top of page

Nexfs Management API Documentation

Method Index

CreateRole

Create a Managment or Content (S3) New Role using the Nexfs Management API


Action: CreateRole

Creates a new Role

Permissions

To create a new managment role a requesting session must have the iam/UpdateManagementRoles role enabled.


To create a new user content (s3) role a requesting session must have the nexfs/UpdateContentRoles role enabled.


Request Parameters

A request must be made against the nexfs management console api with the CreateRole action.

The request must be signed with a valid AWS V4 style Signature using an active temporary session security token.


Action

CreateRole


AssumeRolePolicyDocument

A URI encoded json string containing a the new Role configuration


AssumeRolePolicyDocument json Format


{

"Version": string",

"Statement": [

{

"Sid": "string",

"Effect": "string",

"Action": [

"string"

,...

]

}

,...

]

}


For a description of elements, see AssumeRolePolicyDocument elements below


Enabled

0 if the role should be created but remain disabled,

1 if the role should be created and enabled

RoleID (Optional)

The unique roleid (as a integer) to assign to the new role

Defaults to the highest existing roleid+1


RoleName

A unique name (string) to attached to the new role


RoleType

A type of role (string) to be created, either "iam" or "user".

Set "iam" for nexfs managment roles or "user" for content (S3) user roles


Version

A version (as a string) to assigned to the Policy

AssumeRolePolicyDocument elements


Version

A version of the Policy


Statement

A json object with contains the roles policy statement


Sid

A string label the represents the statement


Effect

"Allow" or "Deny"


Action

A json array with contains zero or more management role permissions


Request Body

The request does not have a request body.


Response Syntax


HTTP1/1 200

<?xml version="1.0" encoding="UTF-8"?>

<RequestCompleted>

<Code>String</Code>

<CreateRoleResponse>

<CreateRoleResult>

<Role>

<RoleName> String </RoleName>

<AssumeRolePolicyDocument>

{

"Version": "String",

"Statement": [{

"Sid": "String",

"Effect": "String",

"Action": ["String"]

}]

}

</AssumeRolePolicyDocument>

<CreateDate> String </CreateDate>

<RoleId>integer</RoleId>

</Role>

</CreateRoleResult>

<ResponseMetadata>

<RequestId> integer </RequestId>

</ResponseMetadata>

</CreateRoleResponse>

<Resource>/String </Resource>

</RequestCompleted>

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in XML format by the service:

RequestCompleted

Root Level tag for the successful Revoke Session response


Code

OK


CreateRoleResponse

A section label with contains the create role response details


CreateRoleResult

A section label which contains a copy of the role that has been created, i.e. a copy of the request json


Resource

/nexfsconsoleapi

RequestId

A requestid number that identifies the request made against the management api


Errors

Also See Rest Error Responses


400 BadRequest The request was Malformed

A BadRequest will be returned if AssumeRolePolicyDocument, RoleName or Version is missing from the request


A BadRequest will also be returned if AssumeRolePolicyDocument is incorrectly formatted

401 Unauthorized The request cannot be authenticated

403 Forbidden Session does not have the rights to perform the requested action


409 EntityAlreadyExists A role already exists with the request name

500 InternalServerError An Internal Error was encountered


Example Request

The following example request includes the json statement:

{

"Version": "08/29/2022.0",

"Statement": [

{

"Sid": "Allowed Actions",

"Effect": "Allow",

"Action": [

"*:*",

"iam:ListManagementRoles",

"iam:ListUsers",

"iam:LoginMgmtReadOnly",

"iam:UpdateOwnSecret"

]

},

{

"Sid": "Deny Actions",

"Effect": "Deny",

"Action": [

"iam:DeleteManagementRoles",

"iam:UpdateManagementRoles",

"iam:UpdateOtherUserSecret",

"iam:UpdateUsers",

"nexfs:UpdateConfiguration",

"nexfs:UpdateLicense",

"nfs:GetConfiguration",

"nfs:GetSubSystem",

"nfs:ManageSubSystem",

"nfs:UpdateConfiguration"

]

}

]

}


GET http://dev01kedavpn:9200/nexfsconsoleapi?Action=CreateRole&AssumeRolePolicyDocument={%22Version%22:%2208/29/2022.0%22,%22Statement%22:[{%22Sid%22:%20%22Allowed%20Actions%22,%22Effect%22:%20%22Allow%22,%22Action%22:%20[%22*:*%22,%22iam:ListManagementRoles%22,%22iam:ListUsers%22,%22iam:LoginMgmtReadOnly%22,%22iam:UpdateOwnSecret%22]},{%22Sid%22:%20%22Deny%20Actions%22,%22Effect%22:%20%22Deny%22,%22Action%22:%20[%22iam:DeleteManagementRoles%22,%22iam:UpdateManagementRoles%22,%22iam:UpdateOtherUserSecret%22,%22iam:UpdateUsers%22,%22nexfs:UpdateConfiguration%22,%22nexfs:UpdateLicense%22,%22nfs:GetConfiguration%22,%22nfs:GetSubSystem%22,%22nfs:ManageSubSystem%22,%22nfs:UpdateConfiguration%22]}]}&Enabled=1&RoleId=50001&RoleName=Example%20Role&RoleType=user&Version=08/29/2022.0

content-type: application/x-www-form-urlencoded; charset=utf-8

host: nexfs.example.com

x-amz-date: 20220829T132007Z


Example Response


<?xml version="1.0" encoding="UTF-8"?>

<RequestCompleted>

<Code>Ok</Code>

<CreateRoleResponse>

<CreateRoleResult>

<Role>

<RoleName>Example Role</RoleName>

<AssumeRolePolicyDocument>

{

"Version": "08/29/2022.0",

"Statement": [{

"Sid": "Allowed Actions",

"Effect": "Allow",

"Action": ["*:*", "iam:ListManagementRoles", "iam:ListUsers", "iam:LoginMgmtReadOnly", "iam:UpdateOwnSecret"]

}, {

"Sid": "Deny Actions",

"Effect": "Deny",

"Action": ["iam:DeleteManagementRoles", "iam:UpdateManagementRoles", "iam:UpdateOtherUserSecret", "iam:UpdateUsers", "nexfs:UpdateConfiguration", "nexfs:UpdateLicense", "nfs:GetConfiguration", "nfs:GetSubSystem", "nfs:ManageSubSystem", "nfs:UpdateConfiguration"]

}]

}

</AssumeRolePolicyDocument>

<CreateDate>2022-08-29T13:20:08.000Z</CreateDate>

<RoleId>50001</RoleId>

</Role>

</CreateRoleResult>

<ResponseMetadata>

<RequestId>118</RequestId>

</ResponseMetadata>

</CreateRoleResponse>

<Resource>/nexfsconsoleapi</Resource>

</RequestCompleted>





bottom of page