API Permissions – Allowed Roles

Overview

Each API identifies the permissions and roles required to execute that API call. Permissions for each API are governed by Role Based Access Control (RBAC) as explained in Understand Roles and user level as explained in Understand User Levels

Current User Permissions

Users can find their permission level by executing the GET /suite-idm/api/v1/currentUser/userInfo API listed in the IDM Service API Calls > User Controller section.

Suite Level Permissions

Based on the current user's permissions the Suite Admin APIs display enumerations for the Allowed Role(s) described in the following table.

Allowed Role(s) EnumerationDescription

SUITE_ADMIN

The initial administrator described in Initial Administrator Setup. This user can perform the following tasks:

SUITE_TENANT_ADMINThe tenant administrator set up as part of the root tenant configuration described in Manage Tenants. This user can perform the following tasks:
  • Manage sub-tenants
  • Create, update, and delete sub-tenant users (including createTenantWithAdmin atomic operation)
  • Tenant resource management including Email Settings, Branding Information, and so forth
SUITE_USERAny user added to the CloudCenter Suite. A newly-added user can only view the Suite Admin Dashboard, if not assigned to a group.

SUITE_USER_ADMIN

SUITE_ADMIN can promote any SUITE_USER to the Suite Administrator group as described in Create and Assign Groups. This user can perform the following tasks:

  • Manage users and groups
  • Create, update, delete users and groups
  • Assign roles to users and groups
  • Manage passwords for users
SUITE_OUTOFBOX_USERSUITE_ADMIN can promote any SUITE_USER to be a SUITE_OUTOFBOX_USER, which basically implies that this user has been added to one or more OOB Suite Admin Groups.
SUITE_RESET_PASSWORD

Users with SUITE_ADMIN permissions and/or SUITE_TENANT_ADMIN for this tenant as described in Create and Manage Users > User Actions. This user can perform the following tasks:

  • Edit any user's profile by changing the first/middle/last name and email
  • Configure metadata details
  • Configure groups
  • Reset password
  • Disable a user

Workload Manager Roles

See OOB Groups, Roles, and Permissions for details.

Action Orchestrator Roles

See Action Orchestrator Roles for details.

Cost Optimizer Roles

See Access and Roles for details.


  • No labels
© 2017-2019 Cisco Systems, Inc. All rights reserved