Using Roles
In Vista, you can think of Roles as an alias of permissions. In the Getting Started guide, we created the reader
role. In that example, we granted the read action to the Document
Resource Type. Note that this does not grant any permissions, as we have not granted it to a user or resource object.
The following shows how a role can be granted to a user, for a particular object:
v.users.grant_role('user_id', 'role_id', 'resource_id', 'resource_type')
# examplev.users.grant_role('richard_hendricks', 'reader', 'doc_123456', 'document')
In our example, Richard is granted the read
action on doc_123456
.
#
All OperatorYou can use VistaClient.ALL
in place where resource_id or resource_type is accepted to indicate all.
#
InheritanceWhen a role is being created, you can specify a parent roles to inherit from. All of the permissions granted on the parent role are also granted to the new child role. In our example, we created the writer
role, which inherited read
on document
- we also granted the write
action on document
as well.
The following shows how a role can be granted to a user, for a particular resource object:
v.users.grant_role('richard_hendricks', 'writer', 'doc_123456', 'document')
In our example, Richard is granted the read
and write
actions on doc_123456
.