Nexfs Management API Documentation
Method Index
SaveRole
Update an existing Role using the Nexfs Management API
Action: SaveRole
Updates a existing Role
Permissions
To create a new role a requesting session must have the iam/UpdateManagementRoles role enabled.
To create a new role a requesting session must have the nexfs/UpdateContentRoles role enabled.
Request Parameters
A request must be made against the nexfs management console api with the UpdateRole action.
The request must be signed with a valid AWS V4 style Signature using an active temporary session security token.
Action
SaveRole
AssumeRolePolicyDocument
A URI encoded json string containing a the updated Role configuration
AssumeRolePolicyDocument json Format
{
"Version": string",
"Statement": [
{
"Sid": "string",
"Effect": "string",
"Action": [
"string"
,...
]
},
...
]
}
For a description of elements, see AssumeRolePolicyDocument elements below
Enabled (Optional)
0 if the role should be created but remain disabled,
1 if the role should be created and enabled
RoleID
The roleid (as a integer) of the role being updated
RoleName
The name of the Role being updated or A new unique name (string) to attached the role
RoleType
A type of role (string) to be created, either "iam" or "user".
Set "iam" for nexfs managment roles or "user" for content (S3) user roles
Version
A version (as a string) to assigned to the Policy
AssumeRolePolicyDocument elements
Version
The Policy Version
Statement
A json object with contains the roles policy statement
Sid
A string label the represents the statement
Effect
"Allow" or "Deny"
Action
A json array with contains zero or more management role permissions
Request Body
The request does not have a request body.
Response Syntax
HTTP1/1 200
<?xml version="1.0" encoding="UTF-8"?>
<RequestCompleted>
<Code>String</Code>
<SaveRoleResponse>
<SaveRoleResult>
<Role>
<RoleName> String </RoleName>
<AssumeRolePolicyDocument>
{
"Version": "String",
"Statement": [{
"Sid": "String",
"Effect": "String",
"Action": ["String"]
}]
}
</AssumeRolePolicyDocument>
<CreateDate>String</CreateDate>
<RoleId>integer</RoleId>
</Role>
</SaveRoleResult>
<ResponseMetadata>
<RequestId>integer</RequestId>
</ResponseMetadata>
</SaveRoleResponse>
<Resource>/String</Resource>
</RequestCompleted>
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in XML format by the service.
RequestCompleted
Root Level tag for the successful response
Code
OK
SaveRoleResponse
A section label with contains the save role response details
SaveRoleResult
A section label which contains a copy of the role that has been updated
Resource
/nexfsconsoleapi
RequestId
A requestid number that identifies the request made against the management api
Errors
Also See Rest Error Responses
400 BadRequest The request was Malformed
A BadRequest will be returned if AssumeRolePolicyDocument, RoleID or Version is missing from the request
A BadRequest will also be returned if AssumeRolePolicyDocument is incorrectly formatted
401 Unauthorized The request cannot be authenticated
403 Forbidden Session does not have the rights to perform the requested action
409 NoSuchEntity No role exists with the request roleid
409 EntityAlreadyExists A role already exists with the request name
500 InternalServerError An Internal Error was encountered
Example Request
The following example request includes the json statement:
{
"Version": "08/29/2022.1",
"Statement": [
{
"Sid": "Allowed Actions Updated",
"Effect": "Allow",
"Action": [
"*:*"
]
},
{
"Sid": "Deny Actions Updated",
"Effect": "Deny",
"Action": [
"iam:DeleteManagementRoles",
"iam:UpdateManagementRoles",
"iam:UpdateOtherUserSecret",
"iam:UpdateUsers",
"nexfs:UpdateConfiguration",
"nexfs:UpdateLicense",
"nfs:GetConfiguration",
"nfs:GetSubSystem",
"nfs:ManageSubSystem",
"nfs:UpdateConfiguration",
"iam:GetUser",
"iam:ListManagementRoles",
"iam:ListUsers"
]
}
]
}
GET http://nexfs.example.com:9200/nexfsconsoleapi?Action=SaveRole&AssumeRolePolicyDocument={%22Version%22:%2208/29/2022.1%22,%22Statement%22:[{%22Sid%22:%20%22Allowed%20Actions%20Updated%22,%22Effect%22:%20%22Allow%22,%22Action%22:%20[%22*:*%22]},{%22Sid%22:%20%22Deny%20Actions%20Updated%22,%22Effect%22:%20%22Deny%22,%22Action%22:%20[%22iam:DeleteManagementRoles%22,%22iam:UpdateManagementRoles%22,%22iam:UpdateOtherUserSecret%22,%22iam:UpdateUsers%22,%22nexfs:UpdateConfiguration%22,%22nexfs:UpdateLicense%22,%22nfs:GetConfiguration%22,%22nfs:GetSubSystem%22,%22nfs:ManageSubSystem%22,%22nfs:UpdateConfiguration%22,%22iam:GetUser%22,%22iam:ListManagementRoles%22,%22iam:ListUsers%22]}]}&Enabled=0&RoleId=50001&RoleName=Example%20Role%20Update&Version=08/29/2022.1
content-type: application/x-www-form-urlencoded; charset=utf-8
host: nexfs.example.com
x-amz-date: 20220829T135813Z
Example Response
<?xml version="1.0" encoding="UTF-8"?>
<RequestCompleted>
<Code>Ok</Code>
<CreateRoleResponse>
<CreateRoleResult>
<Role>
<RoleName>Example Role</RoleName>
<AssumeRolePolicyDocument>
{
"Version": "08/29/2022.0",
"Statement": [{
"Sid": "Allowed Actions",
"Effect": "Allow",
"Action": ["*:*", "iam:ListManagementRoles", "iam:ListUsers", "iam:LoginMgmtReadOnly", "iam:UpdateOwnSecret"]
}, {
"Sid": "Deny Actions",
"Effect": "Deny",
"Action": ["iam:DeleteManagementRoles", "iam:UpdateManagementRoles", "iam:UpdateOtherUserSecret", "iam:UpdateUsers", "nexfs:UpdateConfiguration", "nexfs:UpdateLicense", "nfs:GetConfiguration", "nfs:GetSubSystem", "nfs:ManageSubSystem", "nfs:UpdateConfiguration"]
}]
}
</AssumeRolePolicyDocument>
<CreateDate>2022-08-29T13:20:08.000Z</CreateDate>
<RoleId>50001</RoleId>
</Role>
</CreateRoleResult>
<ResponseMetadata>
<RequestId>118</RequestId>
</ResponseMetadata>
</CreateRoleResponse>
<Resource>/nexfsconsoleapi</Resource>
</RequestCompleted>