top of page

Nexfs Management API Documentation

Method Index

SaveRole

Update an existing Role using the Nexfs Management API

Action: SaveRole

Updates a existing Role

Permissions

To create a new role a requesting session must have the iam/UpdateManagementRoles role enabled.


To create a new role a requesting session must have the nexfs/UpdateContentRoles role enabled.


Request Parameters

A request must be made against the nexfs management console api with the UpdateRole action.


The request must be signed with a valid AWS V4 style Signature using an active temporary session security token.


Action

SaveRole


AssumeRolePolicyDocument

A URI encoded json string containing a the updated Role configuration


AssumeRolePolicyDocument json Format


{

"Version": string",

"Statement": [

{

"Sid": "string",

"Effect": "string",

"Action": [

"string"

,...

]

},

...

]

}


For a description of elements, see AssumeRolePolicyDocument elements below


Enabled (Optional)

0 if the role should be created but remain disabled,

1 if the role should be created and enabled


RoleID

The roleid (as a integer) of the role being updated


RoleName

The name of the Role being updated or A new unique name (string) to attached the role


RoleType

A type of role (string) to be created, either "iam" or "user".

Set "iam" for nexfs managment roles or "user" for content (S3) user roles


Version

A version (as a string) to assigned to the Policy


AssumeRolePolicyDocument elements

Version

The Policy Version


Statement

A json object with contains the roles policy statement


Sid

A string label the represents the statement


Effect

"Allow" or "Deny"


Action

A json array with contains zero or more management role permissions


Request Body

The request does not have a request body.

Response Syntax

HTTP1/1 200

<?xml version="1.0" encoding="UTF-8"?>

<RequestCompleted>

<Code>String</Code>

<SaveRoleResponse>

<SaveRoleResult>

<Role>

<RoleName> String </RoleName>

<AssumeRolePolicyDocument>

{

"Version": "String",

"Statement": [{

"Sid": "String",

"Effect": "String",

"Action": ["String"]

}]

}

</AssumeRolePolicyDocument>

<CreateDate>String</CreateDate>

<RoleId>integer</RoleId>

</Role>

</SaveRoleResult>

<ResponseMetadata>

<RequestId>integer</RequestId>

</ResponseMetadata>

</SaveRoleResponse>

<Resource>/String</Resource>

</RequestCompleted>


Response Elements


If the action is successful, the service sends back an HTTP 200 response.


The following data is returned in XML format by the service.


RequestCompleted

Root Level tag for the successful response


Code

OK


SaveRoleResponse

A section label with contains the save role response details


SaveRoleResult

A section label which contains a copy of the role that has been updated


Resource

/nexfsconsoleapi

RequestId

A requestid number that identifies the request made against the management api


Errors

Also See Rest Error Responses

400 BadRequest The request was Malformed

A BadRequest will be returned if AssumeRolePolicyDocument, RoleID or Version is missing from the request

A BadRequest will also be returned if AssumeRolePolicyDocument is incorrectly formatted


401 Unauthorized The request cannot be authenticated


403 Forbidden Session does not have the rights to perform the requested action

409 NoSuchEntity No role exists with the request roleid


409 EntityAlreadyExists A role already exists with the request name


500 InternalServerError An Internal Error was encountered


Example Request


The following example request includes the json statement:


{

"Version": "08/29/2022.1",

"Statement": [

{

"Sid": "Allowed Actions Updated",

"Effect": "Allow",

"Action": [

"*:*"

]

},

{

"Sid": "Deny Actions Updated",

"Effect": "Deny",

"Action": [

"iam:DeleteManagementRoles",

"iam:UpdateManagementRoles",

"iam:UpdateOtherUserSecret",

"iam:UpdateUsers",

"nexfs:UpdateConfiguration",

"nexfs:UpdateLicense",

"nfs:GetConfiguration",

"nfs:GetSubSystem",

"nfs:ManageSubSystem",

"nfs:UpdateConfiguration",

"iam:GetUser",

"iam:ListManagementRoles",

"iam:ListUsers"

]

}

]

}


GET http://nexfs.example.com:9200/nexfsconsoleapi?Action=SaveRole&AssumeRolePolicyDocument={%22Version%22:%2208/29/2022.1%22,%22Statement%22:[{%22Sid%22:%20%22Allowed%20Actions%20Updated%22,%22Effect%22:%20%22Allow%22,%22Action%22:%20[%22*:*%22]},{%22Sid%22:%20%22Deny%20Actions%20Updated%22,%22Effect%22:%20%22Deny%22,%22Action%22:%20[%22iam:DeleteManagementRoles%22,%22iam:UpdateManagementRoles%22,%22iam:UpdateOtherUserSecret%22,%22iam:UpdateUsers%22,%22nexfs:UpdateConfiguration%22,%22nexfs:UpdateLicense%22,%22nfs:GetConfiguration%22,%22nfs:GetSubSystem%22,%22nfs:ManageSubSystem%22,%22nfs:UpdateConfiguration%22,%22iam:GetUser%22,%22iam:ListManagementRoles%22,%22iam:ListUsers%22]}]}&Enabled=0&RoleId=50001&RoleName=Example%20Role%20Update&Version=08/29/2022.1

content-type: application/x-www-form-urlencoded; charset=utf-8

host: nexfs.example.com

x-amz-date: 20220829T135813Z


Example Response


<?xml version="1.0" encoding="UTF-8"?>

<RequestCompleted>

<Code>Ok</Code>

<CreateRoleResponse>

<CreateRoleResult>

<Role>

<RoleName>Example Role</RoleName>

<AssumeRolePolicyDocument>

{

"Version": "08/29/2022.0",

"Statement": [{

"Sid": "Allowed Actions",

"Effect": "Allow",

"Action": ["*:*", "iam:ListManagementRoles", "iam:ListUsers", "iam:LoginMgmtReadOnly", "iam:UpdateOwnSecret"]

}, {

"Sid": "Deny Actions",

"Effect": "Deny",

"Action": ["iam:DeleteManagementRoles", "iam:UpdateManagementRoles", "iam:UpdateOtherUserSecret", "iam:UpdateUsers", "nexfs:UpdateConfiguration", "nexfs:UpdateLicense", "nfs:GetConfiguration", "nfs:GetSubSystem", "nfs:ManageSubSystem", "nfs:UpdateConfiguration"]

}]

}

</AssumeRolePolicyDocument>

<CreateDate>2022-08-29T13:20:08.000Z</CreateDate>

<RoleId>50001</RoleId>

</Role>

</CreateRoleResult>

<ResponseMetadata>

<RequestId>118</RequestId>

</ResponseMetadata>

</CreateRoleResponse>

<Resource>/nexfsconsoleapi</Resource>

</RequestCompleted>



bottom of page