You can modify Bridge permissions by editing file roles.xml. This file resides in <your Bridge data directory>/domain.

This file is not checked before usage. Typos can make the whole file unusable and as a result users will be locked out.
We recommend to always keep a backup copy of the default file delivered with the Bridge.

Structure of the File

roles.xml is an XML file and has the following structure:

<?xml version="1.0" encoding="utf-8"?>
<roles version="1.9" xmlns="http://e2e.ch/Console" sequence="2">
    <role roleid="ADMIN" description="Administrators">
        <!-- common -->
        <permission name="common/welcome"                  type="ALL" />
        <permission name="common/logout"                   type="ALL" />
        <permission name="common/domain"                   type="ALL" />
        [...]
    </role>
    <role roleid="MODELER" description="Modelers">
        <!-- common -->
        <permission name="common/welcome"                  type="ALL" />
        <permission name="common/logout"                   type="ALL" />
        <permission name="common/domain"                   type="ALL" />
        [...]    
    </role>
    <role roleid="USER" description="Users">
        <!-- common -->
        <permission name="common/welcome"                  type="ALL" />
        <permission name="common/logout"                   type="ALL" />
        <permission name="common/domain"                   type="ALL" />
        [...]
    </role>
</roles>

Each Bridge role (ADMIN, MODELER and USER) has its own set of permissions assigned.

Permission Rules

You can change the Bridge permissions by editing this file, but you have to respect the rules listed below.

XML ElementAttributeValuesDescription
rolesversion

It may be that a Bridge update comes with a new roles.xml having an increased version. In this case, your modified roles.xml will get overwritten and you will have to reapply your changes to the new file.

Backup your modified role.xml before updating the E2E Bridge.

roleroleidADMIN
MODELER
USER		The E2E Bridge permissions are based on these three roles. You can change the permission assigned to them, but you cannot define own roles.
permissionname

Roles can be adorned with a predefined set of permissions. These permissions are fix – you cannot create your own set of permissions. You can change the permissions in three ways:

  • Remove a permission from a role.
    Users with that role will not have the right to perform the related action anymore.
  • Add a permission to a role.
    See Summary of Default User Access Rights for a list of all possible permissions.You can add any permission from this list to any role.
  • Change the type of a permission.
    See type below for more information on usage of permission types.
Regarding permissions of the E2E Bridge REST API, refer to methods further below.
typeALL
GROUP
OWNER

type defines the service scope of a permission.

  • ALL
    Users with that role can change all services.
  • GROUP
    Users with that role can only change services that have been deployed by members of their group.
  • OWNER
    Users with that role can only change services they are the owner of.
methodsany HTTP method

You can also restrict access to HTTP methods regarding access to the Bridge API. In this case, attribute name contains the path to the Bridge resource that is affected, e.g. services/xuml/{name}/settings

name supports the following variables:

  • {type}
    This variable contains the service type: xuml, java or nodejs. You can use definitions like {type: java|nodejs}, if you want to access a subset of types.
  • {name}
    This variable contains the service name.
On this Page:
Related Pages:
  • No labels