Modifying User Access Rights

You can modify Bridge permissions by editing file roles.xml. This file resides in <your Bridge data directory>/domain.

This file is not checked before usage. Typos can make the whole file unusable and as a result users will be locked out.
We recommend to always keep a backup copy of the default file delivered with the Bridge.

Structure of the File

roles.xml is an XML file and has the following structure:

XML

<?xml version="1.0" encoding="utf-8"?>
<roles version="1.9" xmlns="http://e2e.ch/Console" sequence="2">
    <role roleid="ADMIN" description="Administrators">
        <!-- common -->
        <permission name="common/welcome"                  type="ALL" />
        <permission name="common/logout"                   type="ALL" />
        <permission name="common/domain"                   type="ALL" />
        [...]
    </role>
    <role roleid="MODELER" description="Modelers">
        <!-- common -->
        <permission name="common/welcome"                  type="ALL" />
        <permission name="common/logout"                   type="ALL" />
        <permission name="common/domain"                   type="ALL" />
        [...]    
    </role>
    <role roleid="USER" description="Users">
        <!-- common -->
        <permission name="common/welcome"                  type="ALL" />
        <permission name="common/logout"                   type="ALL" />
        <permission name="common/domain"                   type="ALL" />
        [...]
    </role>
</roles>

Each Bridge role (ADMIN, MODELER and USER) has its own set of permissions assigned.

Permission Rules

You can change the Bridge permissions by editing this file, but you have to respect the rules listed below.

XML Element	Attribute	Values	Description
roles	version		It may be that a Bridge update comes with a new roles.xml having an increased version. In this case, your modified roles.xml will get overwritten and you will have to reapply your changes to the new file. Backup your modified role.xml before updating the Bridge.
role	roleid	ADMIN MODELER USER	The Bridge permissions are based on these three roles. You can change the permission assigned to them, but you cannot define own roles.
permission	name		Roles can be adorned with a predefined set of permissions. These permissions are fix – you cannot create your own set of permissions. You can change the permissions in three ways: Remove a permission from a role. Users with that role will not have the right to perform the related action anymore. Add a permission to a role. See Summary of Default User Access Rights for a list of all possible permissions.You can add any permission from this list to any role. Change the type of a permission. See type below for more information on usage of permission types. Regarding permissions of the Bridge REST API, refer to methods further below.
	type	ALL GROUP OWNER	type defines the service scope of a permission. ALL Users with that role can change all services. GROUP Users with that role can only change services that have been deployed by members of their group. OWNER Users with that role can only change services they are the owner of.
	methods	any HTTP method	You can also restrict access to HTTP methods regarding access to the Bridge API. In this case, attribute name contains the path to the Bridge resource that is affected, e.g. `services/xuml/{name}/settings` name supports the following variables: `{type}` This variable contains the service type: xuml, java or nodejs. You can use definitions like `{type: java\|nodejs}`, if you want to access a subset of types. `{name}` This variable contains the service name.

Related Pages:

Summary of Default User Access Rights