.png?sv=2022-11-02&spr=https&st=2024-10-23T13%3A40%3A48Z&se=2024-10-23T13%3A50%3A48Z&sr=c&sp=r&sig=QUapr9WVo5xo3aBRMlbllhIxydIwHvLq8PeGSkX%2BQMQ%3D){kind=logo}
Roles and Methods
- 20 May 2023
-
DarkLight
-
PDF
Roles and Methods
- Updated on 20 May 2023
-
DarkLight
-
PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
BREAKING CHANGES for 2023.1
The following are breaking changes in Roles and Methods for the 2023.1 release.
Removal of User Management in Admin Essentials
Beginning with the 2023.1 release, the User Management page view and its tabs for users and groups have been deprecated and removed from Admin Essentials. All elements for configuring role assignments and managing authorization groups and users is now administered through the Authorization interface in Admin Essentials.
Deprecation of Pronghorn.admin Role
The Pronghorn.admin role will be removed in the 2023.1 release. Admin privileges associated with this role have now been separated out into the following roles:
- AdapterModels.admin
- Adapters.admin
- AdminEssentials.admin
- Applications.admin
- Authorization.admin
- Health.admin
- IntegrationModels.admin
- Integrations.admin
- Prebuilts.admin
- PrebuiltsRepository.admin
- Profiles.admin
- Schema.admin
- UserManagement.admin
The Authorization.admin and AdminEssentials.admin replacements roles give users the ability to add additional roles to users and groups via the UI.
What should I do?
Users and groups with the Pronghorn.admin role should be automatically migrated to use the updated (replacement) roles. If a user or group assigned to the Pronghorn.admin role does not have any of the replacement roles (permissions) listed above, then those roles should be added to that user or group.
⚠ Important Note:
The Pronghorn.admin requirement for configuring a services blacklist is NOT to be replaced with Authorization.admin. Instead, users with permissions to edit profiles (i.e., the Profiles.admin role) will need to modify the servicesBlacklist property under IAP Profile System Properties.
API Removal Due to Scheduled Deprecations
Below is a list of APIs removed from IAP. Our policy is to provide a deprecation notice two (2) release cycles in advance (at a minimum) before the API is removed. This list represents the latest deprecations announced for the 2023.1 release.
What should I do?
Review any custom apps and adapters that might reference any APIs on the removal list and change them to the replacement call (or remove them if no replacement call is provided).
Scheduled removals are listed in the tables below:
- Compliance Broker
- Fault Broker
- Instance Broker
- Inventory Broker
- Performance Broker
- Persistence Broker
- Pronghorn Core
- Topology Broker
Compliance Broker APIs
Modify calls to the Compliance Broker to use direct adapter calls.
| Method | Description | Deprecation Release | Actual Removal Release | Replacement |
|---|---|---|---|---|
| createReport | Publishes a Golden Config tree as a compliance report. | 2021.2 | 2023.1 | None |
| deleteReport | Deletes a selected Golden Config tree. | 2021.2 | 2023.1 | None |
| getReports | Retrieves compliance reports. | 2021.2 | 2023.1 | None |
| runCompliance | Run Golden Configuration compliance report. | 2021.2 | 2023.1 | None |
Fault Broker APIs
Modify calls to the Fault Broker to use direct adapter calls.
| Method | Description | Deprecation Release | Actual Removal Release | Replacement |
|---|---|---|---|---|
| getAllDevicesStatuses | Gets the statuses of all devices. | 2021.2 | 2023.1 | None |
| getDeviceFaults | Gets all devices that are currently at fault. | 2021.2 | 2023.1 | None |
| findDevice | Broker call to find a device. | 2021.2 | 2023.1 | None |
| updateDeviceStatus | Broker call to update a device status. | 2021.2 | 2023.1 | None |
Instance Broker APIs
Modify calls to the Instance Broker to use direct adapter calls.
| Method | Description | Deprecation Release | Actual Removal Release | Replacement |
|---|---|---|---|---|
| createInstance | Broker call to create an instance. | 2021.2 | 2023.1 | None |
| deleteInstance | Broker call to delete an instance. | 2021.2 | 2023.1 | None |
| describeInstance | Broker call to describe an instance. | 2021.2 | 2023.1 | None |
| describeInstanceStatus | Broker call to describe an instance status. | 2021.2 | 2023.1 | None |
Inventory Broker APIs
Modify calls to the Inventory Broker to use direct adapter calls.
| Method | Description | Deprecation Release | Actual Removal Release | Replacement |
|---|---|---|---|---|
| getDevices | Gets all devices from the inventory. | 2021.2 | 2023.1 | None |
| findDevice | Finds a specific device in the inventory. | 2021.2 | 2023.1 | None |
| updateDeviceStatus | Updates a device status in the inventory. | 2021.2 | 2023.1 | None |
Performance Broker APIs
Modify calls to the Performance Broker to use direct adapter calls.
| Method | Description | Deprecation Release | Actual Removal Release | Replacement |
|---|---|---|---|---|
| createSocket | Creates a socket for communication between Netpulse and IAP. | 2021.2 | 2023.1 | None |
| updateLinkCapacity | Updates the link capacity of the interface in Netpulse. | 2021.2 | 2023.1 | None |
| updateLinkLatency | Broker call to update link latency. | 2021.2 | 2023.1 | None |
Persistence Broker APIs
Modify calls to the Persistence Broker to use direct adapter calls.
| Method | Description | Deprecation Release | Actual Removal Release | Replacement |
|---|---|---|---|---|
| aggregate | Makes an aggregate query on the permanent data store. | 2021.2 | 2023.1 | None |
| count | Gets a count of Methods in the permanent data store. | 2021.2 | 2023.1 | None |
| create | Creates a new document in the permanent data store. | 2021.2 | 2023.1 | None |
| createMany | Creates many new documents in the permanent data store. | 2021.2 | 2023.1 | None |
| deleteById | Removes a unique document fromm the permanent data store. | 2021.2 | 2023.1 | None |
| deleteSearched | Removes a set of documents from the permanent data store via filter. | 2021.2 | 2023.1 | None |
| distinct | Finds distinct keys in the permanent data store. | 2021.2 | 2023.1 | None |
| exists | Finds whether a key exists in the permanent data store. | 2021.2 | 2023.1 | None |
| fetch | Fetches data from the shared cache. | 2021.2 | 2023.1 | None |
| fetchAll | Fetches all grouped data objects from the shared cache. | 2021.2 | 2023.1 | None |
| filterFields | Makes a filterFields query on the permanent data store. | 2021.2 | 2023.1 | None |
| findAndModify | Locates and updates documents, then returns updated document. | 2021.2 | 2023.1 | None |
| purge | Removes a particular object from the cache. | 2021.2 | 2023.1 | None |
| purgeAll | Removes all keys from a group. | 2021.2 | 2023.1 | None |
| query | Makes a query on the permanent data store. | 2021.2 | 2023.1 | None |
| save | Saves a document in the permanent data store. | 2021.2 | 2023.1 | None |
| search | Searches for a new document in the permanent data store. | 2021.2 | 2023.1 | None |
| searchById | Searches for a document in the permanent data store. | 2021.2 | 2023.1 | None |
| stash | Stashes data in the shared cache. | 2021.2 | 2023.1 | None |
| updateSearched | Updates documents based on search criteria. | 2021.2 | 2023.1 | None |
Pronghorn Core APIs
Accounts
| Method | Description | Deprecation Release | Actual Removal Release | Replacement |
|---|---|---|---|---|
| DELETE /accounts/:accountId/groups/:groupId | Removes a group from an account. | 2021.2 | 2023.1 | PATCH /authorization/accounts/:accountId |
| DELETE /accounts/:accountId/roles/:roleId | Removes a role from an account. | 2021.2 | 2023.1 | PATCH /authorization/accounts/:accountId |
| GET /accounts | Get all accounts from IAP. | 2021.2 | 2023.1 | GET /authorization/accounts |
| GET /accounts/:accountId | Get an account in IAP based on the account id. | 2021.2 | 2023.1 | GET /authorization/accounts/:accountId |
| GET /accounts/:accountId/inherited | Get the inherited permissions of an accunt. | 2021.2 | 2023.1 | GET /authorization/accounts/:accountId |
| POST /accounts | Ensures an AAA account is created in IAP. | 2021.2 | 2023.1 | None |
| POST /accounts/search | Search for accounts stored in IAP. | 2021.2 | 2023.1 | GET /authorization/accounts |
| PUT /accounts/:accountId/groups | Set the groups defined for an account. | 2021.2 | 2023.1 | PATCH /authorization/accounts/:accountId |
| PUT /accounts/:accountId/groups/:groupId | Adds a group to an account. | 2021.2 | 2023.1 | PATCH /authorization/accounts/:accountId |
| PUT /accounts/:accountId/roles | Sets the roles defined for an account. | 2021.2 | 2023.1 | PATCH /authorization/accounts/:accountId |
| PUT /accounts/:accountId/roles/:roleId | Adds a role to an account. | 2021.2 | 2023.1 | PATCH /authorization/accounts/:accountId |
| PUT /accounts/:accountId/inactive | Sets the inactive status of an account. | 2021.2 | 2023.1 | PATCH /authorization/accounts/:accountId |
Brokers and Functions
| Method | Description | Deprecation Release | Actual Removal Release | Replacement |
|---|---|---|---|---|
| GET /broker/host/:name | Get adapters for a specific broker. | 2021.2 | 2023.1 | GET /adapters/brokers/mapping |
| GET /config/brokers | Get the config for all brokers. | 2021.2 | 2023.1 | None |
| GET /config/hosts | Get a mapping of brokers and adapters. | 2021.2 | 2023.1 | GET /adapters/brokers/mapping |
| GET /config/roles | Get roles configured in IAP. | 2021.2 | 2023.1 | GET /authorization/roles |
| GET /config/routes | Get groups associated with each route. | 2021.2 | 2023.1 | None |
| GET /methods | Get a list of methods in IAP. | 2021.2 | 2023.1 | GET /authorization/methods |
| GET /methods/registry | Get a list of all method information in IAP. | 2021.2 | 2023.1 | None |
| GET /methods/:serviceBaseUri/:methodName | Get information about a specific method. | 2021.2 | 2023.1 | None |
| GET /schemas/:serviceBaseUri/:schemaName | Get a schema from a service in IAP. | 2021.2 | 2023.1 | None |
| GET /views | Get a list of views in IAP. | 2021.2 | 2023.1 | GET /authorization/views |
| POST /getActiveSessions | Get a list of the active session tokens on the system. | 2021.1 | 2023.1 | None |
Groups
| Method | Description | Deprecation Release | Actual Removal Release | Replacement |
|---|---|---|---|---|
| GET /groups | Get all groups in IAP. | 2021.2 | 2023.1 | GET /authorization/groups |
| POST /groups | Create an IAP group. | 2021.2 | 2023.1 | POST /authorization/groups |
| POST /groups/search | Search for groups in IAP. | 2021.2 | 2023.1 | GET /authorization/groups |
| GET /groups/list | Get a short list of all groups in IAP. | 2021.2 | 2023.1 | GET /authorization/groups/list |
| GET /groups/:groupId | Get an individual group in IAP. | 2021.2 | 2023.1 | GET /authorization/groups/:groupId |
| DELETE /groups/:groupId | Deletes a group in IAP. | 2021.2 | 2023.1 | DELETE /authorization/groups/:groupId |
| GET /groups/:groupId/inherited | Get a group with all inherited groups. | 2021.2 | 2023.1 | GET /authorization/groups/:groupId |
| GET /groups/:groupId/members | Get members of a group in IAP. | 2021.2 | 2023.1 | GET /authorization/accounts |
| GET /groups/:groupId/memberOf | Get the groups of an IAP group. | 2021.2 | 2023.1 | GET /authorization/groups/:groupId |
| PUT /groups/:groupId/memberOf | Set the groups for an IAP group. | 2021.2 | 2023.1 | PATCH /authorization/groups/:groupId |
| PUT /groups/:groupId/memberOf/:objectGroupId | Adds a group to an IAP group. | 2021.2 | 2023.1 | PATCH /authorization/groups/:groupId |
| DELETE /groups/:groupId/memberOf/:objectGroupId | Removes a group from an IAP group. | 2021.2 | 2023.1 | PATCH /authorization/groups/:groupId |
| GET /groups/:groupId/roles | Get the roles for an IAP group. | 2021.2 | 2023.1 | GET /authorization/groups/:groupId |
| PUT /groups/:groupId/roles | Sets the roles for an IAP group. | 2021.2 | 2023.1 | PATCH /authorization/groups/:groupId |
| PUT /groups/:groupId/roles/:roleId | Add a role to an IAP group. | 2021.2 | 2023.1 | PATCH /authorization/groups/:groupId |
| DELETE /groups/:groupId/roles/:roleId | Remove a role from an IAP group. | 2021.2 | 2023.1 | PATCH /authorization/groups/:groupId |
| GET /groups/:groupId/description | Get the description of an IAP group. | 2021.2 | 2023.1 | GET /authorization/groups/:groupId |
| PUT /groups/:groupId/description | Set the description of an IAP group. | 2021.2 | 2023.1 | PATCH /authorization/groups/:groupId |
| PUT /groups/:groupId/inactive | Sets the inactive status of a group. | 2021.2 | 2023.1 | PATCH /authorization/groups/:groupId |
Roles
| Method | Description | Deprecation Release | Actual Removal Release | Replacement |
|---|---|---|---|---|
| GET /roles | Get all roles. | 2021.2 | 2023.1 | GET /authorization/roles |
| GET /roles/:roleId | Get an individual role. | 2021.2 | 2023.1 | GET /authorization/roles/:roleId |
| DELETE /roles/:roleId | Delete a custom role. | 2021.2 | 2023.1 | DELETE /authorization/roles/:roleId |
| DELETE /roles/:roleId/allowedMethods/:methodProvenance/:methodName | Deletes permission for a method to a custom role. | 2021.2 | 2023.1 | PATCH /authorization/roles/:roleId |
| DELETE /roles/:roleId/allowedViews/:viewProvenance/:viewPath | Deletes permission for a view to a custom role. | 2021.2 | 2023.1 | PATCH /authorization/roles/:roleId |
| POST /roles | Create a custom role. | 2021.2 | 2023.1 | POST /authorization/roles |
| POST /roles/search | Search for roles in IAP. | 2021.2 | 2023.1 | GET /authorization/roles |
| PUT /roles/:roleId | Save changes to a custom role. | 2021.2 | 2023.1 | PATCH /authorization/roles/:roleId |
| PUT /roles/:roleId/allowedMethods | Sets the allowed methods to a custom role. | 2021.2 | 2023.1 | PATCH /authorization/roles/:roleId |
| PUT /roles/:roleId/allowedMethods/:methodProvenance/:methodName | Adds permission for a method to a custom role. | 2021.2 | 2023.1 | PATCH /authorization/roles/:roleId |
| PUT /roles/:roleId/allowedViews | Sets the allowed views to a custom role. | 2021.2 | 2023.1 | PATCH /authorization/roles/:roleId |
| PUT /roles/:roleId/allowedViews/:viewProvenance/:viewPath | Adds permission for a view to a custom role. | 2021.2 | 2023.1 | PATCH /authorization/roles/:roleId |
User Management
| Method | Description | Deprecation Release | Actual Removal Release | Replacement |
|---|---|---|---|---|
| DELETE /user-management/accounts/:accountId | Delete an account from Local AAA instance in IAP. | 2021.2 | 2023.1 | None |
| DELETE /user-management/groups/:groupId | Delete a group from Local AAA instance in IAP. | 2021.2 | 2023.1 | None |
| GET /user-management/accounts/:accountId | Get an account from Local AAA instance in IAP. | 2021.2 | 2023.1 | None |
| GET /user-management/accounts | Get all accounts from a Local AAA instance in IAP. | 2021.2 | 2023.1 | None |
| GET /user-management/roles | Get all assignable roles based on permissions in IAP. | 2021.2 | 2023.1 | None |
| GET /user-management/groups/:groupId | Get a group from a Local AAA instance in IAP. | 2021.2 | 2023.1 | None |
| GET /user-management/groups | Get all groups from a Local AAA instance in IAP. | 2021.2 | 2023.1 | None |
| POST /user-management/accounts | Create a new account for Local AAA instance in IAP. | 2021.2 | 2023.1 | None |
| POST /user-management/groups | Create a new group for Local AAA instance in IAP. | 2021.2 | 2023.1 | None |
| PUT /user-management/accounts/:accountId/groups | Set the groups for an account in a Local AAA instance. | 2021.2 | 2023.1 | None |
| PUT /user-management/accounts/:accountId/password | Change the password for an account in the Local AAA instance. | 2021.2 | 2023.1 | None |
| PUT /user-management/groups/:groupId/roles | Set the roles for a group in a Local AAA instance. | 2021.2 | 2023.1 | None |
Topology Broker APIs
Modify calls to the Topology Broker to use direct adapter calls.
| Method | Description | Deprecation Release | Actual Removal Release | Replacement |
|---|---|---|---|---|
| addTopology | Adds a topology to the database. | 2021.2 | 2023.1 | None |
| deleteTopology | Removes a topology from the database. | 2021.2 | 2023.1 | None |
| deleteTopologyBackup | Removes an autosaved topology from the database. | 2021.2 | 2023.1 | None |
| evaluateCircuitUpgrade | Evaluates if a circuit needs an upgrade and performs one if necesary. | 2021.2 | 2023.1 | None |
| getTopology | Gets a specific topology and its associated information. | 2021.2 | 2023.1 | None |
| getTopologyBackup | Gets the autosaved backup topology from the database. | 2021.2 | 2023.1 | None |
| getTopologyList | Gets the list of toplogies. | 2021.2 | 2023.1 | None |
| lockTopology | Locks a topology. | 2021.2 | 2023.1 | None |
| saveTopology | Saves a topology. | 2021.2 | 2023.1 | None |
| saveTopologyBackup | Autsaves a topology backup every five minutes. | 2021.2 | 2023.1 | None |
| unlockTopology | Unlocks a topology. | 2021.2 | 2023.1 | None |
Was this article helpful?
