following messages:
Message rolePermissionCreated
message is sent when adding role permissions
Payload
Name | Type | Description | Value | Constraints | Notes |
---|---|---|---|---|---|
(root) | object allOf | - | - | - | additional properties are allowed |
payload | object | - | - | - | additional properties are allowed |
payload.role | object | - | - | - | additional properties are allowed |
payload.role.roleId | string | role id | - | - | - |
payload.role.name | string | role name | - | - | - |
payload.role.admin | boolean | a flag indicates whether this role is an admin role | - | - | - |
payload.role.roleIsWildcard | boolean | a flag indicates whether this role is an global role | - | - | - |
payload.permissions | array<object> | - | - | - | - |
payload.permissions.resoure | string | resource | - | - | - |
payload.permissions.action | string | action | - | - | - |
payload.permissions.SchedAction | integer | action, between 1 to 15 | - | - | deprecated |
payload.permissions.SchedCron | string | cron string or date range (both are UTC, also in cron syntax) to indicate when a permission and action are in effect | - | - | deprecated |
payload.permissions.SchedRange | array<string> | start and end date when a permission and action are in effect | - | - | deprecated |
payload.permissions.SchedRange (single item) | string | - | - | - | - |
0 (allOf item) | object | - | - | - | additional properties are allowed |
id | string | - | - | - | - |
version | integer | - | - | - | - |
name | string | - | - | - | - |
namespace | string | - | - | - | - |
parentNamespace | string | - | - | - | - |
timestamp | string | - | - | format (date-time ) | - |
clientId | string | - | - | - | - |
userId | string | - | - | - | - |
traceId | string | - | - | - | - |
sessionId | string | - | - | - | - |
Examples of payload (generated)
{
"payload": {
"role": {
"roleId": "string",
"name": "string",
"admin": true,
"roleIsWildcard": true
},
"permissions": [
{
"resoure": "string",
"action": "string",
"SchedAction": 0,
"SchedCron": "string",
"SchedRange": [
"string"
]
}
]
},
"id": "string",
"version": 0,
"name": "string",
"namespace": "string",
"parentNamespace": "string",
"timestamp": "2019-08-24T14:15:22Z",
"clientId": "string",
"userId": "string",
"traceId": "string",
"sessionId": "string"
}
Message rolePermissionDeleted
message is sent when role permission is deleted
Payload
Name | Type | Description | Value | Constraints | Notes |
---|---|---|---|---|---|
(root) | object allOf | - | - | - | additional properties are allowed |
payload | object | - | - | - | additional properties are allowed |
payload.role | object | - | - | - | additional properties are allowed |
payload.role.roleId | string | role id | - | - | - |
payload.role.name | string | role name | - | - | - |
payload.role.admin | boolean | a flag indicates whether this role is an admin role | - | - | - |
payload.role.roleIsWildcard | boolean | a flag indicates whether this role is an global role | - | - | - |
payload.permissions | array<object> | - | - | - | - |
payload.permissions.resoure | string | resource | - | - | - |
payload.permissions.action | string | action | - | - | - |
payload.permissions.SchedAction | integer | action, between 1 to 15 | - | - | deprecated |
payload.permissions.SchedCron | string | cron string or date range (both are UTC, also in cron syntax) to indicate when a permission and action are in effect | - | - | deprecated |
payload.permissions.SchedRange | array<string> | start and end date when a permission and action are in effect | - | - | deprecated |
payload.permissions.SchedRange (single item) | string | - | - | - | - |
0 (allOf item) | object | - | - | - | additional properties are allowed |
id | string | - | - | - | - |
version | integer | - | - | - | - |
name | string | - | - | - | - |
namespace | string | - | - | - | - |
parentNamespace | string | - | - | - | - |
timestamp | string | - | - | format (date-time ) | - |
clientId | string | - | - | - | - |
userId | string | - | - | - | - |
traceId | string | - | - | - | - |
sessionId | string | - | - | - | - |
Examples of payload (generated)
{
"payload": {
"role": {
"roleId": "string",
"name": "string",
"admin": true,
"roleIsWildcard": true
},
"permissions": [
{
"resoure": "string",
"action": "string",
"SchedAction": 0,
"SchedCron": "string",
"SchedRange": [
"string"
]
}
]
},
"id": "string",
"version": 0,
"name": "string",
"namespace": "string",
"parentNamespace": "string",
"timestamp": "2019-08-24T14:15:22Z",
"clientId": "string",
"userId": "string",
"traceId": "string",
"sessionId": "string"
}
Message rolePermissionUpdated
message is sent when role permission is updated
Payload
Name | Type | Description | Value | Constraints | Notes |
---|---|---|---|---|---|
(root) | object allOf | - | - | - | additional properties are allowed |
payload | object | - | - | - | additional properties are allowed |
payload.role | object | - | - | - | additional properties are allowed |
payload.role.roleId | string | role id | - | - | - |
payload.role.name | string | role name | - | - | - |
payload.role.admin | boolean | a flag indicates whether this role is an admin role | - | - | - |
payload.role.roleIsWildcard | boolean | a flag indicates whether this role is an global role | - | - | - |
payload.permissions | array<object> | - | - | - | - |
payload.permissions.resoure | string | resource | - | - | - |
payload.permissions.action | string | action | - | - | - |
payload.permissions.SchedAction | integer | action, between 1 to 15 | - | - | deprecated |
payload.permissions.SchedCron | string | cron string or date range (both are UTC, also in cron syntax) to indicate when a permission and action are in effect | - | - | deprecated |
payload.permissions.SchedRange | array<string> | start and end date when a permission and action are in effect | - | - | deprecated |
payload.permissions.SchedRange (single item) | string | - | - | - | - |
0 (allOf item) | object | - | - | - | additional properties are allowed |
id | string | - | - | - | - |
version | integer | - | - | - | - |
name | string | - | - | - | - |
namespace | string | - | - | - | - |
parentNamespace | string | - | - | - | - |
timestamp | string | - | - | format (date-time ) | - |
clientId | string | - | - | - | - |
userId | string | - | - | - | - |
traceId | string | - | - | - | - |
sessionId | string | - | - | - | - |
Examples of payload (generated)
{
"payload": {
"role": {
"roleId": "string",
"name": "string",
"admin": true,
"roleIsWildcard": true
},
"permissions": [
{
"resoure": "string",
"action": "string",
"SchedAction": 0,
"SchedCron": "string",
"SchedRange": [
"string"
]
}
]
},
"id": "string",
"version": 0,
"name": "string",
"namespace": "string",
"parentNamespace": "string",
"timestamp": "2019-08-24T14:15:22Z",
"clientId": "string",
"userId": "string",
"traceId": "string",
"sessionId": "string"
}
PUB roleManager
Operation
Accepts one of the following messages:
Message roleManagerCreated
deprecated
Payload
Name | Type | Description | Value | Constraints | Notes |
---|---|---|---|---|---|
(root) | object allOf | - | - | - | additional properties are allowed |
payload | object | - | - | - | additional properties are allowed |
payload.role | object | - | - | - | additional properties are allowed |
payload.role.roleId | string | role id | - | - | - |
payload.role.name | string | role name | - | - | - |
payload.role.admin | boolean | a flag indicates whether this role is an admin role | - | - | - |
payload.role.roleIsWildcard | boolean | a flag indicates whether this role is an global role | - | - | - |
payload.roleManager | array<object> | - | - | - | - |
payload.roleManager.userId | string | - | - | - | - |
payload.roleManager.namespace | string | - | - | - | - |
payload.roleManager.displayName | string | - | - | - | - |
0 (allOf item) | object | - | - | - | additional properties are allowed |
id | string | - | - | - | - |
version | integer | - | - | - | - |
name | string | - | - | - | - |
namespace | string | - | - | - | - |
parentNamespace | string | - | - | - | - |
timestamp | string | - | - | format (date-time ) | - |
clientId | string | - | - | - | - |
userId | string | - | - | - | - |
traceId | string | - | - | - | - |
sessionId | string | - | - | - | - |
Examples of payload (generated)
{
"payload": {
"role": {
"roleId": "string",
"name": "string",
"admin": true,
"roleIsWildcard": true
},
"roleManager": [
{
"userId": "string",
"namespace": "string",
"displayName": "string"
}
]
},
"id": "string",
"version": 0,
"name": "string",
"namespace": "string",
"parentNamespace": "string",
"timestamp": "2019-08-24T14:15:22Z",
"clientId": "string",
"userId": "string",
"traceId": "string",
"sessionId": "string"
}
Message roleManagerDeleted
deprecated
Payload
Name | Type | Description | Value | Constraints | Notes |
---|---|---|---|---|---|
(root) | object allOf | - | - | - | additional properties are allowed |
payload | object | - | - | - | additional properties are allowed |
payload.role | object | - | - | - | additional properties are allowed |
payload.role.roleId | string | role id | - | - | - |
payload.role.name | string | role name | - | - | - |
payload.role.admin | boolean | a flag indicates whether this role is an admin role | - | - | - |
payload.role.roleIsWildcard | boolean | a flag indicates whether this role is an global role | - | - | - |
payload.roleManager | array<object> | - | - | - | - |
payload.roleManager.userId | string | - | - | - | - |
payload.roleManager.namespace | string | - | - | - | - |
payload.roleManager.displayName | string | - | - | - | - |
0 (allOf item) | object | - | - | - | additional properties are allowed |
id | string | - | - | - | - |
version | integer | - | - | - | - |
name | string | - | - | - | - |
namespace | string | - | - | - | - |
parentNamespace | string | - | - | - | - |
timestamp | string | - | - | format (date-time ) | - |
clientId | string | - | - | - | - |
userId | string | - | - | - | - |
traceId | string | - | - | - | - |
sessionId | string | - | - | - | - |
Examples of payload (generated)
{
"payload": {
"role": {
"roleId": "string",
"name": "string",
"admin": true,
"roleIsWildcard": true
},
"roleManager": [
{
"userId": "string",
"namespace": "string",
"displayName": "string"
}
]
},
"id": "string",
"version": 0,
"name": "string",
"namespace": "string",
"parentNamespace": "string",
"timestamp": "2019-08-24T14:15:22Z",
"clientId": "string",
"userId": "string",
"traceId": "string",
"sessionId": "string"
}
PUB roleMember
Operation
Accepts one of the following messages:
Message roleMemberCreated
message is sent when role is assigned to user
Payload
Name | Type | Description | Value | Constraints | Notes |
---|---|---|---|---|---|
(root) | object allOf | - | - | - | additional properties are allowed |
payload | object | - | - | - | additional properties are allowed |
payload.role | object | - | - | - | additional properties are allowed |
payload.role.roleId | string | role id | - | - | - |
payload.role.name | string | role name | - | - | - |
payload.role.admin | boolean | a flag indicates whether this role is an admin role | - | - | - |
payload.role.roleIsWildcard | boolean | a flag indicates whether this role is an global role | - | - | - |
payload.roleMember | array<object> | - | - | - | - |
payload.roleMember.userId | string | user id | - | - | - |
payload.roleMember.namespace | string | namespace | - | - | - |
payload.roleMember.displayName | string | display name | - | - | - |
0 (allOf item) | object | - | - | - | additional properties are allowed |
id | string | - | - | - | - |
version | integer | - | - | - | - |
name | string | - | - | - | - |
namespace | string | - | - | - | - |
parentNamespace | string | - | - | - | - |
timestamp | string | - | - | format (date-time ) | - |
clientId | string | - | - | - | - |
userId | string | - | - | - | - |
traceId | string | - | - | - | - |
sessionId | string | - | - | - | - |
Examples of payload (generated)
{
"payload": {
"role": {
"roleId": "string",
"name": "string",
"admin": true,
"roleIsWildcard": true
},
"roleMember": [
{
"userId": "string",
"namespace": "string",
"displayName": "string"
}
]
},
"id": "string",
"version": 0,
"name": "string",
"namespace": "string",
"parentNamespace": "string",
"timestamp": "2019-08-24T14:15:22Z",
"clientId": "string",
"userId": "string",
"traceId": "string",
"sessionId": "string"
}
Message roleMemberDeleted
message is sent when user's role is removed
Payload
Name | Type | Description | Value | Constraints | Notes |
---|---|---|---|---|---|
(root) | object allOf | - | - | - | additional properties are allowed |
payload | object | - | - | - | additional properties are allowed |
payload.role | object | - | - | - | additional properties are allowed |
payload.role.roleId | string | role id | - | - | - |
payload.role.name | string | role name | - | - | - |
payload.role.admin | boolean | a flag indicates whether this role is an admin role | - | - | - |
payload.role.roleIsWildcard | boolean | a flag indicates whether this role is an global role | - | - | - |
payload.roleMember | array<object> | - | - | - | - |
payload.roleMember.userId | string | user id | - | - | - |
payload.roleMember.namespace | string | namespace | - | - | - |
payload.roleMember.displayName | string | display name | - | - | - |
0 (allOf item) | object | - | - | - | additional properties are allowed |
id | string | - | - | - | - |
version | integer | - | - | - | - |
name | string | - | - | - | - |
namespace | string | - | - | - | - |
parentNamespace | string | - | - | - | - |
timestamp | string | - | - | format (date-time ) | - |
clientId | string | - | - | - | - |
userId | string | - | - | - | - |
traceId | string | - | - | - | - |
sessionId | string | - | - | - | - |
Examples of payload (generated)
{
"payload": {
"role": {
"roleId": "string",
"name": "string",
"admin": true,
"roleIsWildcard": true
},
"roleMember": [
{
"userId": "string",
"namespace": "string",
"displayName": "string"
}
]
},
"id": "string",
"version": 0,
"name": "string",
"namespace": "string",
"parentNamespace": "string",
"timestamp": "2019-08-24T14:15:22Z",
"clientId": "string",
"userId": "string",
"traceId": "string",
"sessionId": "string"
}