Skip to main content

Using Roles

In Vista, you can think of Roles as an alias of permissions. In the Getting Started guide, we created the reader role. In that example, we granted the read action to the Document Resource Type. Note that this does not grant any permissions, as we have not granted it to a user or resource object.

The following shows how a role can be granted to a user, for a particular object:

v.users.grant_role('user_id', 'role_id', 'resource_id', 'resource_type')
# examplev.users.grant_role('richard_hendricks', 'reader', 'doc_123456', 'document')

In our example, Richard is granted the read action on doc_123456.

All Operator#

You can use VistaClient.ALL in place where resource_id or resource_type is accepted to indicate all.

Inheritance#

When a role is being created, you can specify a parent roles to inherit from. All of the permissions granted on the parent role are also granted to the new child role. In our example, we created the writer role, which inherited read on document - we also granted the write action on document as well.

The following shows how a role can be granted to a user, for a particular resource object:

v.users.grant_role('richard_hendricks', 'writer', 'doc_123456', 'document')

In our example, Richard is granted the read and write actions on doc_123456.