Define role resources

For the available roles, resources can be defined in one of the following locations:

  • magement/authentications/role.{ROLE}.json
  • magement-dev/authentications/role.{ROLE}.json
  • magement-prod/authentications/role.{ROLE}.json

Where {ROLE} is one of the available roles. The location and file name have no additional effects beyond creating a sensible file structure.

To define the resources of a role, create the file as described above, with the following contents:

{
"$schema": "https://authentication.schema.magement.com/register.role.json",
"role": "ROLE_USER",
"resources": [
{
"resource": "Task",
"operation": "*",
"description": "Allow all operations on Tasks"
}
]
}

Resources consist of the following properties:

Property Required Description
resource Yes Pattern to match against API resources found in schema.json
operation Yes Pattern to match against operationId as found in schema.json
description Yes Description of the rule, explaining the resources that are made available.
parameters No Constraints to match parameters provided in the API action.

Both resource and operation may contain glob patterns.

Parameter constraints

Parameters are optional and they can hold criteria as described in the where constraint schema.

Where constraints are a subset of the Loopback Where filter.

The following is an example of a rule to allow users to specifically fake entities for the magento-2-product entity type:

{
"$schema": "https://authentication.schema.magement.com/register.role.json",
"role": "ROLE_USER",
"resources": [
{
"resource": "Entities",
"operation": "getFakeEntities",
"description": "Generate entities for Magento 2 products",
"parameters": {
"type": {
"inq": ["magento-2-product"]
}
}
}
]
}